Re: [CentOS] openvpn + bridge utils in CentOS 6

2011-11-08 Thread 唐建伟
hmmm, it should be the exact problem i got, thank you very much.

On Tue, Nov 8, 2011 at 10:30 PM, Минтаиров Михаил wrote:

> This situation with pings is really strange...But in  my case the solution
> was much easier . CentOS 6 was installed on VmWare virtual machine and the
> problem was in it network device configuration. The most hardly thing was
> to guess to that. After this I quickly found a solution:
>
> http://www.jeremycole.com/blog/2010/03/11/openvpn-bridge-under-vmware-esxi/
>
> So, to my experience, the CentOS(or RedHat) work correctly, and may be you
> should try to look for errors in somewhere else (as in my case it was
> VmWare configuration).
>
> > Hello,
> >
> > I did not have read this issue before, but I have seen this problem
> > also. Whenever I restart the bridge (with tap0 interfaces also) I have
> > to make a first ping to the physical interface related to the tap0
> > module. I also ping another machine on the same physical network. After
> > that, I am able to reach the bridged one.
> >
> > Extrange behaviour but this works for me in this way now.
> >
> > I look forward RedHat fixed this bug soon.
> >
> > El 07/11/11 06:39, 唐建伟 escribió:
> >
> >>  thank you very much for your follow up. wish to get good news from you
> soon.
> >>
> >>  On Sat, Nov 5, 2011 at 12:26 AM, Минтаиров Михаил >wrote:
> >>>  28.09.2011, 04:58, "唐建伟":
> >>>  Hello, I didn't find what to answer to you mounth ago. But now I also
> have
> >>>  an installation of centos 6 (at past I used centos 5.7) , and I have
> the
> >>>  same problems as you. First of all, did you find any solutions?
> >>>
> >>>  I only found that the problem is in br0 device. I can't guess why but
> it
> >>>  not recive ARP REPLY packets.
> >>>
> >>>  tcpdump on all devices (tap0, eth1, br0) give me the same:
> >>>
> >>>  20:12:22.012270 ARP, Request who-has 192.168.11.3 tell 192.168.11.33,
> >>>  length 28
> >>>  20:12:23.027897 ARP, Request who-has 192.168.11.3 tell 192.168.11.33,
> >>>  length 28
> >>>  20:12:24.027951 ARP, Request who-has 192.168.11.3 tell 192.168.11.33,
> >>>  length 28
> >>>  //192.158.11.33 is remoute PC ip-address, and 192.168.11.3 is one of
> my
> >>>  local hosts//
> >>>
> >>>  and no APR REPLY.
> >>>
> >>>  Intresting that on other hand I have the same configs files on Centos
> 5.7.
> >>>  and everything work perfectly.
>   no, i removed the commands you mentioned, but it still doesn't work.
> 
>   Best Regards
>   Tang Jianwei
> 
>   On Tue, Sep 27, 2011 at 6:01 PM, Минтаиров Михаил<
> mikxal...@yandex.ru
>   wrote:
> >I can't remember a reason, but at one moment I stop to use
>  "openvpn
> >--mktun --dev [dev name]" command. May be it's becouse openvpn
> create
> >>>  tap0
> >by it self. So try to comment this lines:
> >
> > for t in $tap; do
> >openvpn --mktun --dev $t
> > done
> >
> >then restart a network, after then start openvpn and after it
> start
> >>>  bridge
> >script
> >>openvpn configure file
> >>
> >>*port 1194
> >>proto udp
> >>dev tap0
> >>ca ca.crt
> >>cert VPN_Server.crt
> >>key VPN_Server.key  # This file should be kept secret
> >>dh dh1024.pem
> >>server-bridge 192.168.119.1 255.255.255.0 192.168.119.221
> >>>  192.168.119.225
> >>keepalive 10 120
> >>comp-lzo
> >>user nobody
> >>group nobody
> >>persist-key
> >>persist-tun
> >>status openvpn-status.log
> >>log-append  /var/log/openvpn.log
> >>verb 3
> >>mute 20
> >>*
> >>
> >>the script for bring up the bridge
> >>*# Define Bridge Interface
> >>br="br0"
> >>
> >># Define list of TAP interfaces to be bridged,
> >># for example tap="tap0 tap1 tap2".
> >>tap="tap0"
> >>
> >># Define physical ethernet interface to be bridged
> >># with TAP interface(s) above.
> >>eth="eth1"
> >>eth_ip="192.168.119.1"
> >>eth_netmask="255.255.255.0"
> >>eth_broadcast="192.168.119.255"
> >>
> >>for t in $tap; do
> >>openvpn --mktun --dev $t
> >>done
> >>
> >>brctl addbr $br
> >>brctl addif $br $eth
> >>
> >>for t in $tap; do
> >>brctl addif $br $t
> >>done
> >>
> >>for t in $tap; do
> >>ifconfig $t 0.0.0.0 promisc up
> >>done
> >>
> >>ifconfig $eth 0.0.0.0 promisc up
> >>
> >>ifconfig $br $eth_ip netmask $eth_netmask broadcast
> $eth_broadcast*
> >>
> >>On Tue, Sep 27, 2011 at 5:20 PM, Минтаиров Михаил<
> >>>  mikxal...@yandex.ru
> >>  wrote:
> >>> Hm... It's very hard to guess without config files. Can you
> post
> >>>  your
> >>> server and client openvpn configs... and also can your show  a
> br0
> >creation
> >>

Re: [CentOS] openvpn + bridge utils in CentOS 6

2011-11-08 Thread Минтаиров Михаил
This situation with pings is really strange...But in  my case the solution was 
much easier . CentOS 6 was installed on VmWare virtual machine and the problem 
was in it network device configuration. The most hardly thing was to guess to 
that. After this I quickly found a solution:

http://www.jeremycole.com/blog/2010/03/11/openvpn-bridge-under-vmware-esxi/

So, to my experience, the CentOS(or RedHat) work correctly, and may be you 
should try to look for errors in somewhere else (as in my case it was VmWare 
configuration).

