Etienne Pretorius
2007-Apr-18 17:22 UTC
[Bridge] Network seperation and ethernet bridge...
Hello all, I would like to know if it is possible to have 2 bridge instances running - one for the internal network and the other for the external network. What I need to explain is that I need the internal bridge to go though the Linux Kernel and pass its packets to the external network bridge. I am also hopeful that the internal network bridge will not need an IP address as I am hoping to allocate the internal network clients a gateway address beyond the external network bridge and so when I have 2 similar machines running with both internal and external network bridges that when one machine dies completely then the other will take over. Sooooo what I need to know is will I require proxy-arp and/or ip_forwarding? [internal NW] ---> [internal bridge port 1 of 2]----[external bridge port 4 of 4] --->[GW router]----> www.google.com I would like to make it so that no request can obviously enter the internal network via the external bridge without having been requested from the internal network --- something similar to tcp state marking but for all protocals and/or ether types. -- Kind Regards Etienne
Stephen Hemminger
2007-Apr-18 17:22 UTC
[Bridge] Network seperation and ethernet bridge...
On Thu, 22 Jun 2006 16:06:39 +0200 Etienne Pretorius <etiennep@kingsley.co.za> wrote:> Hello all, > > I would like to know if it is possible to have 2 bridge instances > running - one for the internal network and the other for the external > network.Yes, you can have two separate bridge instances in the system.> What I need to explain is that I need the internal bridge to go though > the Linux Kernel and pass its packets to the external network bridge. > I am also hopeful that the internal network bridge will not need an IP > address as I am hoping to allocate the internal network clients a gateway > address beyond the external network bridge and so when I have 2 similar > machines running with both internal and external network bridges > that when one machine dies completely then the other will take over. > Sooooo what I need to know is will I require proxy-arp and/or ip_forwarding? > > > [internal NW] ---> [internal bridge port 1 of 2]----[external bridge > port 4 of 4] --->[GW router]----> www.google.comNo, you can't bridge a bridge. This is done to prevent creating loops and causing deep stack nesting.> I would like to make it so that no request can obviously enter the > internal network via the external bridge without having been requested > from the > internal network --- something similar to tcp state marking but for all > protocals and/or ether types. >-- Stephen Hemminger <shemminger@osdl.org> Quis custodiet ipsos custodes?