Nigel Wade ha scritto:
Franco wrote:
Hi, i need to use a FC2 server as firewall for my network,
i have configured it as write on shorewall sites:
/etc/sysconfig/network-scripts/ifcfg-br0
DEVICE=br0
TYPE=Bridge
IPADDR=213.xxx.xxx.xxx
NETMASK=255.255.255.248
ONBOOT=yes
/etc/sysconfig/network-scripts/ifcfg-eth0:
DEVICE=eth0
TYPE=ETHER
BRIDGE=br0
ONBOOT=yes
/etc/sysconfig/network-scripts/ifcfg-eth1:
DEVICE=eth1
TYPE=ETHER
BRIDGE=br0
ONBOOT=yes
After a /etc/init.d/network restart
i have lose the ssh connection and seams that the server
can't ping other ips.
Can anyone help me?
Did you put both ethernet cards into promiscuous mode? If they are not
in promiscuous mode they drop any packets other than the IP they are
assigned, and since they are not assigned an IP in bridging mode they
won't accept any packets at all.
This is an ifconfig for an ethernet card which is operating in a bridge:
eth0 Link encap:Ethernet HWaddr 00:01:03:41:26:CC
UP BROADCAST RUNNING PROMISC MULTICAST MTU:1500 Metric:1
RX packets:153540157 errors:0 dropped:0 overruns:29 frame:0
TX packets:151344501 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:749644020 (714.9 Mb) TX bytes:868719741 (828.4 Mb)
Interrupt:11 Base address:0xdc00
and for the bridge that it is a part of:
bridge Link encap:Ethernet HWaddr 00:01:03:41:26:CC
inet addr:143.210.44.xx Bcast:143.210.44.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:7542348 errors:0 dropped:0 overruns:0 frame:0
TX packets:83245 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:681830576 (650.2 Mb) TX bytes:19014467 (18.1 Mb)
The routing table is:
Destination Gateway Genmask Flags MSS Window irtt Iface
143.210.44.0 * 255.255.255.0 U 40 0 0 bridge
127.0.0.0 * 255.0.0.0 U 40 0 0 lo
In this case the bridge is part of a firewall, hence there is no default
route and it can only route packets to the internal network.
Note: this is a 2.4.18 kernel, not FC2, but I think the principles are
the same.
Hi, i have your same output of ifconfig, when i restart
the network i see that just eth0 is in promiscuous mode seams that
eth1 don't is in this state. How can i do to change state?
How can i do to controll the bridge ( firewall ) from other network?
I need to add another NIC CARD ?
Best regards.