> Hello,
>
> I did not have read this issue before, but I have seen this problem
> also. Whenever I restart the bridge (with tap0 interfaces also) I have
> to make a first ping to the physical interface related to the tap0
> module. I also ping another machine on the same physical network. After
> that, I am able to reach the bridged one.
>
> Extrange behaviour but this works for me in this way now.
>
> I look forward RedHat fixed this bug soon.
>
> El 07/11/11 06:39, 唐建伟 escribió:
>
>>  thank you very much for your follow up. wish to get good news from you soon.
>>
>>  On Sat, Nov 5, 2011 at 12:26 AM, Минтаиров Михаилwrote:
>>>  28.09.2011, 04:58, "唐建伟":
>>>  Hello, I didn't find what to answer to you mounth ago. But now I also have
>>>  an installation of centos 6 (at past I used centos 5.7) , and I have the
>>>  same problems as you. First of all, did you find any solutions?
>>>
>>>  I only found that the problem is in br0 device. I can't guess why but it
>>>  not recive ARP REPLY packets.
>>>
>>>  tcpdump on all devices (tap0, eth1, br0) give me the same:
>>>
>>>  20:12:22.012270 ARP, Request who-has 192.168.11.3 tell 192.168.11.33,
>>>  length 28
>>>  20:12:23.027897 ARP, Request who-has 192.168.11.3 tell 192.168.11.33,
>>>  length 28
>>>  20:12:24.027951 ARP, Request who-has 192.168.11.3 tell 192.168.11.33,
>>>  length 28
>>>  //192.158.11.33 is remoute PC ip-address, and 192.168.11.3 is one of my
>>>  local hosts//
>>>
>>>  and no APR REPLY.
>>>
>>>  Intresting that on other hand I have the same configs files on Centos 5.7.
>>>  and everything work perfectly.
  no, i removed the commands you mentioned, but it still doesn't work.

  Best Regards
  Tang Jianwei

  On Tue, Sep 27, 2011 at 6:01 PM, Минтаиров Михаил>>>  wrote:
>    I can't remember a reason, but at one moment I stop to use  "openvpn
>    --mktun --dev [dev name]" command. May be it's becouse openvpn create
>>>  tap0
>    by it self. So try to comment this lines:
>
> for t in $tap; do
>    openvpn --mktun --dev $t
> done
>
>    then restart a network, after then start openvpn and after it start
>>>  bridge
>    script
>>    openvpn configure file
>>
>>    *port 1194
>>    proto udp
>>    dev tap0
>>    ca ca.crt
>>    cert VPN_Server.crt
>>    key VPN_Server.key  # This file should be kept secret
>>    dh dh1024.pem
>>    server-bridge 192.168.119.1 255.255.255.0 192.168.119.221
>>>  192.168.119.225
>>    keepalive 10 120
>>    comp-lzo
>>    user nobody
>>    group nobody
>>    persist-key
>>    persist-tun
>>    status openvpn-status.log
>>    log-append  /var/log/openvpn.log
>>    verb 3
>>    mute 20
>>    *
>>
>>    the script for bring up the bridge
>>    *# Define Bridge Interface
>>    br="br0"
>>
>>    # Define list of TAP interfaces to be bridged,
>>    # for example tap="tap0 tap1 tap2".
>>    tap="tap0"
>>
>>    # Define physical ethernet interface to be bridged
>>    # with TAP interface(s) above.
>>    eth="eth1"
>>    eth_ip="192.168.119.1"
>>    eth_netmask="255.255.255.0"
>>    eth_broadcast="192.168.119.255"
>>
>>    for t in $tap; do
>>    openvpn --mktun --dev $t
>>    done
>>
>>    brctl addbr $br
>>    brctl addif $br $eth
>>
>>    for t in $tap; do
>>    brctl addif $br $t
>>    done
>>
>>    for t in $tap; do
>>    ifconfig $t 0.0.0.0 promisc up
>>    done
>>
>>    ifconfig $eth 0.0.0.0 promisc up
>>
>>    ifconfig $br $eth_ip netmask $eth_netmask broadcast $eth_broadcast*
>>
>>    On Tue, Sep 27, 2011 at 5:20 PM, Минтаиров Михаил<
>>>  mikxal...@yandex.ru
>>  wrote:
>>> Hm... It's very hard to guess without config files. Can you post
>>>  your
>>> server and client openvpn configs... and also can your show  a br0
>    creation
>>> commands?
>>>
>>> 27.09.2011, 12:01, "唐建伟":
 Hi

 no, i don't think so. anyway, i can and only can the vpn server
>>>  from
>    the
 remote hosts.

 Best Regards
 Tang Jianwei

 On Tue, Sep 27, 2011 at 3:59 PM, Минтаиров Михаил<
>    mikxal...@yandex.ru
    wrote:
>  So, something stop pac

Re: [CentOS] openvpn + bridge utils in CentOS 6

2011-11-07 Thread Lorenzo Martínez Rodríguez

Hello,

I did not have read this issue before, but I have seen this problem 
also. Whenever I restart the bridge (with tap0 interfaces also) I have 
to make a first ping to the physical interface related to the tap0 
module. I also ping another machine on the same physical network. After 
that, I am able to reach the bridged one.

Extrange behaviour but this works for me in this way now.

I look forward RedHat fixed this bug soon.


El 07/11/11 06:39, 唐建伟 escribió:
> thank you very much for your follow up. wish to get good news from you soon.
>
> On Sat, Nov 5, 2011 at 12:26 AM, Минтаиров Михаилwrote:
>
>>
>> 28.09.2011, 04:58, "唐建伟":
>> Hello, I didn't find what to answer to you mounth ago. But now I also have
>> an installation of centos 6 (at past I used centos 5.7) , and I have the
>> same problems as you. First of all, did you find any solutions?
>>
>> I only found that the problem is in br0 device. I can't guess why but it
>> not recive ARP REPLY packets.
>>
>> tcpdump on all devices (tap0, eth1, br0) give me the same:
>>
>> 20:12:22.012270 ARP, Request who-has 192.168.11.3 tell 192.168.11.33,
>> length 28
>> 20:12:23.027897 ARP, Request who-has 192.168.11.3 tell 192.168.11.33,
>> length 28
>> 20:12:24.027951 ARP, Request who-has 192.168.11.3 tell 192.168.11.33,
>> length 28
>> //192.158.11.33 is remoute PC ip-address, and 192.168.11.3 is one of my
>> local hosts//
>>
>> and no APR REPLY.
>>
>> Intresting that on other hand I have the same configs files on Centos 5.7.
>> and everything work perfectly.
>>
>>
>>> no, i removed the commands you mentioned, but it still doesn't work.
>>>
>>> Best Regards
>>> Tang Jianwei
>>>
>>> On Tue, Sep 27, 2011 at 6:01 PM, Минтаиров Михаил>> wrote:
>>>
   I can't remember a reason, but at one moment I stop to use  "openvpn
   --mktun --dev [dev name]" command. May be it's becouse openvpn create
>> tap0
   by it self. So try to comment this lines:

