[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oisf-users
Subject:    Re: [Oisf-users] need help with nfqueue and suri (little to)
From:       Victor Julien <lists () inliniac ! net>
Date:       2013-03-19 11:31:03
Message-ID: 51484C77.6040400 () inliniac ! net
[Download RAW message or body]

On 03/18/2013 08:26 PM, Stefan Sabolowitsch wrote:
> Hi Julien,
> > I noticed you got some help on the netfilter list about it.
> Yes, but dit help my out.
> I found myself the solution, only vlan tagged flows through this bridge.
> The trick is this switch "bridge-nf-filter-vlan-tagged" set to 1
> It should be set to 1 if you want tagged traffic to pass iptables.

Cool, glad you got it working. May be nice to the netfilter ppl to post
is there as well, so others can learn.

Cheers,
Victor

> regards
> Stefan
> 
> Am 18.03.2013 18:52, schrieb Victor Julien:
> > On 03/14/2013 05:53 PM, Stefan Sabolowitsch wrote:
> > > Hi all, i get with this Problem gray Hair
> > > 
> > > i have here Centos 6.4 with 3.8.2-2.el6.elrepo.x86_64 kernel an latest \
> > > iptables. 
> > > I have the following Queue:
> > > iptables -A FORWARD -i br0 -j NFQUEUE --queue-bypass --queue-num 1
> > > iptables -A FORWARD -i br1 -j NFQUEUE --queue-bypass --queue-num 2
> > > iptables -A FORWARD -i br2 -j NFQUEUE --queue-bypass --queue-num 3
> > > 
> > > Queue 1 and 2 have data but not 3 (br2)
> > > Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
> > > num   pkts bytes target     prot opt in     out     source               \
> > > destination          1     901K  728M NFQUEUE    all  --  br0    *       \
> > > 0.0.0.0/0            0.0.0.0/0            NFQUEUE num 1 bypass 2     117K 9150K \
> > > NFQUEUE    all  --  br1    *       0.0.0.0/0            0.0.0.0/0            \
> > > NFQUEUE num 2 bypass 3        0     0 NFQUEUE    all  --  br2    *       \
> > > 0.0.0.0/0            0.0.0.0/0            NFQUEUE num 3 bypass 
> > > However br2 gets packets, you can see it with tcpdump
> > > 
> > > [root@ipd2 Wecker-DMZ]# tcpdump -i br2
> > > tcpdump: WARNING: br2: no IPv4 address assigned
> > > tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
> > > listening on br2, link-type EN10MB (Ethernet), capture size 65535 bytes
> > > 14:48:12.557657 ARP, Reply 192.168.22.13 is-at d4:20:6d:4b:dc:4f (oui Unknown), \
> > > length 46 14:48:14.872485 ARP, Reply 192.168.22.11 is-at 1c:b0:94:49:81:ad (oui \
> > > Unknown), length 46 14:48:17.366026 ARP, Request who-has 192.168.21.1 tell \
> > > 192.168.21.12, length 46 14:48:17.366332 ARP, Reply 192.168.21.1 is-at \
> > > 00:10:db:d0:90:07 (oui Unknown), length 46 14:48:17.674916 IP \
> > > 192.168.21.12.55191 > 239.255.255.250.ssdp: UDP, length 133 14:48:20.682336 IP \
> > > 192.168.21.12.55191 > 239.255.255.250.ssdp: UDP, length 133 14:48:23.777492 IP \
> > > 192.168.21.12.55191 > 239.255.255.250.ssdp: UDP, length 133 14:48:26.735148 IP \
> > > 192.168.21.12.55191 > 239.255.255.250.ssdp: UDP, length 133 14:48:27.733482 \
> > > ARP, Reply 192.168.22.13 is-at d4:20:6d:4b:dc:4f (oui Unknown), length 46 \
> > > 14:48:29.741766 IP 192.168.21.12.55191 > 239.255.255.250.ssdp: UDP, length 133 \
> > > 14:48:29.983638 ARP, Reply 192.168.22.11 is-at 1c:b0:94:49:81:ad (oui Unknown), \
> > > length 46 14:48:32.752335 IP 192.168.21.12.55191 > 239.255.255.250.ssdp: UDP, \
> > > length 133 14:48:36.645248 IP 192.168.21.12.netbios-dgm > \
> > > 192.168.21.255.netbios-dgm: NBT UDP PACKET(138) 14:48:42.909740 ARP, Reply \
> > > 192.168.22.13 is-at d4:20:6d:4b:dc:4f (oui Unknown), length 46 14:48:45.098749 \
> > > ARP, Reply 192.168.22.11 is-at 1c:b0:94:49:81:ad (oui Unknown), length 46 \
> > > 14:48:53.830337 IP 192.168.21.16.54218 > fa-in-f108.1e100.net.imaps: Flags [S], \
> > > seq 4290929463, win 14600, options [mss 1460,sackOK,TS val 56595795 ecr \
> > > 0,nop,wscale 6], length 0 14:48:54.126394 IP 192.168.22.13.39232 > \
> > > 173.192.219.140-static.reverse.softlayer.com.https: Flags [P.], seq \
> > > 2793050904:2793050905, ack 1478286381, win 8120, options [nop,nop,TS val \
> > > 3886140 ecr 3960200924], length 1 14:48:54.269009 IP \
> > > 173.192.219.140-static.reverse.softlayer.com.https > 192.168.22.13.39232: Flags \
> > > [.], ack 1, win 513, options [nop,nop,TS val 3960484207 ecr 3886140], length 0 \
> > > 14:48:55.165501 IP 192.168.22.13.39232 > \
> > > 173.192.219.140-static.reverse.softlayer.com.https: Flags [P.], seq 1:3, ack 1, \
> > > win 8120, options [nop,nop,TS val 3886198 ecr 3960484207], length 2 \
> > > 14:48:55.308009 IP 173.192.219.140-static.reverse.softlayer.com.https > \
> > > 192.168.22.13.39232: Flags [.], ack 3, win 513, options [nop,nop,TS val \
> > > 3960485246 ecr 3886198], length 0 
> > > any idea ?
> > > thanks for any help
> > Did you get this sorted out? I noticed you got some help on the
> > netfilter list about it.
> > 
> 
> 


-- 
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------

_______________________________________________
Suricata IDS Users mailing list: oisf-users@openinfosecfoundation.org
Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
OISF: http://www.openinfosecfoundation.org/


[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic