Franco wrote:
Hi, i have your same output of ifconfig, when i restart the network i see that just eth0 is in promiscuous mode seams that eth1 don't is in this state. How can i do to change state? How can i do to controll the bridge ( firewall ) from other network? I need to add another NIC CARD ? Best regards.
I have a custom init.d script which starts my bridge. In that I have the follwing code:
brctl addbr bridge
for card in $CARDS; do
brctl addif bridge $card
ifconfig $card promisc 0.0.0.0
donewhere $CARDS contains a list of the cards I'm adding into the bridge. The cards are put into promiscous mode here, with the ifconfig command. Is there an option you can add into /etc/sysconfig/network-script/ifcfg-eth1 which will put it into promiscuous mode, something like PROMISC=yes?
As to network cards, you only need 2 to make a bridge. The bridge interface is a pseudo-interface which you use to communicate with the bridge device. If you are not intending to communicate with the bridge over the network you don't need to ifconfig it and give it an IP. For a bridging firewall this makes it even more secure as it can then only be accessed from the console. But it makes it much less convenient to administer.
You can see what the status of the bridge is using brctl, for example to see what bridges are up and running:
# brctl show
bridge name bridge id STP enabled interfaces
bridge 8000.0001034126cc yes eth0
eth1
To see what MACs it's got in it's address table:# brctl showmacs bridge # (in your case this would be br0) port no mac addr is local? ageing timer 1 00:00:e8:86:15:9e no 120.45 1 00:00:e8:86:17:23 no 211.15 2 00:04:76:d6:d2:0e yes 0.00 ...
-- Nigel Wade, System Administrator, Space Plasma Physics Group, University of Leicester, Leicester, LE1 7RH, UK E-mail : nmw@xxxxxxxxxxxx Phone : +44 (0)116 2523548, Fax : +44 (0)116 2523555