for t in $tap; do
   openvpn --mktun --dev $t
done

   then restart a network, after then start openvpn and after it start
>> bridge
   script
>   openvpn configure file
>
>   *port 1194
>   proto udp
>   dev tap0
>   ca ca.crt
>   cert VPN_Server.crt
>   key VPN_Server.key  # This file should be kept secret
>   dh dh1024.pem
>   server-bridge 192.168.119.1 255.255.255.0 192.168.119.221
>> 192.168.119.225
>   keepalive 10 120
>   comp-lzo
>   user nobody
>   group nobody
>   persist-key
>   persist-tun
>   status openvpn-status.log
>   log-append  /var/log/openvpn.log
>   verb 3
>   mute 20
>   *
>
>   the script for bring up the bridge
>   *# Define Bridge Interface
>   br="br0"
>
>   # Define list of TAP interfaces to be bridged,
>   # for example tap="tap0 tap1 tap2".
>   tap="tap0"
>
>   # Define physical ethernet interface to be bridged
>   # with TAP interface(s) above.
>   eth="eth1"
>   eth_ip="192.168.119.1"
>   eth_netmask="255.255.255.0"
>   eth_broadcast="192.168.119.255"
>
>   for t in $tap; do
>   openvpn --mktun --dev $t
>   done
>
>   brctl addbr $br
>   brctl addif $br $eth
>
>   for t in $tap; do
>   brctl addif $br $t
>   done
>
>   for t in $tap; do
>   ifconfig $t 0.0.0.0 promisc up
>   done
>
>   ifconfig $eth 0.0.0.0 promisc up
>
>   ifconfig $br $eth_ip netmask $eth_netmask broadcast $eth_broadcast*
>
>   On Tue, Sep 27, 2011 at 5:20 PM, Минтаиров Михаил<
>> mikxal...@yandex.ru
> wrote:
>>Hm... It's very hard to guess without config files. Can you post
>> your
>>server and client openvpn configs... and also can your show  a br0
   creation
>>commands?
>>
>>27.09.2011, 12:01, "唐建伟":
>>>Hi
>>>
>>>no, i don't think so. anyway, i can and only can the vpn server
>> from
   the
>>>remote hosts.
>>>
>>>Best Regards
>>>Tang Jianwei
>>>
>>>On Tue, Sep 27, 2011 at 3:59 PM, Минтаиров Михаил<
   mikxal...@yandex.ru
>>>   wrote:
 So, something stop packets from remote hosts. May be firewall on
   remote
 PC...? and can you run tcpdump on same remote host, to check that
   it's
>>tap0
 device.

 27.09.2011, 11:06, "唐建伟":
> Hi
>
> the routing table in the remote hosts are OK. "tcpdump -n -i
   [device
 name]"
> cannot capture any packages from remote. no mater br0 nor tap0.
>
> Best Regards
> Tang Jianwei
>
> On Tue, Sep 27, 2011 at 2:44 PM, Минтаиров Михаил<
>>mikxal...@yandex.ru
>wrote:
>>  27.09.2011, 09:52, "唐建伟":
>>>  Hi all,
>>>
>>>  I just intalled openvpn + bridg

Re: [CentOS] openvpn + bridge utils in CentOS 6

2011-11-06 Thread 唐建伟
thank you very much for your follow up. wish to get good news from you soon.

On Sat, Nov 5, 2011 at 12:26 AM, Минтаиров Михаил wrote:

