Shorewall users - Dec 2004 - [Fwd: router and transparent bridge in same box attempth 2 :)]

-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key

On Tue, 2004-12-07 at 07:22 -0800, Tom Eastep wrote:
> Email message/mailbox attachment, "Forwarded message - router and
> transparent bridge in same box attempth 2 :)"
> On Tue, 2004-12-07 at 07:22 -0800, Tom Eastep wrote:
> > I am very sorry about this direct email, but leaf-user mailinglist
returns my email and claims ''suspicious headers''
> > and i have tried sending it in a few different ways to no use. 
> > 
> > 
> > 
> > hello.
> > 
> > i am trying to set up a router and a transparent tunnel point in the
> > same box, on the same local network. the box is a bering 1.2 with
> > shorewall and vtund 
> > 
> > the box has these interfaes
> > zone  if    comment
> > net   eth0 connected to the internet with real ip
> > loc   eth1 connected to local net with ip (gw for the net)
> > bru   eth2 connected to local net without ip, but bridged to tap0
What I would do is:

a) Upgrade to current software -- you are running Shorewall 1.4.2 which
has no bridge support. It appears that your kernel has no
bridge/netfilter support either.

b) Get rid of one of the NICs connected to the local network -- just
assign an IP address to the bridge (as you are doing) and make that
address the default gateway for hosts on both segments.

c) Ports on the bridge (devices with no IP address that are part of a
bridge) cannot be defined in /etc/shorewall/interfaces -- see the
Shorewall Bridge documentation.

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key

> > > 
> > > hello.
> > > 
> > > i am trying to set up a router and a transparent tunnel point in
the
> > > same box, on the same local network. the box is a bering 1.2 with
> > > shorewall and vtund 
> > > 
> > > the box has these interfaes
> > > zone  if    comment
> > > net   eth0 connected to the internet with real ip
> > > loc   eth1 connected to local net with ip (gw for the net)
> > > bru   eth2 connected to local net without ip, but bridged to tap0
[snip]
> What I would do is:
> 
> a) Upgrade to current software -- you are running Shorewall 1.4.2 which
> has no bridge support. It appears that your kernel has no
> bridge/netfilter support either.
> 
> b) Get rid of one of the NICs connected to the local network -- just
> assign an IP address to the bridge (as you are doing) and make that
> address the default gateway for hosts on both segments.
> 
> c) Ports on the bridge (devices with no IP address that are part of a
> bridge) cannot be defined in /etc/shorewall/interfaces -- see the
> Shorewall Bridge documentation.
thank you for this great advice.
i upgraded to 2.0.11.lrp and removed a nic, and it works perfectly now. 


-- 
Ronny Aasen <list@datapart-as.no>