Tom,
Forgive me if I misunderstood, after spending some time reading.
It appears that you need someone already running all the stuff for bridging.
I would be happy to help still if needed. In fact read my last post with
the club.
At a quick glace I noticed bridging uses mac address or connects networks as
if they where on the
same switch?? I am building two shorewall boxes for this club to connect
them with open VPN.
And I noticed Open vpn supports bridging. What I am not clear about is the
advantages
of bridging is it security or what? I noticed that it put intefaces in
promiscuous mode.
Anyway while I am building the shorewall boxes (for boys and girls club)
would it help you to test them in
my network before intstalling.
Mike
On Sunday 29 February 2004 11:08 am, Mike Lander wrote:> Tom, > Forgive me if I misunderstood, after spending some time reading. > It appears that you need someone already running all the stuff for > bridging. I would be happy to help still if needed. In fact read my last > post with the club. > At a quick glace I noticed bridging uses mac address or connects networks > as if they where on the > same switch??Effectively, the linux box acts as a switch.> I am building two shorewall boxes for this club to connect > them with open VPN. > And I noticed Open vpn supports bridging. What I am not clear about is the > advantages > of bridging is it security or what? I noticed that it put intefaces in > promiscuous mode.It gives you the ability to have a firewall inside of a switch. The bridge/firewall can be used to partition an existing network without having to subnet. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net
On Monday 01 March 2004 07:22 am, Tom Eastep wrote:> On Sunday 29 February 2004 11:08 am, Mike Lander wrote: > > Tom, > > Forgive me if I misunderstood, after spending some time reading. > > It appears that you need someone already running all the stuff for > > bridging. I would be happy to help still if needed. In fact read my last > > post with the club. > > At a quick glace I noticed bridging uses mac address or connects networks > > as if they where on the > > same switch?? > > Effectively, the linux box acts as a switch. > > > I am building two shorewall boxes for this club to connect > > them with open VPN. > > And I noticed Open vpn supports bridging. What I am not clear about is > > the advantages > > of bridging is it security or what? I noticed that it put intefaces in > > promiscuous mode. > > It gives you the ability to have a firewall inside of a switch. The > bridge/firewall can be used to partition an existing network without having > to subnet.Let''s say you have a bridge with two ethernet interfaces and you create the bridge ''br0'' to bridge the two. In Shorewall, you can then do the following: /etc/shorewall/zones z1 Zone1 z2 Zone2 /etc/shorewall/interfaces - br0 detect /etc/shorewall/hosts z1 br0:eth0 z2 br0:eth1 Note that the ethernet interfaces (eth0 and eth1) are not defined in the interfaces file! The bridge itself can be configured with an IP address so that the bridge may communicate with other hosts. With the above setup, you can now use normal Shorewall policies and rules to control traffic through the bridge and between the two zones and the firewall itself. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net