I want to configure a device with three network interfaces where two of them
would bridge two segments of the LAN subnet and the third one would be
connected to the WAN link.
eth0 - 10.10.10.2/24 to be connected to the internet gateway having IP
10.10.10.1/24 (also the default gateway for the device)
eth1 and eth2 bridged as br0 with IP address 172.16.100.1 connected to
different segments of the subnet 172.16.100.0/24.
WAN (10.10.10.1)
|
|
eth0 (10.10.10.2)
-----eth1 eth2------
LAN (172.16.100.0/24) LAN (172.16.100.0/24)
I plan to configure the Bridge IP (172.16.100.1) as the default gateway for
the LAN and also regulate the traffic between the two bridged interfaces
(eth1 and eth2) using a user space tool. Further since the traffic meant for
internet would pass through eth0, there would be a need to regulate the
traffic between eth1 and eth0 and also eth2 and eth0.
Is the above arrangement feasible ? Would it be possible to define static
routes on this device itself involving hosts reachable through either of the
interfaces.
Thank you in advance.
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
On 11/13/06, Net Cerebrum <netcerebrum@gmail.com> wrote:> I want to configure a device with three network interfaces where two of them > would bridge two segments of the LAN subnet and the third one would be > connected to the WAN link. > > eth0 - 10.10.10.2/24 to be connected to the internet gateway having IP > 10.10.10.1/24 (also the default gateway for the device) > eth1 and eth2 bridged as br0 with IP address 172.16.100.1 connected to > different segments of the subnet 172.16.100.0/24. > > > WAN (10.10.10.1) > | > | > eth0 (10.10.10.2) > > > > -----eth1 > eth2------ > LAN (172.16.100.0/24) LAN > (172.16.100.0/24) > > > I plan to configure the Bridge IP ( 172.16.100.1) as the default gateway for > the LAN and also regulate the traffic between the two bridged interfaces > (eth1 and eth2) using a user space tool. Further since the traffic meant for > internet would pass through eth0, there would be a need to regulate the > traffic between eth1 and eth0 and also eth2 and eth0. > > Is the above arrangement feasible ? Would it be possible to define static > routes on this device itself involving hosts reachable through either of the > interfaces. > > Thank you in advance. >I think it''s possible, but, what does "regulating traffic between the two bridged interfaces"? Remember that a bridge works at the data link layer, so I think it won''t be possible filter bridged traffic at higher layers (TCP/IP) on the bridge device. Maybe you can filter at network and transport layers on the physical interfaces which are attached to the bridge (eth1, eth2) with iptables if you really need it. Don''t know if you mean filtering by saying "regulating". Routing and bridging is possible. The default gateway for the hosts in 172.16.100.0/24 should be 172.16.100.1, and there''s nothing wrong with using a IP which is bonded to a bridge interface. For traffic that needs to be routed from the 172.16.100.0/24 network through the WAN interface you can treat the bridge as a physical interface. 10.10.10.1 should be the default gateway for this machine. Regards.
On 11/16/06, Abel Martín <abel.martin.ruiz@gmail.com> wrote:> On 11/13/06, Net Cerebrum <netcerebrum@gmail.com> wrote: > > > > > I plan to configure the Bridge IP ( 172.16.100.1) as the default gateway for > > the LAN and also regulate the traffic between the two bridged interfaces > > (eth1 and eth2) using a user space tool. Further since the traffic meant for > > internet would pass through eth0, there would be a need to regulate the > > traffic between eth1 and eth0 and also eth2 and eth0. > > > > Is the above arrangement feasible ? Would it be possible to define static > > routes on this device itself involving hosts reachable through either of the > > interfaces. > > > > Thank you in advance. > > > > I think it''s possible, but, what does "regulating traffic between the > two bridged interfaces"? Remember that a bridge works at the data link > layer, so I think it won''t be possible filter bridged traffic at > higher layers (TCP/IP) on the bridge device. Maybe you can filter at > network and transport layers on the physical interfaces which are > attached to the bridge (eth1, eth2) with iptables if you really need > it. Don''t know if you mean filtering by saying "regulating".> > Regards. >You can also check out ebtables and use them for filtering. http://ebtables.sourceforge.net/ -- Manish Kathuria Tux Technologies http://www.tuxtechnologies.co.in/