Honeypots mailing list archives
Bridging and iptables/ebtables
From: David Goldsmith <dgoldsmith-securityfocus () incidents org>
Date: Wed, 25 Feb 2004 14:54:24 -0500
I had a GenII virtual honeynet built using RedHat 7.3, 2.4.18-3 kernel and VMware GSX. I was bridging between the physical Ethernet interface and the VMware host-only network and using iptables to filter the traffic. The RedHat 2.4.18-3 kernel included the patch linux-2.4.16-bridgefilter.patch which added the CONFIG_BRIDGE_NF kernel option. Installing the bridge-utils package was sufficient to be able to establish the bridge and filter the traffic with iptables. I've reloaded the honeynet using RedHat 9 and have compiled a newer 2.4.2x kernel. I've grabbed the correct ebtables-brnf-3_vs_2.4.x.diff patch and applied it to the kernel. Bridging works but iptables is not filtering anything. Am I missing some simple like needing to force the loading of one of the newer bridge modules or do I have to use the ebtables user-space tool either in place of or to supplement iptables? Dave
Current thread:
- Bridging and iptables/ebtables David Goldsmith (Feb 25)
- Re: Bridging and iptables/ebtables Cedric Blancher (Feb 25)