search for: brouter

Hi All, I am trying to create the following configuration: dom0 |---eth2 Masquerading interface to OUTSIDE | |---eth0 LAN:10.0.1.1/24 | |---eth1 WLAN:10.0.2.1/24 | |---xenbr0 DMZ:10.0.3.1/24 | |-- vifX.0 -- eth0 domU:10.0.3.2 I would like to do it this way because I will not be using xen all the time on this machine. I created a network-virtual script which

I have used shorewall in the past and loved it. However, at the time it did not support brouting and because of that I had to remove it for a faster solution. Now that faster solution is failing and I want to go back to what I liked. I have never set up a brouter but I have been doing a lot of reading on it, both on your site and many others. I all cases what I see is a brouter/firewall connected to a router. The router being the ISP''s router and the brouter/firewall being the Linux box. The problem I have with this is that the ISP''s ro...

> From: "Roy" <roy@xxx.lt> > > I want to set interface to promisc mode and do all routing with iptables. > Is it somehow possible? as I see now kernel do not pass everything to > ipables. > > Basicaly I want to ignore ethernet addess and use only ip for routing. > > I suppose this may require writting special kernel driver or it > is possible > in

Hi, I tried sending this earlier, but it didn't come through. Apologies if this appers twice on the list. I'm running bridging using the brouter setup described on this page: http://ebtables.sourceforge.net/examples.html "Making a brouter". The setup described there is like this: ifconfig br0 0.0.0.0 ifconfig eth0 172.16.1.1 netmask 255.255.255.0 ifconfig eth1 172.16.2.1 netmask 255.255.255.0 ebtables -t broute -A BROUTING -p i...

Hello, i need to write a little personal patch in the bridge code. For this patch, i need to know the original src and dst mac addresses of the packet incoming to the bridge. As i work on a brouter (some packets are bridged, some are routed based on ebtable rules), packets that are routed have their mac addresses modified by the IP stack). I put a software probe in br_input.c::br_handle_frame( ), but there, the dst mac address is already replaced by the bridge local mac address. My question...

Hi wondering if anyone can help. I have two NICs on a debian sarge based system and current running as a bridge (br0) which consists of eth0 and eth1. Is it possible to add a virtual interface to the eth1 so I can also do NAT on the box as well? I have tried many times and keep coming up with errors. Kind Regards William Bohannan

...he following sequence of commands: brctl addbr br0 brctl addif br0 eth0 brctl addif br0 eth1 ifconfig eth0 up ifconfig eth1 up ifconfig eth0 down ifconfig eth1 down brctl delif eth0 brctl delif eth1 brctl delbr br0 <------ This is where the problem occurs The machine running the kernel is a brouter with 4 NICs all running under the 8139too driver - eth0 and eth1 form a bridge while eth2 and eth3 are connected to different internal networks. I'm guessing that this is either a problem with the bridge or 8139too modules, and so any advice would be gratefully received :) Many thanks, Mark....

Hi, I had successfully setup my bridge (br0) but after few minutes the br0 interface seems not working. ifconfig eth0 0.0.0.0 ifconfig eth5 0.0.0.0 brctl addbr br0 brctl addif br0 eth0 brctl addif br0 eth5 brctl stp br0 on I check on my system's /var/log/syslog file. It shows something strange messages as below: - Jan 2 10:44:22 fw01 kernel: ipt_tcpmss_target: bad length (64 bytes)

Hi, I believe ndas devices (http://www.ximeta.com/web/technology/) use raw Ethernet frames, as they require no tcp/ip configuration, the client finds and authenticates with a code that is different for each device sold, like a network mac address. My pc is on a different segment to the ndas devices that we have, the two segments are linked by a linux box that is doing routing and proxy arp, can

I'm a problem with bridge please help me My configuration: eth0,eth1,wlan0 bridge is br0 on devices eth0 and wlan0. Device eth1 is not in bridge. br0 ip is 192.168.1.1 eth1 ip is 192.168.2.1 ethernet (eth0,eth1) is in one switch. all is ok if eth1 not in system, if eth1 plugged into system and up interfa= ce eth1 network crash :( thanx. -------------- next part -------------- An HTML

