lee <l...@yun.yagibdah.de> wrote:
> I do not want to bridge the internet transparently with the local
> network, which seems to be what a bridge would do. It would be like
> replacing this:
> |--- host A
> Internet --- eth0 firewall eth1 ---|--- host B
> |--- host N
> with this:
> |--- con1 --- host A
> Internet --- con0 switch ---|--- con2 --- host B
> |--- conN --- host N
No, not really. A bridge on your host is more like this:
|--- con1+shorewall --- host
Internet --- eth1+shorewall --- [switch] ---|--- con2+shorewall --- guest A
|--- con3+shorewall --- guest B
|--- conN+shorewall --- guest N-1
Notice that shorewall applies to the interfaces, rather than only to
the host itself.
> What I want is this:
> Internet B --- router w/ FW --- eth1 host w/ shorewall xxx --- guest
You can do that either with bridging (see above), or routing like this:
|--- con1 --- guest A
Internet --- eth1+shorewall --- host --- [NAT] ---|--- con2 --- guest B
|--- conN --- guest N
> Ideally, I would bundle "Internet A" and "Internet B" to increase the
> available bandwidth.
That's a different issue. But there's no reason in principle why you
couldn't, for example, have the host using eth0 and the guests aggregated
via eth1. You can connect the NICs corresponding to eth0 and eth1
whereever you like.
Chris
--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/97aji9xg7u....@news.roaima.co.uk
