Re: Can one interface have an IP address and bridge as well?

Wed, 22 Jun 2011 23:59:01 -0700 

That would make things simpler.

On Thu, 23 Jun 2011 03:09:16 +0100, Paul Suh wrote:
> Folks,
> 
> I could add another physical interface for the internal end of the bridge, 
> but not for the external end. Would this work? 
> 
> 
> --Paul
> 
> 
> On Jun 22, 2011, at 6:56 AM, Stuart Henderson wrote:
> 
> > Seconded, or alternatively can you add another interface (physical
> > or vlan) to place the server on?
> > 
> > It might be possible to do bridging and nat on the same interface
> > (possibly using bridge rules and PF tags) but at best you're setting
> > yourself up for a complicated and fragile ruleset.
> > 
> > On 2011-06-22, Shane Lazarus <shane.laza...@pobox.com> wrote:
> >> Heya
> >> 
> >> On Wed, Jun 22, 2011 at 12:13 PM, Paul Suh <pl...@goodeast.com> wrote:
> >> 
> >>> Folks,
> >>> 
> >>> Is this possible and/or a good idea? I have a router with three 
> >>> interfaces:
> >>> 
> >>> sis0: external interface, IPv4 address 1.2.3.4/24
> >>> sis1: internal interface, IPv4 address 192.168.1.1/24
> >>> sis2 <http://192.168.1.1/24sis2>: DMZ interface, IPv4 address
> >>> 192.168.2.1/24
> >>> 
> >>> NAT rules pass all traffic from the internal and DMZ zones through the
> >>> external IP address. I have a couple of servers with IPv4 addresses
> >>> 192.168.2.2 and 192.168.2.3 in the DMZ, with rdr-to rules that send 
> >>> traffic
> >>> in
> >>> to them from 1.2.3.4.
> >>> 
> >>> I need to place a server at 1.2.3.5, and the software I have to run needs
> >>> the
> >>> server itself to have the IPv4 address 1.2.3.5 -- I can't NAT it and give
> >>> the
> >>> server the address 192.168.2.4 in the DMZ. (Don't ask. *shudder*) Can I 
> >>> set
> >>> up
> >>> a bridge between sis0 and sis2 so that traffic for 1.2.3.5 gets passed
> >>> through
> >>> to the server via sis2 as well as having the IPv4 address 1.2.3.4 on sis0?
> >>> Or
> >>> is there a better way to do this?
> >>> 
> >>> 
> >>> --Paul
> >>> 
> >>> [demime 1.01d removed an attachment of type application/pkcs7-signature
> >>> which had a name of smime.p7s]
> >>> 
> >>> 
> >> I personally would check to see if you could get a /30 routed to 1.2.3.4.
> >> 5.6.7.8 - 5.6.7.11
> >> 
> >> Append one of the /30 to the sis2 interface, and the other to your new
> >> server.
> >> 
> >> If 1.2.3.4 & 1.2.3.5 are part of a bigger block that you own, see if you
> >> can't allocate a /30 from that larger pool.
> >> ( 1.2.3.8 - 1.2.3.11 ?? )
> >> 
> >> 
> >> Shane

Reply via email to