[LiSA-Users] [RE] Linux Multilayer Switch support netfilter ?
jwpark
jwpark at imflight.com
Wed Aug 9 04:43:23 EEST 2006
Hi.
Thanks for your reply.
1. My test environment..
<host A> ---- (eth0) <linux box(LiSA is installed)> (eth1) --- <Gateway> --
external
Kernel : 2.6.16.19
LiSA : lisa-2006.04.04-2
2. And my VLAN configuration
[root at flight ~]# cat /proc/net/switch/vif
vlan1
[root at flight ~]# cat /proc/net/switch/ifaces
Port Trunk Enabled VLAN
---- ----- ------- ----
eth1 0 1 1
eth0 0 1 1
[root at flight ~]# cat /proc/net/switch/vlan
VLAN Name Status Ports
---- -------------------------------- --------- ----------------------------
---
1 default active eth1 eth0
1002 fddi-default active
1003 trcrf-default active
1004 fddinet-default active
1005 trbrf-default active
[root at flight ~]# ifconfig vlan1
vlan1 Link encap:Ethernet HWaddr 00:6C:6D:73:00:01
inet addr:xxx.xxx.xxx.xxx Bcast:xxx.xxx.xxx.xxx
Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1460 Metric:1
RX packets:213666 errors:0 dropped:0 overruns:0 frame:0
TX packets:92644 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
3. netfilter rule
[root at flight ~]# iptables -L -nv
Chain INPUT (policy ACCEPT 1528K packets, 188M bytes)
pkts bytes target prot opt in out source
destination
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source
destination
0 0 DROP icmp -- * * 0.0.0.0/0
0.0.0.0/0
Chain OUTPUT (policy ACCEPT 427K packets, 67M bytes)
pkts bytes target prot opt in out source
destination
When I executed ping to external host in <host A>, I received the reply.
But I inserted policy to drop the icmp.
And the packets/bytes count(FORWARD chain and the drop rule) did not
increased.
Regards,
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lisa.ines.ro/pipermail/lisa-users/attachments/20060809/8f1c257a/attachment.html
More information about the LiSA-Users
mailing list