Hello,
Over the weekend I setup Bering as a Bridge and used shorewall version 2.0 (from
www.shorewall.net) for the firewall. As I didn't find out all the steps from
the documentation online I thought I would send this message so others would
have an easier time setting it up.
To save money I opted to not buy a switch but instead add more NIC's into the
router. So the topology looked like:
<computer 1> -- <eth1> -- |
192.168.1.10 |
| <br0> [firewall/router] <eth0> -> Internet
| 192.168.1.254
<computer 2> -- <eth2> -- |
192.168.1.20
The bridge acts at the ethernet level so the internal NIC's are not assigned an
address. br0 is the bridge and it is assigned the IP address. Both machines
can access the router at 192.168.1.254.
Steps:
1. include the bridge.lrp package.
2. get and install the bridge.o module and install it into modules.lrp
3. download shorewall 2.0 from the shorewall website. (rename to shorewall.lrp
and install on the disk)
4. configure the /etc/network/interfaces as normal for the external interface.
be it DHCP or PPPOE, etc. Configure the bridge as follows:
auto br0
iface br0 inet static
address 192.168.1.254
masklen 24
netmask 255.255.255.0
broadcast 192.168.1.255
pre-up /sbin/ip link set eth1 up
pre-up /sbin/ip link set eth2 up
pre-up /usr/sbin/brctl addbr br0
pre-up /usr/sbin/brctl addif br0 eth1
pre-up /usr/sbin/brctl addif br0 eth2
bridge_ports eth1 eth2
Note the last line. It took me a while to figure it out but this limits the
interfaces that participate in the bridge. In the bering user guide it has the
"all" directive which makes the external interface participate in the bridge
aswell which is not what is desired.
5. Configure shorewall as usual with two zones: loc and net. add the directive
BRIDGING=Yes into shorewall.conf and in the /etc/shorewall/interfaces use the
following line for the loc zone definition:
loc br0 192.168.1.255 routeback.
6. if you want the two machines to be able to communicate to eachother you also
have to add the following into the /etc/shorewall/policy file:
loc loc ACCEPT
I hope this information will be of help to someone,
Mike
-------------------------------------------------------
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
------------------------------------------------------------------------
leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
