Tom Eastep wrote: > Andrei Verovski (aka MacGuru) wrote: >> >> Am I right or missing something? > > If you are going to have one local IP network (which in your case appears to > be 192.168.1.0/24), then you need to add eth2 to the bridge (br0); the > bridge should have the IP address (192.168.1.1) rather than eth2. > > So you need to remove the IP configuration from eth2; the device still needs > to be set in the UP state. See the bridge creation scripts at > http://www.shorewall.net/3.0/bridge.html and/or > http://www.shorewall.net/bridge-Shorewall-perl.html. > > So your bridge script needs changing to: > > a) Add eth2 as the first port on the bridge (or last); and > b) The IP address of the bridge needs to be changed from 192.168.1.254 to > 192.168.1.1 (either that or you need to use 192.168.1.254 as the default > gateway for your internal/virtual systems). > > The internal interface in your Shorewall configuration is 'br0'. eth2 is not > mentioned in that configuration.
Alternatively, you could use two local IP networks. a) Keep eth2 the way it is. b) Change all of the addresses associated with the bridge (including the IP addresses of the VMs) to use a second network (say 192.168.2.0/24). In /etc/shorewall/interfaces: loc eth2 ... loc br0 ... In /etc/shorewall/masq: eth1 eth2 eth1 br0 -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ [EMAIL PROTECTED] PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
