[OpenWrt-Devel] Bridge filtering on WRT160NL (ar71xx) not working
Hi! I have a WRT160NL with the 3 interfaces (eth0, eth1, wlan0) on a single bridge (br-lan) and I was normally doing filtering between them but now all the packets are unconditionally bridged to all the interfaces despite the ebtables rules. ebtables doesn't report hits on rules. My last working image was based on r30676 with 3.2.7 kernel, I'm pretty sure is not an upstream kernel problem as I tried latest trunk with kernels 3.2.7, 3.2.12, 3.2.13 and 3.3 and the same problem. Does some default changed recently? -- Otto ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
Re: [OpenWrt-Devel] Bridge filtering on WRT160NL (ar71xx) not working
Hello, Le 03/27/12 15:43, Otto Solares Cabrera a écrit : Hi! I have a WRT160NL with the 3 interfaces (eth0, eth1, wlan0) on a single bridge (br-lan) and I was normally doing filtering between them but now all the packets are unconditionally bridged to all the interfaces despite the ebtables rules. ebtables doesn't report hits on rules. My last working image was based on r30676 with 3.2.7 kernel, I'm pretty sure is not an upstream kernel problem as I tried latest trunk with kernels 3.2.7, 3.2.12, 3.2.13 and 3.3 and the same problem. Does some default changed recently? You might want to revert changeset r30954 and see if that changes something for you. -- Florian ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
Re: [OpenWrt-Devel] Bridge filtering on WRT160NL (ar71xx) not working
On Tue, Mar 27, 2012 at 03:49:04PM +0200, Florian Fainelli wrote: > Hello, > > Le 03/27/12 15:43, Otto Solares Cabrera a écrit : >> Hi! >> >> I have a WRT160NL with the 3 interfaces (eth0, eth1, wlan0) on a single >> bridge (br-lan) and I was normally doing filtering between them but now >> all the packets are unconditionally bridged to all the interfaces >> despite the ebtables rules. ebtables doesn't report hits on rules. >> >> My last working image was based on r30676 with 3.2.7 kernel, I'm pretty >> sure is not an upstream kernel problem as I tried latest trunk with >> kernels 3.2.7, 3.2.12, 3.2.13 and 3.3 and the same problem. >> >> Does some default changed recently? > > You might want to revert changeset r30954 and see if that changes > something for you. Reverting that changeset fixes my problem, thank you! -- Otto ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
Re: [OpenWrt-Devel] Bridge filtering on WRT160NL (ar71xx) not working
Le 03/28/12 00:49, Otto Solares Cabrera a écrit : On Tue, Mar 27, 2012 at 03:49:04PM +0200, Florian Fainelli wrote: Hello, Le 03/27/12 15:43, Otto Solares Cabrera a écrit : Hi! I have a WRT160NL with the 3 interfaces (eth0, eth1, wlan0) on a single bridge (br-lan) and I was normally doing filtering between them but now all the packets are unconditionally bridged to all the interfaces despite the ebtables rules. ebtables doesn't report hits on rules. My last working image was based on r30676 with 3.2.7 kernel, I'm pretty sure is not an upstream kernel problem as I tried latest trunk with kernels 3.2.7, 3.2.12, 3.2.13 and 3.3 and the same problem. Does some default changed recently? You might want to revert changeset r30954 and see if that changes something for you. Reverting that changeset fixes my problem, thank you! Felix, do you have any idea why this does not work for Otto? -- Florian ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
Re: [OpenWrt-Devel] Bridge filtering on WRT160NL (ar71xx) not working
