iptables -L outputs:
[root@itsys ~]# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
DROP all -- anywhere anywhere state INVALID
ACCEPT udp -- anywhere anywhere udp spt:bootpc dpt:bootps
ACCEPT udp -- anywhere anywhere udp spt:bootps dpt:bootpc
ACCEPT tcp -- anywhere anywhere tcp dpt:http
ACCEPT tcp -- anywhere anywhere tcp dpt:https
ACCEPT icmp -- anywhere anywhere
ACCEPT all -- anywhere anywhere PHYSDEV match --physdev-in eth0
ACCEPT tcp -- 172.16.16.113 anywhere tcp dpt:http
ACCEPT tcp -- 172.16.16.113 anywhere tcp dpt:https
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
here is the Linux transparent bridge setting: eth0 connects to a switch and eth1 connects to a test machine(172.16.16.113). I can't access http web site by site on the test machine but can access the same site by ip address. the https site can't be accessed either
add dns forward then ok
iptables -A FORWARD -p tcp -s 172.16.16.0/24 --dport 53 -j ACCEPT