>
>
> 28.09.2011, 04:58, "唐建伟" :
> Hello, I didn't find what to answer to you mounth ago. But now I also have
> an installation of centos 6 (at past I used centos 5.7) , and I have the
> same problems as you. First of all, did you find any solutions?
>
> I only found that the problem is in br0 device. I can't guess why but it
> not recive ARP REPLY packets.
>
> tcpdump on all devices (tap0, eth1, br0) give me the same:
>
> 20:12:22.012270 ARP, Request who-has 192.168.11.3 tell 192.168.11.33,
> length 28
> 20:12:23.027897 ARP, Request who-has 192.168.11.3 tell 192.168.11.33,
> length 28
> 20:12:24.027951 ARP, Request who-has 192.168.11.3 tell 192.168.11.33,
> length 28
> //192.158.11.33 is remoute PC ip-address, and 192.168.11.3 is one of my
> local hosts//
>
> and no APR REPLY.
>
> Intresting that on other hand I have the same configs files on Centos 5.7.
> and everything work perfectly.
>
>
> > no, i removed the commands you mentioned, but it still doesn't work.
> >
> > Best Regards
> > Tang Jianwei
> >
> > On Tue, Sep 27, 2011 at 6:01 PM, Минтаиров Михаил  >wrote:
> >
> >>  I can't remember a reason, but at one moment I stop to use  "openvpn
> >>  --mktun --dev [dev name]" command. May be it's becouse openvpn create
> tap0
> >>  by it self. So try to comment this lines:
> >>
> >>   for t in $tap; do
> >>  openvpn --mktun --dev $t
> >>   done
> >>
> >>  then restart a network, after then start openvpn and after it start
> bridge
> >>  script
> >>>  openvpn configure file
> >>>
> >>>  *port 1194
> >>>  proto udp
> >>>  dev tap0
> >>>  ca ca.crt
> >>>  cert VPN_Server.crt
> >>>  key VPN_Server.key  # This file should be kept secret
> >>>  dh dh1024.pem
> >>>  server-bridge 192.168.119.1 255.255.255.0 192.168.119.221
> 192.168.119.225
> >>>  keepalive 10 120
> >>>  comp-lzo
> >>>  user nobody
> >>>  group nobody
> >>>  persist-key
> >>>  persist-tun
> >>>  status openvpn-status.log
> >>>  log-append  /var/log/openvpn.log
> >>>  verb 3
> >>>  mute 20
> >>>  *
> >>>
> >>>  the script for bring up the bridge
> >>>  *# Define Bridge Interface
> >>>  br="br0"
> >>>
> >>>  # Define list of TAP interfaces to be bridged,
> >>>  # for example tap="tap0 tap1 tap2".
> >>>  tap="tap0"
> >>>
> >>>  # Define physical ethernet interface to be bridged
> >>>  # with TAP interface(s) above.
> >>>  eth="eth1"
> >>>  eth_ip="192.168.119.1"
> >>>  eth_netmask="255.255.255.0"
> >>>  eth_broadcast="192.168.119.255"
> >>>
> >>>  for t in $tap; do
> >>>  openvpn --mktun --dev $t
> >>>  done
> >>>
> >>>  brctl addbr $br
> >>>  brctl addif $br $eth
> >>>
> >>>  for t in $tap; do
> >>>  brctl addif $br $t
> >>>  done
> >>>
> >>>  for t in $tap; do
> >>>  ifconfig $t 0.0.0.0 promisc up
> >>>  done
> >>>
> >>>  ifconfig $eth 0.0.0.0 promisc up
> >>>
> >>>  ifconfig $br $eth_ip netmask $eth_netmask broadcast $eth_broadcast*
> >>>
> >>>  On Tue, Sep 27, 2011 at 5:20 PM, Минтаиров Михаил <
> mikxal...@yandex.ru
> >>> wrote:
>    Hm... It's very hard to guess without config files. Can you post
> your
>    server and client openvpn configs... and also can your show  a br0
> >>  creation
>    commands?
> 
>    27.09.2011, 12:01, "唐建伟" :
> >   Hi
> >
> >   no, i don't think so. anyway, i can and only can the vpn server
> from
> >>  the
> >   remote hosts.
> >
> >   Best Regards
> >   Tang Jianwei
> >
> >   On Tue, Sep 27, 2011 at 3:59 PM, Минтаиров Михаил <
> >>  mikxal...@yandex.ru
> >  wrote:
> >>So, something stop packets from remote hosts. May be firewall on
> >>  remote
> >>PC...? and can you run tcpdump on same remote host, to check that
> >>  it's
>    tap0
> >>device.
> >>
> >>27.09.2011, 11:06, "唐建伟" :
> >>>Hi
> >>>
> >>>the routing table in the remote hosts are OK. "tcpdump -n -i
> >>  [device
> >>name]"
> >>>cannot capture any packages from remote. no mater br0 nor tap0.
> >>>
> >>>Best Regards
> >>>Tang Jianwei
> >>>
> >>>On Tue, Sep 27, 2011 at 2:44 PM, Минтаиров Михаил <
>    mikxal...@yandex.ru
> >>>   wrote:
>  27.09.2011, 09:52, "唐建伟" :
> > Hi all,
> >
> > I just intalled openvpn + bridge in CentOS 6, but i get
> strange
> >>problems:
> > the remote PCs cannot get the local PCs'  MACs and also, the
> >>  local
>    PCs
> > cannot get the remote PCs' MACs
> >
> > but when i run "brctl showmacs br0"  it will list all the
> MACs
> >>  and
> >>also "
> > brctl show" will show that all the correct adapters are in
> br0
> >
> > SELinux disabled
> >
> > any ideas?
>  First of all you should check routing table of remote hosts.
> If
> >>

Re: [CentOS] openvpn + bridge utils in CentOS 6

2011-11-04 Thread Минтаиров Михаил


28.09.2011, 04:58, "唐建伟" :
Hello, I didn't find what to answer to you mounth ago. But now I also have an 
installation of centos 6 (at past I used centos 5.7) , and I have the same 
problems as you. First of all, did you find any solutions?
 
I only found that the problem is in br0 device. I can't guess why but it not 
recive ARP REPLY packets. 

tcpdump on all devices (tap0, eth1, br0) give me the same:

20:12:22.012270 ARP, Request who-has 192.168.11.3 tell 192.168.11.33, length 28
20:12:23.027897 ARP, Request who-has 192.168.11.3 tell 192.168.11.33, length 28
20:12:24.027951 ARP, Request who-has 192.168.11.3 tell 192.168.11.33, length 28
//192.158.11.33 is remoute PC ip-address, and 192.168.11.3 is one of my local 
hosts//

and no APR REPLY.

Intresting that on other hand I have the same configs files on Centos 5.7. and 
everything work perfectly.


> no, i removed the commands you mentioned, but it still doesn't work.
>
> Best Regards
> Tang Jianwei
>
> On Tue, Sep 27, 2011 at 6:01 PM, Минтаиров Михаил wrote:
>
>>  I can't remember a reason, but at one moment I stop to use  "openvpn
>>  --mktun --dev [dev name]" command. May be it's becouse openvpn create tap0
>>  by it self. So try to comment this lines:
>>
>>   for t in $tap; do
>>  openvpn --mktun --dev $t
>>   done
>>
>>  then restart a network, after then start openvpn and after it start bridge
>>  script
>>>  openvpn configure file
>>>
>>>  *port 1194
>>>  proto udp
>>>  dev tap0
>>>  ca ca.crt
>>>  cert VPN_Server.crt
>>>  key VPN_Server.key  # This file should be kept secret
>>>  dh dh1024.pem
>>>  server-bridge 192.168.119.1 255.255.255.0 192.168.119.221 192.168.119.225
>>>  keepalive 10 120
>>>  comp-lzo
>>>  user nobody
>>>  group nobody
>>>  persist-key
>>>  persist-tun
>>>  status openvpn-status.log
>>>  log-append  /var/log/openvpn.log
>>>  verb 3
>>>  mute 20
>>>  *
>>>
>>>  the script for bring up the bridge
>>>  *# Define Bridge Interface
>>>  br="br0"
>>>
>>>  # Define list of TAP interfaces to be bridged,
>>>  # for example tap="tap0 tap1 tap2".
>>>  tap="tap0"
>>>
>>>  # Define physical ethernet interface to be bridged
>>>  # with TAP interface(s) above.
>>>  eth="eth1"
>>>  eth_ip="192.168.119.1"
>>>  eth_netmask="255.255.255.0"
>>>  eth_broadcast="192.168.119.255"
>>>
>>>  for t in $tap; do
>>>  openvpn --mktun --dev $t
>>>  done
>>>
>>>  brctl addbr $br
>>>  brctl addif $br $eth
>>>
>>>  for t in $tap; do
>>>  brctl addif $br $t
>>>  done
>>>
>>>  for t in $tap; do
>>>  ifconfig $t 0.0.0.0 promisc up
>>>  done
>>>
>>>  ifconfig $eth 0.0.0.0 promisc up
>>>
>>>  ifconfig $br $eth_ip netmask $eth_netmask broadcast $eth_broadcast*
>>>
>>>  On Tue, Sep 27, 2011 at 5:20 PM, Минтаиров Михаил >> wrote:
   Hm... It's very hard to guess without config files. Can you post your
   server and client openvpn configs... and also can your show  a br0
>>  creation
   commands?

