Hey,
Are there any guides on how to do this?
Thanks in Advance
On Sun, Sep 28, 2008 at 12:37 AM, Tom Eastep <[EMAIL PROTECTED]> wrote:
> Alex Whiteside wrote:
> >
> >
> > On Sat, Sep 27, 2008 at 12:44 AM, Tom Eastep <[EMAIL PROTECTED]
> > <mailto:[EMAIL PROTECTED]>> wrote:
> >
> >
> > Why? The most natural thing to do is to create the bridge and make
> the
> > bridge the third interface. The bridge serves to connect the Virtual
> > Machine to the Firewall.
> >
> >
> > Okay, so what you are saying is
> >
> > eth0 has a auto ip, and br0 is set to manual or auto? When br0 is on
> > auto it gets the same ip as eth0.
> >
> > Sorry Im just a bit confused on how to approach this, maybe you can give
> > some pointers?
> >
>
> I'm saying, DON'T BRIDGE eth0!
>
> >
> >
> >
> > >
> > > Now lets go back to two interface and change eth1 to br0, Lets say
> > dont
> > > allow loc access to (net), what happens? The whole server cannot
> > see the
> > > internet, because it is bridged through br0.
> >
> > I don't understand that paragraph.
> >
> >
> > Basically, for some reason, when i create a bridge br0 based on eth0, my
> > whole internet connection wants to route through br0 instead of eth0, so
> > therefore i cannot control this.
>
> DON'T BRIDGE eth0.
>
> Given the reduced support for bridges in kernels 2.6.20 and later, I
> would not use a bridge between the internet and your KVM server. If you
> bridge eth0, you won't be able to control loc->DMZ traffic separately
> from loc->net traffic; I don't think you want that restriction. I would
> rather make the bridge a standalone bridge with an RFC 1918 address,
> just as I do in the Shorewall KVM article. You can then use port
> forwarding from eth0 to the server.
>
> -Tom
> --
> Tom Eastep \ The ultimate result of shielding men from the effects of
> Shoreline, \ folly is to fill the world with fools.
> Washington, USA \ -- Herbert Spencer
> ------------------------------------------------------------------------
> http://www.shorewall.net
>
>
> -------------------------------------------------------------------------
> This SF.Net email is sponsored by the Moblin Your Move Developer's
> challenge
> Build the coolest Linux based applications with Moblin SDK & win great
> prizes
> Grand prize is a trip for two to an Open Source event anywhere in the world
> http://moblin-contest.org/redirect.php?banner_id=100&url=/
> _______________________________________________
> Shorewall-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/shorewall-users
>
>
-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
