Andrei Verovski (aka MacGuru) wrote: > Hi ! > > I am still struggling with bridging setup (script is attached at the bottom) > for 2-interface config on SuSE 10.2 and kernel 2.6.22 > > net -> eth1 - 83.xx.yy.zz > loc -> eth2 - 192.168.1.1 (also acts as router) > > So, taking receipt from: > http://www1.shorewall.net/SimpleBridge.html > > > /etc/shorewall/interfaces: > #ZONE INTERFACE BROADCAST OPTIONS > net eth1 detect tcpflags,norfc1918,routefilter,nosmurfs,logmartians > loc br0 192.168.1.255 routeback,bridge,tcpflags,detectnets,nosmurfs > > /etc/shorewall/masq: <--- what should be here? > eth1 br0 > > And finally, in Linux guest running under QEMU/KVM I could specify for > example > its network card (qtap0) with IP for example 192.168.1.10, netmask > 255.255.255.0 and default gateway 192.168.1.1. > > > Am I right or missing something?
If you are going to have one local IP network (which in your case appears to be 192.168.1.0/24), then you need to add eth2 to the bridge (br0); the bridge should have the IP address (192.168.1.1) rather than eth2. So you need to remove the IP configuration from eth2; the device still needs to be set in the UP state. See the bridge creation scripts at http://www.shorewall.net/3.0/bridge.html and/or http://www.shorewall.net/bridge-Shorewall-perl.html. So your bridge script needs changing to: a) Add eth2 as the first port on the bridge (or last); and b) The IP address of the bridge needs to be changed from 192.168.1.254 to 192.168.1.1 (either that or you need to use 192.168.1.254 as the default gateway for your internal/virtual systems). The internal interface in your Shorewall configuration is 'br0'. eth2 is not mentioned in that configuration. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ [EMAIL PROTECTED] PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
