Re: Can one interface have an IP address and bridge as well?
That would make things simpler. On Thu, 23 Jun 2011 03:09:16 +0100, Paul Suh wrote: Folks, I could add another physical interface for the internal end of the bridge, but not for the external end. Would this work? --Paul On Jun 22, 2011, at 6:56 AM, Stuart Henderson wrote: Seconded, or alternatively can you add another interface (physical or vlan) to place the server on? It might be possible to do bridging and nat on the same interface (possibly using bridge rules and PF tags) but at best you're setting yourself up for a complicated and fragile ruleset. On 2011-06-22, Shane Lazarus shane.laza...@pobox.com wrote: Heya On Wed, Jun 22, 2011 at 12:13 PM, Paul Suh pl...@goodeast.com wrote: Folks, Is this possible and/or a good idea? I have a router with three interfaces: sis0: external interface, IPv4 address 1.2.3.4/24 sis1: internal interface, IPv4 address 192.168.1.1/24 sis2 http://192.168.1.1/24sis2: DMZ interface, IPv4 address 192.168.2.1/24 NAT rules pass all traffic from the internal and DMZ zones through the external IP address. I have a couple of servers with IPv4 addresses 192.168.2.2 and 192.168.2.3 in the DMZ, with rdr-to rules that send traffic in to them from 1.2.3.4. I need to place a server at 1.2.3.5, and the software I have to run needs the server itself to have the IPv4 address 1.2.3.5 -- I can't NAT it and give the server the address 192.168.2.4 in the DMZ. (Don't ask. *shudder*) Can I set up a bridge between sis0 and sis2 so that traffic for 1.2.3.5 gets passed through to the server via sis2 as well as having the IPv4 address 1.2.3.4 on sis0? Or is there a better way to do this? --Paul [demime 1.01d removed an attachment of type application/pkcs7-signature which had a name of smime.p7s] I personally would check to see if you could get a /30 routed to 1.2.3.4. 5.6.7.8 - 5.6.7.11 Append one of the /30 to the sis2 interface, and the other to your new server. If 1.2.3.4 1.2.3.5 are part of a bigger block that you own, see if you can't allocate a /30 from that larger pool. ( 1.2.3.8 - 1.2.3.11 ?? ) Shane
Re: Can one interface have an IP address and bridge as well?
Seconded, or alternatively can you add another interface (physical or vlan) to place the server on? It might be possible to do bridging and nat on the same interface (possibly using bridge rules and PF tags) but at best you're setting yourself up for a complicated and fragile ruleset. On 2011-06-22, Shane Lazarus shane.laza...@pobox.com wrote: Heya On Wed, Jun 22, 2011 at 12:13 PM, Paul Suh pl...@goodeast.com wrote: Folks, Is this possible and/or a good idea? I have a router with three interfaces: sis0: external interface, IPv4 address 1.2.3.4/24 sis1: internal interface, IPv4 address 192.168.1.1/24 sis2 http://192.168.1.1/24sis2: DMZ interface, IPv4 address 192.168.2.1/24 NAT rules pass all traffic from the internal and DMZ zones through the external IP address. I have a couple of servers with IPv4 addresses 192.168.2.2 and 192.168.2.3 in the DMZ, with rdr-to rules that send traffic in to them from 1.2.3.4. I need to place a server at 1.2.3.5, and the software I have to run needs the server itself to have the IPv4 address 1.2.3.5 -- I can't NAT it and give the server the address 192.168.2.4 in the DMZ. (Don't ask. *shudder*) Can I set up a bridge between sis0 and sis2 so that traffic for 1.2.3.5 gets passed through to the server via sis2 as well as having the IPv4 address 1.2.3.4 on sis0? Or is there a better way to do this? --Paul [demime 1.01d removed an attachment of type application/pkcs7-signature which had a name of smime.p7s] I personally would check to see if you could get a /30 routed to 1.2.3.4. 5.6.7.8 - 5.6.7.11 Append one of the /30 to the sis2 interface, and the other to your new server. If 1.2.3.4 1.2.3.5 are part of a bigger block that you own, see if you can't allocate a /30 from that larger pool. ( 1.2.3.8 - 1.2.3.11 ?? ) Shane
Re: Can one interface have an IP address and bridge as well?
