Configure FC2 as Bridge

Nigel Wade nmw at ion.le.ac.uk
Fri Feb 4 10:17:22 UTC 2005 

Franco wrote:
> Hi, i need to use a FC2 server as firewall for my network,
> i have configured it as write on shorewall sites:
> 
> /etc/sysconfig/network-scripts/ifcfg-br0
> 
> DEVICE=br0
> TYPE=Bridge
> IPADDR=213.xxx.xxx.xxx
> NETMASK=255.255.255.248
> ONBOOT=yes
> 
> /etc/sysconfig/network-scripts/ifcfg-eth0:
> 
> DEVICE=eth0
> TYPE=ETHER
> BRIDGE=br0
> ONBOOT=yes
> 
> /etc/sysconfig/network-scripts/ifcfg-eth1:
> 
> DEVICE=eth1
> TYPE=ETHER
> BRIDGE=br0
> ONBOOT=yes
> 
> After a /etc/init.d/network restart
> i have lose the ssh connection and seams that the server
> can't ping other ips.
> 
> Can anyone help me?
> 

Did you put both ethernet cards into promiscuous mode? If they are not in 
promiscuous mode they drop any packets other than the IP they are assigned, 
and since they are not assigned an IP in bridging mode they won't accept any 
packets at all.

This is an ifconfig for an ethernet card which is operating in a bridge:

eth0      Link encap:Ethernet  HWaddr 00:01:03:41:26:CC
           UP BROADCAST RUNNING PROMISC MULTICAST  MTU:1500  Metric:1
           RX packets:153540157 errors:0 dropped:0 overruns:29 frame:0
           TX packets:151344501 errors:0 dropped:0 overruns:0 carrier:0
           collisions:0 txqueuelen:100
           RX bytes:749644020 (714.9 Mb)  TX bytes:868719741 (828.4 Mb)
           Interrupt:11 Base address:0xdc00

and for the bridge that it is a part of:

bridge    Link encap:Ethernet  HWaddr 00:01:03:41:26:CC
           inet addr:143.210.44.xx  Bcast:143.210.44.255  Mask:255.255.255.0
           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
           RX packets:7542348 errors:0 dropped:0 overruns:0 frame:0
           TX packets:83245 errors:0 dropped:0 overruns:0 carrier:0
           collisions:0 txqueuelen:0
           RX bytes:681830576 (650.2 Mb)  TX bytes:19014467 (18.1 Mb)


The routing table is:

Destination   Gateway  Genmask        Flags   MSS Window  irtt Iface
143.210.44.0  *        255.255.255.0  U        40 0          0 bridge
127.0.0.0     *        255.0.0.0      U        40 0          0 lo

In this case the bridge is part of a firewall, hence there is no default 
route and it can only route packets to the internal network.

Note: this is a 2.4.18 kernel, not FC2, but I think the principles are the same.

-- 
Nigel Wade, System Administrator, Space Plasma Physics Group,
             University of Leicester, Leicester, LE1 7RH, UK
E-mail :    nmw at ion.le.ac.uk
Phone :     +44 (0)116 2523548, Fax : +44 (0)116 2523555

More information about the fedora-list mailing list