<br><br><div class="gmail_quote">On Sat, Jun 28, 2008 at 2:50 PM, Fulvio Ricciardi <<a href="mailto:fulvio.ricciardi@zeroshell.net">fulvio.ricciardi@zeroshell.net</a>> wrote:<br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<div class="Ih2E3d"><br>
> > > Hi,<br>
> > ><br>
> > > I notice that with the Kernel <a href="http://2.6.25.9" target="_blank">2.6.25.9</a> the 802.1q VLAN<br>
> > > tagged packets larger than 1470 bytes are not<br>
> > > forwarded at all by a bridge.<br>
> > > I think there is a bad interaction between bridge and<br>
> > > netfilter codes. Any chance to a have a patch to solve<br>
> > > this problem that limit the possibility to use the<br>
> > > Linux bridges in a environment with VLANs?<br>
> ><br>
> > With the following command it works:<br>
> ><br>
> > echo 0 > /proc/sys/net/bridge/bridge-nf-call-iptables<br>
> ><br>
> > but this disable the iptables support that it's<br>
> > important for obtaining complex bridge-firewall<br>
> > scenarios.<br>
> > Regards<br>
> > Fulvio Ricciardi<br>
><br>
> Your iptables need to know about VLAN's as well.<br>
> I bet your default action is to DROP.<br>
><br>
</div>No, the default policy is ACCEPT for the FORWARD chain. In<br>
any case the problem takes place only with large packets.<br>
For example if I try<br>
<br>
ping -s 1472 <a href="http://192.168.99.74" target="_blank">192.168.99.74</a><br>
<br>
it works, but<br>
<br>
ping -s 1473 <a href="http://192.168.99.74" target="_blank">192.168.99.74</a><br>
<br>
it does not.<br>
I am sure that the network cards are VLAN 802.1q aware<br>
because only the forwarding process is broken. If instead I<br>
just ping the IP of the bridge interface it works fine.</blockquote><div><br>Are the other nodes directly connected to the netfilter bridge, or are there ethernet switches involved? Are these switches managed, smart, or dumb? Are jumbo frames enabled on all devices in the path?<br>
</div><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;"><br>
<br>
Regards<br>
<font color="#888888">Fulvio<br>
</font><div class="Ih2E3d"><br>
--------------------------------------------------------------------<br>
Fulvio Ricciardi<br>
web: <a href="http://www.zeroshell.net/eng/" target="_blank">http://www.zeroshell.net/eng/</a><br>
skype: zeroshellnet<br>
Phone: +3908321835630<br>
_______________________________________________<br>
</div><div><div></div><div class="Wj3C7c">Bridge mailing list<br>
<a href="mailto:Bridge@lists.linux-foundation.org">Bridge@lists.linux-foundation.org</a><br>
<a href="https://lists.linux-foundation.org/mailman/listinfo/bridge" target="_blank">https://lists.linux-foundation.org/mailman/listinfo/bridge</a><br>
</div></div></blockquote></div><br>