   27.09.2011, 12:01, "唐建伟" :
>   Hi
>
>   no, i don't think so. anyway, i can and only can the vpn server from
>>  the
>   remote hosts.
>
>   Best Regards
>   Tang Jianwei
>
>   On Tue, Sep 27, 2011 at 3:59 PM, Минтаиров Михаил <
>>  mikxal...@yandex.ru
>  wrote:
>>    So, something stop packets from remote hosts. May be firewall on
>>  remote
>>    PC...? and can you run tcpdump on same remote host, to check that
>>  it's
   tap0
>>    device.
>>
>>    27.09.2011, 11:06, "唐建伟" :
>>>    Hi
>>>
>>>    the routing table in the remote hosts are OK. "tcpdump -n -i
>>  [device
>>    name]"
>>>    cannot capture any packages from remote. no mater br0 nor tap0.
>>>
>>>    Best Regards
>>>    Tang Jianwei
>>>
>>>    On Tue, Sep 27, 2011 at 2:44 PM, Минтаиров Михаил <
   mikxal...@yandex.ru
>>>   wrote:
 27.09.2011, 09:52, "唐建伟" :
> Hi all,
>
> I just intalled openvpn + bridge in CentOS 6, but i get strange
>>    problems:
> the remote PCs cannot get the local PCs'  MACs and also, the
>>  local
   PCs
> cannot get the remote PCs' MACs
>
> but when i run "brctl showmacs br0"  it will list all the MACs
>>  and
>>    also "
> brctl show" will show that all the correct adapters are in br0
>
> SELinux disabled
>
> any ideas?
 First of all you should check routing table of remote hosts. If
>> everything
 is correct, try to monitor br0, and other devises(ethX) by
>>  "tcpdump
   -n
>>    -i
 [device name]".
 ___
 CentOS mailing list
 CentOS@centos.org
 http://lists.centos.org/mailman/listinfo/centos
>>>    --
>>>    Tang Jianwei
>>>    System Administrator
>>>    ___
>>>    CentOS maili

Re: [CentOS] openvpn + bridge utils in CentOS 6

2011-09-27 Thread 唐建伟
no, i removed the commands you mentioned, but it still doesn't work.

Best Regards
Tang Jianwei

On Tue, Sep 27, 2011 at 6:01 PM, Минтаиров Михаил wrote:

> I can't remember a reason, but at one moment I stop to use  "openvpn
> --mktun --dev [dev name]" command. May be it's becouse openvpn create tap0
> by it self. So try to comment this lines:
>
>  for t in $tap; do
> openvpn --mktun --dev $t
>  done
>
> then restart a network, after then start openvpn and after it start bridge
> script
>
>
> > openvpn configure file
> >
> > *port 1194
> > proto udp
> > dev tap0
> > ca ca.crt
> > cert VPN_Server.crt
> > key VPN_Server.key  # This file should be kept secret
> > dh dh1024.pem
> > server-bridge 192.168.119.1 255.255.255.0 192.168.119.221 192.168.119.225
> > keepalive 10 120
> > comp-lzo
> > user nobody
> > group nobody
> > persist-key
> > persist-tun
> > status openvpn-status.log
> > log-append  /var/log/openvpn.log
> > verb 3
> > mute 20
> > *
> >
> > the script for bring up the bridge
> > *# Define Bridge Interface
> > br="br0"
> >
> > # Define list of TAP interfaces to be bridged,
> > # for example tap="tap0 tap1 tap2".
> > tap="tap0"
> >
> > # Define physical ethernet interface to be bridged
> > # with TAP interface(s) above.
> > eth="eth1"
> > eth_ip="192.168.119.1"
> > eth_netmask="255.255.255.0"
> > eth_broadcast="192.168.119.255"
> >
> > for t in $tap; do
> > openvpn --mktun --dev $t
> > done
> >
> > brctl addbr $br
> > brctl addif $br $eth
> >
> > for t in $tap; do
> > brctl addif $br $t
> > done
> >
> > for t in $tap; do
> > ifconfig $t 0.0.0.0 promisc up
> > done
> >
> > ifconfig $eth 0.0.0.0 promisc up
> >
> > ifconfig $br $eth_ip netmask $eth_netmask broadcast $eth_broadcast*
> >
> > On Tue, Sep 27, 2011 at 5:20 PM, Минтаиров Михаил  >wrote:
> >
> >>  Hm... It's very hard to guess without config files. Can you post your
> >>  server and client openvpn configs... and also can your show  a br0
> creation
> >>  commands?
> >>
> >>  27.09.2011, 12:01, "唐建伟" :
> >>>  Hi
> >>>
> >>>  no, i don't think so. anyway, i can and only can the vpn server from
> the
> >>>  remote hosts.
> >>>
> >>>  Best Regards
> >>>  Tang Jianwei
> >>>
> >>>  On Tue, Sep 27, 2011 at 3:59 PM, Минтаиров Михаил <
> mikxal...@yandex.ru
> >>> wrote:
>    So, something stop packets from remote hosts. May be firewall on
> remote
>    PC...? and can you run tcpdump on same remote host, to check that
> it's
> >>  tap0
>    device.
> 
>    27.09.2011, 11:06, "唐建伟" :
> >   Hi
> >
> >   the routing table in the remote hosts are OK. "tcpdump -n -i
> [device
>    name]"
> >   cannot capture any packages from remote. no mater br0 nor tap0.
> >
> >   Best Regards
> >   Tang Jianwei
> >
> >   On Tue, Sep 27, 2011 at 2:44 PM, Минтаиров Михаил <
> >>  mikxal...@yandex.ru
> >  wrote:
> >>27.09.2011, 09:52, "唐建伟" :
> >>>Hi all,
> >>>
> >>>I just intalled openvpn + bridge in CentOS 6, but i get strange
>    problems:
> >>>the remote PCs cannot get the local PCs'  MACs and also, the
> local
> >>  PCs
> >>>cannot get the remote PCs' MACs
> >>>
> >>>but when i run "brctl showmacs br0"  it will list all the MACs
> and
>    also "
> >>>brctl show" will show that all the correct adapters are in br0
> >>>
> >>>SELinux disabled
> >>>
> >>>any ideas?
> >>First of all you should check routing table of remote hosts. If
> everything
> >>is correct, try to monitor br0, and other devises(ethX) by
> "tcpdump
> >>  -n
>    -i
> >>[device name]".
> >>___
> >>CentOS mailing list
> >>CentOS@centos.org
> >>http://lists.centos.org/mailman/listinfo/centos
> >   --
> >   Tang Jianwei
> >   System Administrator
> >   ___
> >   CentOS mailing list
> >   CentOS@centos.org
> >   http://lists.centos.org/mailman/listinfo/centos
>    ___
>    CentOS mailing list
>    CentOS@centos.org
>    http://lists.centos.org/mailman/listinfo/centos
> >>>  --
> >>>  Tang Jianwei
> >>>  System Administrator
> >>>  ___
> >>>  CentOS mailing list
> >>>  CentOS@centos.org
> >>>  http://lists.centos.org/mailman/listinfo/centos
> >>  ___
> >>  CentOS mailing list
> >>  CentOS@centos.org
> >>  http://lists.centos.org/mailman/listinfo/centos
> > --
> > Tang Jianwei
> > System Administrator
> > ___
> > CentOS mailing list
> > CentOS@centos.org
> > http://lists.centos.org/mailman/listinfo/centos
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>