Not normally a question for this group, but you guys are very bridge/router/firewall savvy, so I thought I''d toss it here. I have a bridge. On one side of the bridge is that fancy thing called the Internet. On the other side is my LAN. The bridge is the obvious demarcation line and a good place to put a firewall. Now, I have all my iptables stuff planned out, EXCEPT for nat. The

Currently my ethernet bridge has 2 intel 100mps NIC's that are both part of a bridge. ( I followed the sample setup on the bridge.sf.net page.) In addition to this I would like to access the internet from within the ethernet bridge and when using the sample instructions I have no gateway setup and no default route (0.0.0.0). I know this data has to be attached to the bridge device and not to

Hello! I have the following setup: 1) a connection to my ISP with a public IP (1.2.3.4) with the gateway 1.2.3.1 2) an allocated IP class with 64 addresses (5.6.7.192/26) 3) two LANs connected through two NICs: a) 192.168.0.0/24 on eth1 (192.168.0.1) b) 10.0.0.0/24 on eth2 (10.0.0.1) The IPs from the allocated class are all assigned to eth0. The networks are SNATed to the external IP and

...traffic in a Xen DomU, it may or may not be because of the condition flagged by the warning. The changes made to the kernel in 2.6.20 are not a "bug", but they may require that you re-think how you process traffic on a host that functions as both a bridge and a router (or as a combination brouter). It should still be possible for you to achieve whatever it is you're trying to do with the post-2.6.20 kernel, but you may need to get a bit more sophisticated. All I recommend is to check out the ebtables package. Ebtables is to the bridging/link-layer process what iptables is to the routing...

Hi, I''m currently switching from toolstacks from xm to xl. Because I have a rather complex network setup with my domUs, I use xen''s nat capabilities. But what works fine with xm behaves slightly strange in xl: I use something like the following to establish a domU interface within my vif part: ''type=vif, mac=00:16:3E:06:DA:B2, ip=192.168.2.1, vifname=fw11,

Hi! >Message: 5 >Date: Thu, 08 Jul 2004 17:00:21 +0530 >From: Sudheer Divakaran <sudheer@svw.com> >To: lartc@mailman.ds9a.nl >Subject: [LARTC] Is Linux based Router feasible > >Hi, > >I''ve a local LAN consisting of about 150 machines. I''m using a Linux >machine as the gateway machine which inturn connects to two different >ISPs. My

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Is there a way to prevent hwaddr/mac address spoofing between DomU''s? So in a way ''binding'' a mac-address on boot time with a virtual interface? (with something like ebtables/arptables/etc?) Stefan -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.7 (GNU/Linux) Comment: Using GnuPG with Mozilla -

...ked on the Shorewall-KVM documentation page. But I don''t quite understand how to set up such a script for proper startup execution; place the reference in the appropriate /etc/rc<n>.d runlevel folders? Q2: Such an explict bridge might be on the existing private subnet but, as in the brouter setup in the Shorewall 4.4 documentation pages, using a explicitly declared bridge in a ''pubic'' zone along with public addresses for the servers on each bridge port in the dmz zone and a bridge port tied to the physical eth0 external public interface might be faster or better. I...

Changes since v9: * series re-ordering so make functionality more distinct. Basic vlan filtering is patches 1-4. Support for PVID/untagged vlans is patches 5 and 6. VLAN support for FDB/MDB is patches 7-11. Patch 12 is still additional egress policy. * Slight simplification to code that extracts the VID from skb. Since we now depend on the vlan module, at the time of input skb_tci is

This series of patches provides an ability to add VLANs to the bridge ports. This is similar to what can be found in most switches. The bridge port may have any number of VLANs added to it including vlan 0 priority tagged traffic. When vlans are added to the port, only traffic tagged with particular vlan will forwarded over this port. Additionally, vlan ids are added to FDB entries and become