Linux Ethernet Bridging - Apr 2007 - [Bridge] Bridge firewall

Hi,

I'm relatively new to linux world.I'm just trying to setup a bridge
firewall
between a router and LAN.

I've installed Red Hat Linux 9.0 - 2.4.20-8 from installation CDs and
upgraded to 2.4.25 successfully.

I've patched my kernel to support bridge firewall also loaded ebtables
module,so far so good.Now I tried to create a bridge using the code given in
the following link
http://www.sjdjweis.com/linux/bridging/bridge

I ran the script,and then i typed 'brctl show' to check whether the
bridge
is up.It showed the created bridge but in the next few seconds machine froze
completely.I had to restart the machine.I've tried doing the same thing four
to five times but each time it froze after i created the bridge.What's
happening???

Do I need to upgrade the kernel with any other patch or am I missing
something very obvious.

Expecting your reply.

Thanks & Regards,
S.Rajaraman
iDeaLab India Pvt Ltd

I am in the process of building a bridge firewall to place as the gateway to my
network. I have a couple
questions that I can't seem to find clear answers to. Can snort sniff on a
bridged interface? Second, can
ebtables block by IP? I know IP is layer 3 and a Bridge is Layer 2 but some of
the recipes I have seen for
ebtables have ips in them.

In general I would like to be able to snort all incoming traffic on the bridge
and filter out any traffic from
attackers who appear to be reoccurring offenders.

Thanks,

Hugh Crissman

Thanks Ryan,

That answers one of my major questions. I was not sure if I should have snort
sniff on /dev/eth1 (a nic that is part of my bridge) or /dev/br0
(the bridge interface I created). I would assume that snort capture is very
similar to tcpdump and sniffing on /dev/br0 would work fine. I will
give that a shot. Now I wonder if iptables can block traffic on the bridge? If
so, would the recipes call the bridge interface or one of the
specific interfaces that are active in the bridge ie. /dev/br0 or /dev/eth1?

Thanks,

Hugh

* Ryan McConigley <ryan@csse.uwa.edu.au> [2005-07-01 08:35:21]:
> At 08:15 AM 30/06/2005 -0400, you wrote:
> >I am in the process of building a bridge firewall to place as the
gateway
> >to my network. I have a couple
> >questions that I can't seem to find clear answers to. Can snort
sniff on a
> >bridged interface? Second, can
> >ebtables block by IP? I know IP is layer 3 and a Bridge is Layer 2 but 
> >some of the recipes I have seen for
> >ebtables have ips in them.
> 
>         I assume it can.  Just tell snort to use the bridge interface as 
> opposed to the actually enternet cards.  Thats how I do packet capture on 
> our bridge using tcpdump.  You'll probably get a better answer from the
> list though.
> 
>         And I thought that ebtables was only layer2, but I know with 
> iptables you can specify mac addresses, so I wouldn't be surprised if 
> ebtables has the same style of functionality or plugins.
> 
>         Just my $0.02 worth.
> 
>         Cheers,
>                 Ryan.
> 
> --
>           Ryan McConigley - Systems Administrator                  _.-,
>      Computer Science   University of Western Australia        .--' 
'-._
>        Tel: (+61 8) 6488 7082 - Fax: (+61 8) 6488 1089       _/`-  _     
'.
> Ryan[@]csse.uwa.edu.au - http://www.csse.uwa.edu.au/~ryan 
'----'._`.----. \
>                                                                      `     
>                                                                      \;
>  "You're just jealous because the voices are talking to me"
>  ;_\
> 
> 
>