-- 
Tang Jianwei

Re: [CentOS] openvpn + bridge utils in CentOS 6

2011-09-27 Thread Минтаиров Михаил
I can't remember a reason, but at one moment I stop to use  "openvpn --mktun 
--dev [dev name]" command. May be it's becouse openvpn create tap0 by it self. 
So try to comment this lines:

 for t in $tap; do
 openvpn --mktun --dev $t
 done

then restart a network, after then start openvpn and after it start bridge 
script


> openvpn configure file
>
> *port 1194
> proto udp
> dev tap0
> ca ca.crt
> cert VPN_Server.crt
> key VPN_Server.key  # This file should be kept secret
> dh dh1024.pem
> server-bridge 192.168.119.1 255.255.255.0 192.168.119.221 192.168.119.225
> keepalive 10 120
> comp-lzo
> user nobody
> group nobody
> persist-key
> persist-tun
> status openvpn-status.log
> log-append  /var/log/openvpn.log
> verb 3
> mute 20
> *
>
> the script for bring up the bridge
> *# Define Bridge Interface
> br="br0"
>
> # Define list of TAP interfaces to be bridged,
> # for example tap="tap0 tap1 tap2".
> tap="tap0"
>
> # Define physical ethernet interface to be bridged
> # with TAP interface(s) above.
> eth="eth1"
> eth_ip="192.168.119.1"
> eth_netmask="255.255.255.0"
> eth_broadcast="192.168.119.255"
>
> for t in $tap; do
> openvpn --mktun --dev $t
> done
>
> brctl addbr $br
> brctl addif $br $eth
>
> for t in $tap; do
> brctl addif $br $t
> done
>
> for t in $tap; do
> ifconfig $t 0.0.0.0 promisc up
> done
>
> ifconfig $eth 0.0.0.0 promisc up
>
> ifconfig $br $eth_ip netmask $eth_netmask broadcast $eth_broadcast*
>
> On Tue, Sep 27, 2011 at 5:20 PM, Минтаиров Михаил wrote:
>
>>  Hm... It's very hard to guess without config files. Can you post your
>>  server and client openvpn configs... and also can your show  a br0 creation
>>  commands?
>>
>>  27.09.2011, 12:01, "唐建伟" :
>>>  Hi
>>>
>>>  no, i don't think so. anyway, i can and only can the vpn server from the
>>>  remote hosts.
>>>
>>>  Best Regards
>>>  Tang Jianwei
>>>
>>>  On Tue, Sep 27, 2011 at 3:59 PM, Минтаиров Михаил >> wrote:
   So, something stop packets from remote hosts. May be firewall on remote
   PC...? and can you run tcpdump on same remote host, to check that it's
>>  tap0
   device.

   27.09.2011, 11:06, "唐建伟" :
>   Hi
>
>   the routing table in the remote hosts are OK. "tcpdump -n -i [device
   name]"
>   cannot capture any packages from remote. no mater br0 nor tap0.
>
>   Best Regards
>   Tang Jianwei
>
>   On Tue, Sep 27, 2011 at 2:44 PM, Минтаиров Михаил <
>>  mikxal...@yandex.ru
>  wrote:
>>    27.09.2011, 09:52, "唐建伟" :
>>>    Hi all,
>>>
>>>    I just intalled openvpn + bridge in CentOS 6, but i get strange
   problems:
>>>    the remote PCs cannot get the local PCs'  MACs and also, the local
>>  PCs
>>>    cannot get the remote PCs' MACs
>>>
>>>    but when i run "brctl showmacs br0"  it will list all the MACs and
   also "
>>>    brctl show" will show that all the correct adapters are in br0
>>>
>>>    SELinux disabled
>>>
>>>    any ideas?
>>    First of all you should check routing table of remote hosts. If
    everything
>>    is correct, try to monitor br0, and other devises(ethX) by "tcpdump
>>  -n
   -i
>>    [device name]".
>>    ___
>>    CentOS mailing list
>>    CentOS@centos.org
>>    http://lists.centos.org/mailman/listinfo/centos
>   --
>   Tang Jianwei
>   System Administrator
>   ___
>   CentOS mailing list
>   CentOS@centos.org
>   http://lists.centos.org/mailman/listinfo/centos
   ___
   CentOS mailing list
   CentOS@centos.org
   http://lists.centos.org/mailman/listinfo/centos
>>>  --
>>>  Tang Jianwei
>>>  System Administrator
>>>  ___
>>>  CentOS mailing list
>>>  CentOS@centos.org
>>>  http://lists.centos.org/mailman/listinfo/centos
>>  ___
>>  CentOS mailing list
>>  CentOS@centos.org
>>  http://lists.centos.org/mailman/listinfo/centos
> --
> Tang Jianwei
> System Administrator
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos


