Must trust bridges (br0) in Fedora 9 firewall?

moose · Post by **moose** » 16. Sep 2008, 05:27

I installed VirtualBox 2.0.2 on a Fedora 9 (x86) host. I configured vbox0 per the instructions in the manual. When I set up a guest (Centos 5.2 or Fedora 9) I found that it could not acquire a dhcp address. After hours of experiment and Google research, I finally determined that I had to make br0 a trusted interface in the firewall. Once I did this, the guest(s) could acquire dhcp addresses from my network. I would like to know what the consequences of making br0 trusted are? If this leaves the host and all the guests wide open, then I don't want to do this. Is this setting safe? If not, is there some setting to permit access to the bridge without removing firewall protection?

Post by **sej7278** » 16. Sep 2008, 09:34

i don't know what "trusting" the interface really does - i guess you're using the system-config-firewall gui and not the iptables commandline?

anyway, all i had to do was to accept forwarding on br0 to use hif bridging.

moose · Post by **moose** » 16. Sep 2008, 21:08

What did you do to enable forwarding for br0?

Post by **sej7278** » 16. Sep 2008, 23:02

iptables -A FORWARD -i br0 -j ACCEPT

echo 1 > /proc/sys/net/ipv4/ip_forward

these are only temporary and need to go in /etc/sysconfig/iptables and /etc/sysctl.conf eventually