[Gllug] Iptables with bridge
Ian Norton-Badrul,,,
bredroll at darkspace.org.uk
Tue Jun 21 23:16:23 UTC 2005
On Tue, Jun 21, 2005 at 08:09:11PM +0100, Chris Bell wrote:
> I have an old box with Debian Sarge and three ethernet cards running
> brctl (bridge control) as a 2-way bridge to FORWARD packets under iptables
> rules, while the third interface is only used for remote admin access from
> a specified source under iptables rules. This works as I would expect.
>
> I have another old box with Debian Sarge and three ethernet cards running
> brctl (bridge control) as a 3-way bridge to FORWARD packets under iptables
> rules.
>
> All interfaces are shown normally as "UP", but they appear to only work
> as part of the bridge, not as individual interfaces. Is this the expected
> action?
Hi Chris,
brctl and it's friends are intended to allow you to turn your linux box
with two or more ethernet cards into a very clever form of ethernet
switch,
the devices you add to a bridge will simply serve to recieve and
transmit the ethernet frames. These cards will run in promisc mode
meaning that they will 'see' all packets, not just those directed at
thier MAC addresses. Only the ethernet bridge interface will respond as
a normal ethernet device.
ie:-
ifconfig eth0 up
ifconfig eth1 up
brctl addbr br0
brctl br0 addif eth0
brctl br0 addif eth1
ifconfig br0 192.168.0.1 netmask 255.255.255.128
will glue togther the two ethernet networks attached to eth1 and eth0
via your machine, and your machine will then be identified as
192.168.0.1.
no iptables stuff happens at all here, it is an ethernet bridge, even
old ipx stuff will run over it,
Ian
--
Gllug mailing list - Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug
More information about the GLLUG
mailing list