Re: [CentOS] openvpn + bridge utils in CentOS 6

2011-09-27 Thread 唐建伟
openvpn configure file

*port 1194
proto udp
dev tap0
ca ca.crt
cert VPN_Server.crt
key VPN_Server.key  # This file should be kept secret
dh dh1024.pem
server-bridge 192.168.119.1 255.255.255.0 192.168.119.221 192.168.119.225
keepalive 10 120
comp-lzo
user nobody
group nobody
persist-key
persist-tun
status openvpn-status.log
log-append  /var/log/openvpn.log
verb 3
mute 20
*

the script for bring up the bridge
*# Define Bridge Interface
br="br0"

# Define list of TAP interfaces to be bridged,
# for example tap="tap0 tap1 tap2".
tap="tap0"

# Define physical ethernet interface to be bridged
# with TAP interface(s) above.
eth="eth1"
eth_ip="192.168.119.1"
eth_netmask="255.255.255.0"
eth_broadcast="192.168.119.255"

for t in $tap; do
openvpn --mktun --dev $t
done

brctl addbr $br
brctl addif $br $eth

for t in $tap; do
brctl addif $br $t
done

for t in $tap; do
ifconfig $t 0.0.0.0 promisc up
done

ifconfig $eth 0.0.0.0 promisc up

ifconfig $br $eth_ip netmask $eth_netmask broadcast $eth_broadcast*


On Tue, Sep 27, 2011 at 5:20 PM, Минтаиров Михаил wrote:

> Hm... It's very hard to guess without config files. Can you post your
> server and client openvpn configs... and also can your show  a br0 creation
> commands?
>
> 27.09.2011, 12:01, "唐建伟" :
> > Hi
> >
> > no, i don't think so. anyway, i can and only can the vpn server from the
> > remote hosts.
> >
> > Best Regards
> > Tang Jianwei
> >
> > On Tue, Sep 27, 2011 at 3:59 PM, Минтаиров Михаил  >wrote:
> >
> >>  So, something stop packets from remote hosts. May be firewall on remote
> >>  PC...? and can you run tcpdump on same remote host, to check that it's
> tap0
> >>  device.
> >>
> >>  27.09.2011, 11:06, "唐建伟" :
> >>>  Hi
> >>>
> >>>  the routing table in the remote hosts are OK. "tcpdump -n -i [device
> >>  name]"
> >>>  cannot capture any packages from remote. no mater br0 nor tap0.
> >>>
> >>>  Best Regards
> >>>  Tang Jianwei
> >>>
> >>>  On Tue, Sep 27, 2011 at 2:44 PM, Минтаиров Михаил <
> mikxal...@yandex.ru
> >>> wrote:
>    27.09.2011, 09:52, "唐建伟" :
> >   Hi all,
> >
> >   I just intalled openvpn + bridge in CentOS 6, but i get strange
> >>  problems:
> >   the remote PCs cannot get the local PCs'  MACs and also, the local
> PCs
> >   cannot get the remote PCs' MACs
> >
> >   but when i run "brctl showmacs br0"  it will list all the MACs and
> >>  also "
> >   brctl show" will show that all the correct adapters are in br0
> >
> >   SELinux disabled
> >
> >   any ideas?
>    First of all you should check routing table of remote hosts. If
> >>   everything
>    is correct, try to monitor br0, and other devises(ethX) by "tcpdump
> -n
> >>  -i
>    [device name]".
>    ___
>    CentOS mailing list
>    CentOS@centos.org
>    http://lists.centos.org/mailman/listinfo/centos
> >>>  --
> >>>  Tang Jianwei
> >>>  System Administrator
> >>>  ___
> >>>  CentOS mailing list
> >>>  CentOS@centos.org
> >>>  http://lists.centos.org/mailman/listinfo/centos
> >>  ___
> >>  CentOS mailing list
> >>  CentOS@centos.org
> >>  http://lists.centos.org/mailman/listinfo/centos
> > --
> > Tang Jianwei
> > System Administrator
> > ___
> > CentOS mailing list
> > CentOS@centos.org
> > http://lists.centos.org/mailman/listinfo/centos
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>



-- 
Tang Jianwei
System Administrator
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos


Re: [CentOS] openvpn + bridge utils in CentOS 6

2011-09-27 Thread Минтаиров Михаил
Hm... It's very hard to guess without config files. Can you post your server 
and client openvpn configs... and also can your show  a br0 creation commands?

27.09.2011, 12:01, "唐建伟" :
> Hi
>
> no, i don't think so. anyway, i can and only can the vpn server from the
> remote hosts.
>
> Best Regards
> Tang Jianwei
>
> On Tue, Sep 27, 2011 at 3:59 PM, Минтаиров Михаил wrote:
>
>>  So, something stop packets from remote hosts. May be firewall on remote
>>  PC...? and can you run tcpdump on same remote host, to check that it's tap0
>>  device.
>>
>>  27.09.2011, 11:06, "唐建伟" :
>>>  Hi
>>>
>>>  the routing table in the remote hosts are OK. "tcpdump -n -i [device
>>  name]"
>>>  cannot capture any packages from remote. no mater br0 nor tap0.
>>>
>>>  Best Regards
>>>  Tang Jianwei
>>>
>>>  On Tue, Sep 27, 2011 at 2:44 PM, Минтаиров Михаил >> wrote:
   27.09.2011, 09:52, "唐建伟" :
>   Hi all,
>
>   I just intalled openvpn + bridge in CentOS 6, but i get strange
>>  problems:
>   the remote PCs cannot get the local PCs'  MACs and also, the local PCs
>   cannot get the remote PCs' MACs
>
>   but when i run "brctl showmacs br0"  it will list all the MACs and
>>  also "
>   brctl show" will show that all the correct adapters are in br0
>
>   SELinux disabled
>
>   any ideas?
   First of all you should check routing table of remote hosts. If
>>   everything
   is correct, try to monitor br0, and other devises(ethX) by "tcpdump -n
>>  -i
   [device name]".
   ___
   CentOS mailing list
   CentOS@centos.org
   http://lists.centos.org/mailman/listinfo/centos
>>>  --
>>>  Tang Jianwei
>>>  System Administrator
>>>  ___
>>>  CentOS mailing list
>>>  CentOS@centos.org
>>>  http://lists.centos.org/mailman/listinfo/centos
>>  ___
>>  CentOS mailing list
>>  CentOS@centos.org
>>  http://lists.centos.org/mailman/listinfo/centos
> --
> Tang Jianwei
> System Administrator
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos


