similar to: What I learned about Linux bridging

Not normally a question for this group, but you guys are very bridge/router/firewall savvy, so I thought I''d toss it here. I have a bridge. On one side of the bridge is that fancy thing called the Internet. On the other side is my LAN. The bridge is the obvious demarcation line and a good place to put a firewall. Now, I have all my iptables stuff planned out, EXCEPT for nat. The

Hi I have been using Shorewall for a while now and find it very useful and easy to configure, I am learning iptables and having trouble getting the bridge to successfully work with squid, although I get it working with Shorewall straight away? Does anyone know the rules to successfully use squid with a transparent bridge? Internet – router - (bridge eth0 – eth1) – local lan auto lo iface lo

I know this is not a normal request, but I would like to connect two vlans into the same box that have the same subnet on them, and then NAT them out to the Internet. We don''t need to make any connections inbound to them, but only provide outbound access. Any suggestions on how to do this? If I can''t do it with routing then I could use something like user-mode Linux, or other

Here is a puzzle. I have a network with several servers. It''s a mess. It''s a /24 and pieces and servers are all over the place inside this /24 block, on both sides of the firewall. For example, the router at 1.2.3.1 is outside the firewall and many of the servers at 1.2.3.nnn/24 are behind the firewall. (Obviously, 1.2.3.nnn is a fudged network.) eth0 points outward to

Hello! I have the following setup: 1) a connection to my ISP with a public IP (1.2.3.4) with the gateway 1.2.3.1 2) an allocated IP class with 64 addresses (5.6.7.192/26) 3) two LANs connected through two NICs: a) 192.168.0.0/24 on eth1 (192.168.0.1) b) 10.0.0.0/24 on eth2 (10.0.0.1) The IPs from the allocated class are all assigned to eth0. The networks are SNATed to the external IP and

Hi All! I need to deploy a bridge firewall using linux kernel 2.6. I had success using kernel 2.4 plus br-nf patch. But the configuration does not work with kernel 2.6. If the default policy for the iptables FORWARD chain is ACCEPT I have a bridge. If iptables FORWARD chain is DROP I have an insulator (no packet flows). Any hint? I did some google search and in many places they say "kernel

<I apologize if this arrives twice... I sent it first from an non-subscribed address, don't know if that'll get to the list or not --JJ> Hi folks, I have an implementation question regarding bridging on a linux box between a catalyst trunk port and a cisco 26something w/802.1q subinterfaces. So right now, there's no vlan trunking going on on the link my bridging firewall sits

Hi all, I''m having a hell of a time getting my IFB to work. I know I''ve done this before, so I''m missing something stupid. Can anybody tell me what it might be? Configs as follows: -------- #!/bin/sh modprobe ifb numifbs=1000 modprobe act_mirred modprobe 8021q brctl addbr br0 brctl setfd br0 0 brctl stp br0 off brctl addif br0 eth1 brctl addif br0 eth2 ifconfig eth1

Trying to use the policy drop rule with the bridged firewall, when I removed the first line the transparent proxy works great? It seems a bit strange as from reading several articles on it I thought the following occurs. 1st line - if it doest match it gets dropped on the local filter input. 2nd line - redirects the traffic off the link layer into the network layer ready for line 3. 3rd line -

While using the linux bridge module in 2.6.10, the kernel seems to munge the source IP address of broadcast UDP packets if they come from "0.0.0.1", and sticks on an address of the linux host. I humbly submit that re-writing the source address of packets is not proper behavior for a bridge, even if those source addresses are not traditionally valid. Sure, 0.0.0.1 isn't a valid

Hi, I'm using Vlans in my network as a way of preventing pier to pier communication - I only want nodes in the network to talk to the gateway (a linux box). I have successfully set up lots of sub interfaces using the vconfig too, one for each vlan. What I would like to be able to do is remove the ip address from each of these subinterfaces eth0.x and bridge them to eth0. I have successfully

Woops - my fat fingers hit the send key before I could put in a subject a minute ago. Hello - I am using kernel 2.4.27 and running into behavior I don''t know how to explain. I have 2 relevant interfaces. eth0 is external, eth1 is internal. My internal LAN is 10.10.10.0/24. My External range is 1.2.3.0/27 (dummied up). I have an H.323 videoconference device inside my internal

Hi all, Having a 4 NIC server, I want to bridge eth2 and eth3, with a bridge named br0. Searching the web I only found about creating a file /etc/sysconfig/network-scripts/ifcfg-br0, but did not find where to explicitely list what ports will be bridged. Where is it configured? Thank you. -- RMA.

Good morning, I''m writing to ask for collaboration in finding an improvement to a particular process. Today: To get traffic for our IDS sensors and a billing system, we collect everything at our core switches (2) by connecting a SPAN port from each switch to a server (so, 2 interfaces collecting traffic). That server changes the destination MAC address on all traffic to that of

Hi all, This is my first post to this list. I hope someone can help me, I have been getting grey hairs trying to make this work! I have a bridge setup on a debian sarge box. The bridge is called br0 and sits between my cable modem and a non-name brand router/switch: [cable modem]----[eth1]---[br0]----[eth2]-----[no-name brand router] I have squid setup on the linux box and it works, I have

Hi, I''m running RH9 Linux and I''m having a slight problem with shorewall, i originally set it up as a two card configuration, but i have now bridged the connections in an attempt to get my WiFi network communicating with the wired network (eth0 and wlan0). I have followed the instructions for bridging from http://www.shorewall.net/bridge.html but when I activate shorewall i get

Hi I have Linux box (Debian) that acting as a bridge. Eth0 and Eth1 are bridged (br0). Br0 have public IP. Eth0 connects to the internet. Eth1 connect to servers in DMZ (with public IPs). Eth2 connects my Lan (192.168.1.0/24). My connections is 2Mbit/2Mbit. I''m doing SNAT for my Lan. QoS on eth0 works fine for DMZ, but is there a possibility to doing QoS on

I want to configure a device with three network interfaces where two of them would bridge two segments of the LAN subnet and the third one would be connected to the WAN link. eth0 - 10.10.10.2/24 to be connected to the internet gateway having IP 10.10.10.1/24 (also the default gateway for the device) eth1 and eth2 bridged as br0 with IP address 172.16.100.1 connected to different segments of the

Hello all, I am new to Linux Ethernet bridging. Let me first start with what I am trying to achieve. Well you see - I am attempting to have 2 main firewall running at the same time - one as a master and the other one as a slave. Yes, I would like to make use of Ethernet bridging in this scenario - as I understand it, all I need are two machines and STP enabled. I am running Debian

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Is there a way to prevent hwaddr/mac address spoofing between DomU''s? So in a way ''binding'' a mac-address on boot time with a virtual interface? (with something like ebtables/arptables/etc?) Stefan -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.7 (GNU/Linux) Comment: Using GnuPG with Mozilla -