Folks, I could add another physical interface for the internal end of the bridge, but not for the external end. Would this work? --Paul On Jun 22, 2011, at 6:56 AM, Stuart Henderson wrote: Seconded, or alternatively can you add another interface (physical or vlan) to place the server on? It might be possible to do bridging and nat on the same interface (possibly using bridge rules and PF tags) but at best you're setting yourself up for a complicated and fragile ruleset. On 2011-06-22, Shane Lazarus shane.laza...@pobox.com wrote: Heya On Wed, Jun 22, 2011 at 12:13 PM, Paul Suh pl...@goodeast.com wrote: Folks, Is this possible and/or a good idea? I have a router with three interfaces: sis0: external interface, IPv4 address 1.2.3.4/24 sis1: internal interface, IPv4 address 192.168.1.1/24 sis2 http://192.168.1.1/24sis2: DMZ interface, IPv4 address 192.168.2.1/24 NAT rules pass all traffic from the internal and DMZ zones through the external IP address. I have a couple of servers with IPv4 addresses 192.168.2.2 and 192.168.2.3 in the DMZ, with rdr-to rules that send traffic in to them from 1.2.3.4. I need to place a server at 1.2.3.5, and the software I have to run needs the server itself to have the IPv4 address 1.2.3.5 -- I can't NAT it and give the server the address 192.168.2.4 in the DMZ. (Don't ask. *shudder*) Can I set up a bridge between sis0 and sis2 so that traffic for 1.2.3.5 gets passed through to the server via sis2 as well as having the IPv4 address 1.2.3.4 on sis0? Or is there a better way to do this? --Paul [demime 1.01d removed an attachment of type application/pkcs7-signature which had a name of smime.p7s] I personally would check to see if you could get a /30 routed to 1.2.3.4. 5.6.7.8 - 5.6.7.11 Append one of the /30 to the sis2 interface, and the other to your new server. If 1.2.3.4 1.2.3.5 are part of a bigger block that you own, see if you can't allocate a /30 from that larger pool. ( 1.2.3.8 - 1.2.3.11 ?? ) Shane [demime 1.01d removed an attachment of type application/pkcs7-signature which had a name of smime.p7s]
Re: Can one interface have an IP address and bridge as well?
Heya On Wed, Jun 22, 2011 at 12:13 PM, Paul Suh pl...@goodeast.com wrote: Folks, Is this possible and/or a good idea? I have a router with three interfaces: sis0: external interface, IPv4 address 1.2.3.4/24 sis1: internal interface, IPv4 address 192.168.1.1/24 sis2 http://192.168.1.1/24sis2: DMZ interface, IPv4 address 192.168.2.1/24 NAT rules pass all traffic from the internal and DMZ zones through the external IP address. I have a couple of servers with IPv4 addresses 192.168.2.2 and 192.168.2.3 in the DMZ, with rdr-to rules that send traffic in to them from 1.2.3.4. I need to place a server at 1.2.3.5, and the software I have to run needs the server itself to have the IPv4 address 1.2.3.5 -- I can't NAT it and give the server the address 192.168.2.4 in the DMZ. (Don't ask. *shudder*) Can I set up a bridge between sis0 and sis2 so that traffic for 1.2.3.5 gets passed through to the server via sis2 as well as having the IPv4 address 1.2.3.4 on sis0? Or is there a better way to do this? --Paul [demime 1.01d removed an attachment of type application/pkcs7-signature which had a name of smime.p7s] I personally would check to see if you could get a /30 routed to 1.2.3.4. 5.6.7.8 - 5.6.7.11 Append one of the /30 to the sis2 interface, and the other to your new server. If 1.2.3.4 1.2.3.5 are part of a bigger block that you own, see if you can't allocate a /30 from that larger pool. ( 1.2.3.8 - 1.2.3.11 ?? ) Shane