Re: [CentOS] openvpn + bridge utils in CentOS 6

2011-09-27 Thread 唐建伟
Hi

no, i don't think so. anyway, i can and only can the vpn server from the
remote hosts.

Best Regards
Tang Jianwei

On Tue, Sep 27, 2011 at 3:59 PM, Минтаиров Михаил wrote:

>
> So, something stop packets from remote hosts. May be firewall on remote
> PC...? and can you run tcpdump on same remote host, to check that it's tap0
> device.
>
> 27.09.2011, 11:06, "唐建伟" :
> > Hi
> >
> > the routing table in the remote hosts are OK. "tcpdump -n -i [device
> name]"
> > cannot capture any packages from remote. no mater br0 nor tap0.
> >
> > Best Regards
> > Tang Jianwei
> >
> > On Tue, Sep 27, 2011 at 2:44 PM, Минтаиров Михаил  >wrote:
> >
> >>  27.09.2011, 09:52, "唐建伟" :
> >>>  Hi all,
> >>>
> >>>  I just intalled openvpn + bridge in CentOS 6, but i get strange
> problems:
> >>>
> >>>  the remote PCs cannot get the local PCs'  MACs and also, the local PCs
> >>>  cannot get the remote PCs' MACs
> >>>
> >>>  but when i run "brctl showmacs br0"  it will list all the MACs and
> also "
> >>>  brctl show" will show that all the correct adapters are in br0
> >>>
> >>>  SELinux disabled
> >>>
> >>>  any ideas?
> >>  First of all you should check routing table of remote hosts. If
>  everything
> >>  is correct, try to monitor br0, and other devises(ethX) by "tcpdump -n
> -i
> >>  [device name]".
> >>  ___
> >>  CentOS mailing list
> >>  CentOS@centos.org
> >>  http://lists.centos.org/mailman/listinfo/centos
> > --
> > Tang Jianwei
> > System Administrator
> > ___
> > CentOS mailing list
> > CentOS@centos.org
> > http://lists.centos.org/mailman/listinfo/centos
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>



-- 
Tang Jianwei
System Administrator
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos


Re: [CentOS] openvpn + bridge utils in CentOS 6

2011-09-27 Thread Минтаиров Михаил

So, something stop packets from remote hosts. May be firewall on remote PC...? 
and can you run tcpdump on same remote host, to check that it's tap0 device.

27.09.2011, 11:06, "唐建伟" :
> Hi
>
> the routing table in the remote hosts are OK. "tcpdump -n -i [device name]"
> cannot capture any packages from remote. no mater br0 nor tap0.
>
> Best Regards
> Tang Jianwei
>
> On Tue, Sep 27, 2011 at 2:44 PM, Минтаиров Михаил wrote:
>
>>  27.09.2011, 09:52, "唐建伟" :
>>>  Hi all,
>>>
>>>  I just intalled openvpn + bridge in CentOS 6, but i get strange problems:
>>>
>>>  the remote PCs cannot get the local PCs'  MACs and also, the local PCs
>>>  cannot get the remote PCs' MACs
>>>
>>>  but when i run "brctl showmacs br0"  it will list all the MACs and also "
>>>  brctl show" will show that all the correct adapters are in br0
>>>
>>>  SELinux disabled
>>>
>>>  any ideas?
>>  First of all you should check routing table of remote hosts. If  everything
>>  is correct, try to monitor br0, and other devises(ethX) by "tcpdump -n -i
>>  [device name]".
>>  ___
>>  CentOS mailing list
>>  CentOS@centos.org
>>  http://lists.centos.org/mailman/listinfo/centos
> --
> Tang Jianwei
> System Administrator
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos


Re: [CentOS] openvpn + bridge utils in CentOS 6

2011-09-27 Thread 唐建伟
Hi

the routing table in the remote hosts are OK. "tcpdump -n -i [device name]"
cannot capture any packages from remote. no mater br0 nor tap0.

Best Regards
Tang Jianwei

On Tue, Sep 27, 2011 at 2:44 PM, Минтаиров Михаил wrote:

>
>
> 27.09.2011, 09:52, "唐建伟" :
> > Hi all,
> >
> > I just intalled openvpn + bridge in CentOS 6, but i get strange problems:
> >
> > the remote PCs cannot get the local PCs'  MACs and also, the local PCs
> > cannot get the remote PCs' MACs
> >
> > but when i run "brctl showmacs br0"  it will list all the MACs and also "
> > brctl show" will show that all the correct adapters are in br0
> >
> > SELinux disabled
> >
> > any ideas?
> >
>
> First of all you should check routing table of remote hosts. If  everything
> is correct, try to monitor br0, and other devises(ethX) by "tcpdump -n -i
> [device name]".
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>



-- 
Tang Jianwei
System Administrator
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos


Re: [CentOS] openvpn + bridge utils in CentOS 6

2011-09-26 Thread Минтаиров Михаил


27.09.2011, 09:52, "唐建伟" :
> Hi all,
>
> I just intalled openvpn + bridge in CentOS 6, but i get strange problems:
>
> the remote PCs cannot get the local PCs'  MACs and also, the local PCs
> cannot get the remote PCs' MACs
>
> but when i run "brctl showmacs br0"  it will list all the MACs and also "
> brctl show" will show that all the correct adapters are in br0
>
> SELinux disabled
>
> any ideas?
>

First of all you should check routing table of remote hosts. If  everything is 
correct, try to monitor br0, and other devises(ethX) by "tcpdump -n -i [device 
name]". 
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos