Shorewall users - Jul 2005 - Cable Modem and Brigding

Hello, I am curious if the below setup makes any sense...

If I have two public IP addresses served off of a cable modem, can I
send one to a shorewall box in bridge mode, then have the other serve my
network?

Physically, I would like to run it:
Cable Modem -> Shorewall Box -> Router -> Network

Possible? I would like to do this using FC 4.

thanks

> If I have two public IP addresses served off of a cable modem, can I
> send one to a shorewall box in bridge mode, then have the other serve my
> network?
Why in bridge mode ? anything specific in your net work against routing ?

Niko

On Fri, 2005-07-01 at 09:43 +0200, Nicolas Helleringer
wrote:
> > If I have two public IP addresses served off of a cable modem, can I
> > send one to a shorewall box in bridge mode, then have the other serve
my
> > network?
> Why in bridge mode ? anything specific in your net work against routing ?
> 
> Niko
> _______________________________________________
> Shorewall-users mailing list
> Post: Shorewall-users@lists.shorewall.net
> Subscribe/Unsubscribe:
https://lists.shorewall.net/mailman/listinfo/shorewall-users
> Support: http://www.shorewall.net/support.htm
> FAQ: http://www.shorewall.net/FAQ.htm
> 
Well, at my 9-5, I just got in some Colubris Access Points. Very cool
devices. They have 4 interfaces: LAN, WAN, radio 1 (802.11a or b/g) and
radio 2 (802.11a or b/g).

They bridge by default the LAN, and both radio interfaces. So in place
of a router, two access points and a switch, I know have one unit.

I''d like to learn more about how bridging works, and since Colubris
obviously based these units off of Linux (the syslog constantly has
linux kernel messages, etc), this seemed like a good place to start.

thanks

On Friday 01 July 2005 02:10 am, Ryan wrote:
> On Fri, 2005-07-01 at 09:43 +0200, Nicolas Helleringer wrote:
> > > If I have two public IP addresses served off of a cable modem,
can I
> > > send one to a shorewall box in bridge mode, then have the other
serve
> > > my network?
> >
> > Why in bridge mode ? anything specific in your net work against
routing
> > ?
> >
>
> Well, at my 9-5, I just got in some Colubris Access Points. Very cool
> devices. They have 4 interfaces: LAN, WAN, radio 1 (802.11a or b/g) and
> radio 2 (802.11a or b/g).
>
> They bridge by default the LAN, and both radio interfaces. So in place
> of a router, two access points and a switch, I know have one unit.
>
> I''d like to learn more about how bridging works, and since
Colubris
> obviously based these units off of Linux (the syslog constantly has
> linux kernel messages, etc), this seemed like a good place to start.
Is the  Colubris Access Point a Router or simply an AP?

Unless the Colubris also bridges WAN, (seems unlikely if it is a router), I 
don''t see anything to gain by bridging your shorewall, because your
network
hung off of LAN, Radio1, and Radio2 will still be a separate network - 
Unless you can force the Colubris Access Point to bridge WAN with the other 
three. 

If the Colubris is a router, why add shorewall at all? Simply hang your linux 
box off of LAN on on the Colubris, and simplify your setup. Or, if you want
another layer of protection, Go ahead and put the Colubris behind your
Linux box, (on a second nic) but just use Dnat, and not Bridging.  

The Faq does address bridging, but nothing you have described seems
to require it, and little benefit comes to mind.  Perhaps you could explain
what you hope to gain by bridging public IPs into your private network?


OTOH...
If on the otherhand the Colubris is _SIMPLY_ an AP, - Those typically do 
bridge ALL interfaces, and you end up with the same subnet on both sides.
If you hang it behind your Linux box (on your Linux box''s LAN nic), and
you
bridge shorewall, you essentially would have public IPs on all your network
boxes, which may or may not be what you are really after.


-- 
John Andersen - NORCOM
http://www.norcomsoftware.com/