43
edits
Changes
m
→Another Problem Case
Sometimes a bridge can mysteriously drop the packets and not forward them.
e.g. eyck user experienced a problem when some of the broadcasts were not
delivered to container via the bridge.
BOOTP/DHCP, Reply, length 300
However, eth0 inside the container receives received only 2nd packet with a BOOTP/DHCP reply and doesn't see the 1st one with the request itself:
15:21:52.291145 00:08:02:ac:36:20 > ff:ff:ff:ff:ff:ff, ethertype IPv4 (0x0800), length 342: 172.17.8.254.67 > 255.255.255.255.68:
BOOTP/DHCP, Reply, length 300
== Resolution ==
It is not obvious at all, but bridges (though they have their own ebtables filters) do also call iptables FORWARD chain when forwarding packets between interfaces.
Thus your FORWARD iptables rules should allow all the packets which are supposed to go through.
iptables -A FORWARD -d 255.255.255.255 -j ACCEPT
to fix the issue.
== Another Problem Case ==
I had setup a bridge and got the same problem, but iptables was setup well. In my case the problem was lying in /proc/sys/net/bridge/.
Everything inside had value "1". Changing them to "0" solved the problem. This stopped ARP and bridge packets from being
passed through the FORWARD chain. These settings can be placed inside /etc/sysctl.conf (Debian) so that they are persistent.
== Credits ==