The cards have to be up, I believe in promiscuous mode.

Check this
http://www.tldp.org/HOWTO/BRIDGE-STP-HOWTO/set-up-the-bridge.html#BASIC-
SETUP  out, it goes through the basic steps.


-----Original Message-----
From: tclug-list-admin at mn-linux.org
[mailto:tclug-list-admin at mn-linux.org] On Behalf Of Nathan Davis
Sent: Tuesday, July 16, 2002 4:24 PM
To: tclug-list at mn-linux.org
Subject: Re: [TCLUG] Firewall/Router Setup

Ok, I need a little help.  Banging my head against the wall isn't
getting the
job done anymore ;-)

1) I'm running Redhat 7.3 (kernel 2.4.18).  Do you know if this needs to
be
patched?

2) I downloaded the script from
http://www.sparkle-cc.co.uk/firewall/rc.firewall.sh.txt.  Ran it, didn't
work.
I tried to run just a simple bridge (no firewall) with
    # ifdown eth0
    # ifdown eth1
    # brctl addbr br0
    # brctl addif br0 eth1
    # brctl addif br0 eth0
This should be sufficient to test that the bridging part is working,
correct?
Under this configuration I can't ping the Cisco.  I have verified that
both
NICs work, and that the cabling between the NIC and the Cisco is
correct.

So anyway, I would appreciate any tips you could pass along.

Thanks for the great help,

--Nathan Davis

BN wrote:

> I have setup the transparent (bridging) firewalll in linux before.
> If you need help let me know I and I'll check my notes.
> The really cool thing is that you can also set up queueing and
bandwidth
> shaping transparantly.
> There is a patch the hooks IP Tables/route back into the bridging
code.
> So, if you don't want any one computer hogging bandwidth it might be
> worthwhile.
>
> Simeon Johnston wrote:
>
> > Nathan Davis wrote:
> >
> >> After thinking about this for awhile, I was wonding if I really
need to
> >> use two *real* ip addresses on the firewall machine.  Or even if
there's
> >> a way to set up a default route to an interface with no ip address
> >> assigned.  Another option might be to have the cisco (and possibly
the
> >> firewall too) obtain an ip address via dhcp (I don't know how the
other
> >> end might take this, though), or assign the interface connecting
the
> >> firewall to the Cisco a "fake" address.
> >>
> >
> > If you want an interface w/ no IP I'd suggest getting the Linux
> > bridging stuff.
> > The idea would be to have 3 NIC's actually.  One external (Router ->
> > FW NIC), One for internal NAT'd addresses (any traffic can be
> > forwarded through the firewall to internal hosts), the other would
be
> > a bridged interface to a DMZ (allows you to filter ports but doesn't
> > need an IP).
> >    There are other ways to set this up also but this is the only way
I
> > can think of at the moment to get a firewall without using one of
your
> > addresses.  Unless of course you just forward all your traffic
through
> > the firewall.  If you want a dedicated address for a specific server
> > instead of all your DNS entries going ot the firewall, the firewall
> > can be multi-homed (multiple addresses/NIC).
> >
> > I could probably think of a few more ways to get it done but
couldn't
> > tell you the "best" way without a bit more info.
> >
> > sim
> >
> > _______________________________________________
> > Twin Cities Linux Users Group Mailing List - Minneapolis/St. Paul,
> > Minnesota
> > http://www.mn-linux.org
> > tclug-list at mn-linux.org
> > https://mailman.mn-linux.org/mailman/listinfo/tclug-list
> >
>
> _______________________________________________
> Twin Cities Linux Users Group Mailing List - Minneapolis/St. Paul,
Minnesota
> http://www.mn-linux.org
> tclug-list at mn-linux.org
> https://mailman.mn-linux.org/mailman/listinfo/tclug-list

_______________________________________________
Twin Cities Linux Users Group Mailing List - Minneapolis/St. Paul,
Minnesota
http://www.mn-linux.org
tclug-list at mn-linux.org
https://mailman.mn-linux.org/mailman/listinfo/tclug-list