Hi,
Consider the following situation:
H1 -
\ LB
\ / \
H2 ---- S ---1 2---1 R ------
/
/
H3 -
(I hope the use of letters and numbers is not too confusing,
but it helps me think. :)
This is three hosts (H1,H2,H3) connected to switch (S).
S is connected to the first interface of a linuxbox (LB1)
and the LB in turn is connected to a router (R).
I would like the existance of LB to be transaparent for
all hosts, that is if I reroute the cable S-LB1 to S-R1
I would not have to change the configuration of the hosts.
The basic idea is to make it easy to route all traffic thru
the LB, that may either just log whats going on or possibly
try out different firewall-rules, again without having to
touch the hosts or the router.
This would be active working networks, so changing over to
internal IP's is not an option.
My idea is to give the the interface LB1 the same IP as
R1, that is the IP that the Hs are using as gateway.
On LB2 I would set up virtual interfaces for all the IPs
that are used by the Hs.
Is is possible to do this with the linuxbox? I can see a
potential problem that the LB would confuse LB1 with R1,
but can I solve that with use of some clever routing-
or forwarding-rules?
Can I implement forwardning-rules making the LB act as a
bridge for the given network; something along the lines
of this
" Any incoming traffic on eth2 , go to eth1.
Any incoming traffic on eth1, go to eth2.
Do this unless the packets match any of my other
rules."
Or could I just use the kernel bridge-functionality for this?
I know there is a mini-howto on the subject of bridging+firewalling.
Does the things in there still hold for 2.2.x?
I'll try this out when I have all the hardware next week, but I'd be
happy for any comments or ideas before that.
Thanks,
Bjorn
- - - - umop apisdn 'sdoo - - - -
Bjorn Isaksson <[EMAIL PROTECTED]>
-
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to [EMAIL PROTECTED]