On 2012-03-29 11:50 AM, Florian Fainelli wrote: > Le 03/28/12 00:49, Otto Solares Cabrera a écrit : >> On Tue, Mar 27, 2012 at 03:49:04PM +0200, Florian Fainelli wrote: >>> Hello, >>> >>> Le 03/27/12 15:43, Otto Solares Cabrera a écrit : Hi! I have a WRT160NL with the 3 interfaces (eth0, eth1, wlan0) on a single bridge (br-lan) and I was normally doing filtering between them but now all the packets are unconditionally bridged to all the interfaces despite the ebtables rules. ebtables doesn't report hits on rules. My last working image was based on r30676 with 3.2.7 kernel, I'm pretty sure is not an upstream kernel problem as I tried latest trunk with kernels 3.2.7, 3.2.12, 3.2.13 and 3.3 and the same problem. Does some default changed recently? >>> You might want to revert changeset r30954 and see if that changes >>> something for you. >> Reverting that changeset fixes my problem, thank you! > > Felix, do you have any idea why this does not work for Otto? I think I need a new sysctl for passing packets through ebtables but not iptables. As a workaround you can probably simply set the sysctl field net.bridge.bridge-nf-call-arptables to 1. I'll make the new sysctl default to =1 as long as ebtables is loaded. - Felix ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
Re: [OpenWrt-Devel] Bridge filtering on WRT160NL (ar71xx) not working
On 2012-03-29 1:51 PM, Felix Fietkau wrote: > On 2012-03-29 11:50 AM, Florian Fainelli wrote: >> Le 03/28/12 00:49, Otto Solares Cabrera a écrit : >>> On Tue, Mar 27, 2012 at 03:49:04PM +0200, Florian Fainelli wrote: Hello, Le 03/27/12 15:43, Otto Solares Cabrera a écrit : > Hi! > > I have a WRT160NL with the 3 interfaces (eth0, eth1, wlan0) on a single > bridge (br-lan) and I was normally doing filtering between them but now > all the packets are unconditionally bridged to all the interfaces > despite the ebtables rules. ebtables doesn't report hits on rules. > > My last working image was based on r30676 with 3.2.7 kernel, I'm pretty > sure is not an upstream kernel problem as I tried latest trunk with > kernels 3.2.7, 3.2.12, 3.2.13 and 3.3 and the same problem. > > Does some default changed recently? You might want to revert changeset r30954 and see if that changes something for you. >>> Reverting that changeset fixes my problem, thank you! >> >> Felix, do you have any idea why this does not work for Otto? > I think I need a new sysctl for passing packets through ebtables but not > iptables. As a workaround you can probably simply set the sysctl field > net.bridge.bridge-nf-call-arptables to 1. > I'll make the new sysctl default to =1 as long as ebtables is loaded. Fix is in, please try the new version. - Felix ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
Re: [OpenWrt-Devel] Bridge filtering on WRT160NL (ar71xx) not working
On Thu, Mar 29, 2012 at 05:47:03PM +0300, Felix Fietkau wrote: > On 2012-03-29 1:51 PM, Felix Fietkau wrote: > > On 2012-03-29 11:50 AM, Florian Fainelli wrote: > >> Le 03/28/12 00:49, Otto Solares Cabrera a écrit : > >>> On Tue, Mar 27, 2012 at 03:49:04PM +0200, Florian Fainelli wrote: > Hello, > > Le 03/27/12 15:43, Otto Solares Cabrera a écrit : > > Hi! > > > > I have a WRT160NL with the 3 interfaces (eth0, eth1, wlan0) on a single > > bridge (br-lan) and I was normally doing filtering between them but now > > all the packets are unconditionally bridged to all the interfaces > > despite the ebtables rules. ebtables doesn't report hits on rules. > > > > My last working image was based on r30676 with 3.2.7 kernel, I'm pretty > > sure is not an upstream kernel problem as I tried latest trunk with > > kernels 3.2.7, 3.2.12, 3.2.13 and 3.3 and the same problem. > > > > Does some default changed recently? > You might want to revert changeset r30954 and see if that changes > something for you. > >>> Reverting that changeset fixes my problem, thank you! > >> > >> Felix, do you have any idea why this does not work for Otto? > > I think I need a new sysctl for passing packets through ebtables but not > > iptables. As a workaround you can probably simply set the sysctl field > > net.bridge.bridge-nf-call-arptables to 1. > > I'll make the new sysctl default to =1 as long as ebtables is loaded. > Fix is in, please try the new version. New version works fine, thank you!! -- Otto ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel