OepnVPN, dd-wrt 2.6 kernel, and ebtables

Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking
View previous topic :: View next topic  
Author Message
CW
DD-WRT Novice


Joined: 20 May 2009
Posts: 22
PostPosted: Tue Apr 05, 2011 13:29    Post subject: OepnVPN, dd-wrt 2.6 kernel, and ebtables Reply with quote
I've a WNDR3700 running this version:

Code:
DD-WRT v24-sp2 (02/17/11) std - build 16214


I was intending to build an OpenVPN bridge to a site at another city and a laptop that moves around.

I was trying to implement the following DHCP block when I ran into issues with ebtables:

http://www.dd-wrt.com/phpBB2/viewtopic.php?p=477032

My syndrome looks very similar to the following:

https://dev.openwrt.org/ticket/5001

Basically ebtable is not loaded at startup and I could load all the modules manually with insmod. lsmod then gives the following:

Code:
Module                  Size  Used by
ebt_vlan                1600  0
ebt_mark_m               672  0
ebt_mark                 784  0
ebt_limit               1040  0
ebt_arp                 1584  0
ebt_802_3                736  0
ebt_among               2240  0
ebt_pkttype              576  0
ebtable_nat              944  0
ebt_dnat                 848  0
ebtable_broute           784  0
ebt_redirect             960  0
ebtable_filter           944  0
ebt_ip                  1296  0
ebtables               22551  3 ebtable_nat,ebtable_broute,ebtable_filter
nf_nat_pptp             1376  0
nf_conntrack_pptp       3392  1 nf_nat_pptp
nf_nat_proto_gre         944  1 nf_nat_pptp
nf_conntrack_proto_gre     2485  1 nf_conntrack_pptp
etherip                 4304  0
bonding                75824  0
usblp                   8816  0
usb_storage            34344  0
sd_mod                 22540  0
scsi_wait_scan           448  0
scsi_mod               75652  2 usb_storage,sd_mod
ath_mimo_pci          430671  0
ath_mimo_hal          219258  3 ath_mimo_pci
ag7100_mod             84684  0


After loading those modules I ran the following command:

Code:
ebtables -I FORWARD -i tap0 -p IPv4 --ip-protocol udp --ip-destination-port 67:68 -j DROP


...and got the following:

Code:
The kernel doesn't support a certain ebtables extension, consider recompiling your kernel or insmod the extension.


/tmp/var/log/messages says this:

Code:
Apr  5 22:37:17 wfwrt01 user.err kernel: [  756.810000] eb_tables: ip.0 match: invalid size 32 (kernel) != (user) 28


Is there a known solution / workaround?
Back to top View user's profile Send private message
Sponsor
phuzi0n
DD-WRT Guru


Joined: 10 Oct 2006
Posts: 10141
PostPosted: Tue Apr 05, 2011 17:28    Post subject: Reply with quote
If you just load ebtables (no other modules required) then it should allow iptables to see bridged traffic too. You can then use an iptables rule to drop DHCP over the bridge. There's many threads about it if you search.
_________________
Read the forum announcements thoroughly! Be cautious if you're inexperienced.
Available for paid consulting. (Don't PM about complicated setups otherwise)
Looking for bricks and spare routers to expand my collection. (not interested in G spec models)
Back to top View user's profile Send private message
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum