Configure FC2 as Bridge

Franco primo at ischianet.com
Fri Feb 4 10:27:24 UTC 2005 

Nigel Wade ha scritto:
> Franco wrote:
> 
>> Hi, i need to use a FC2 server as firewall for my network,
>> i have configured it as write on shorewall sites:
>>
>> /etc/sysconfig/network-scripts/ifcfg-br0
>>
>> DEVICE=br0
>> TYPE=Bridge
>> IPADDR=213.xxx.xxx.xxx
>> NETMASK=255.255.255.248
>> ONBOOT=yes
>>
>> /etc/sysconfig/network-scripts/ifcfg-eth0:
>>
>> DEVICE=eth0
>> TYPE=ETHER
>> BRIDGE=br0
>> ONBOOT=yes
>>
>> /etc/sysconfig/network-scripts/ifcfg-eth1:
>>
>> DEVICE=eth1
>> TYPE=ETHER
>> BRIDGE=br0
>> ONBOOT=yes
>>
>> After a /etc/init.d/network restart
>> i have lose the ssh connection and seams that the server
>> can't ping other ips.
>>
>> Can anyone help me?
>>
> 
> Did you put both ethernet cards into promiscuous mode? If they are not 
> in promiscuous mode they drop any packets other than the IP they are 
> assigned, and since they are not assigned an IP in bridging mode they 
> won't accept any packets at all.
> 
> This is an ifconfig for an ethernet card which is operating in a bridge:
> 
> eth0      Link encap:Ethernet  HWaddr 00:01:03:41:26:CC
>           UP BROADCAST RUNNING PROMISC MULTICAST  MTU:1500  Metric:1
>           RX packets:153540157 errors:0 dropped:0 overruns:29 frame:0
>           TX packets:151344501 errors:0 dropped:0 overruns:0 carrier:0
>           collisions:0 txqueuelen:100
>           RX bytes:749644020 (714.9 Mb)  TX bytes:868719741 (828.4 Mb)
>           Interrupt:11 Base address:0xdc00
> 
> and for the bridge that it is a part of:
> 
> bridge    Link encap:Ethernet  HWaddr 00:01:03:41:26:CC
>           inet addr:143.210.44.xx  Bcast:143.210.44.255  Mask:255.255.255.0
>           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
>           RX packets:7542348 errors:0 dropped:0 overruns:0 frame:0
>           TX packets:83245 errors:0 dropped:0 overruns:0 carrier:0
>           collisions:0 txqueuelen:0
>           RX bytes:681830576 (650.2 Mb)  TX bytes:19014467 (18.1 Mb)
> 
> 
> The routing table is:
> 
> Destination   Gateway  Genmask        Flags   MSS Window  irtt Iface
> 143.210.44.0  *        255.255.255.0  U        40 0          0 bridge
> 127.0.0.0     *        255.0.0.0      U        40 0          0 lo
> 
> In this case the bridge is part of a firewall, hence there is no default 
> route and it can only route packets to the internal network.
> 
> Note: this is a 2.4.18 kernel, not FC2, but I think the principles are 
> the same.
> 

Hi, i have your same output of ifconfig, when i restart
the network i see that just eth0 is in promiscuous mode seams that
eth1 don't is in this state. How can i do to change state?
How can i do to controll the bridge ( firewall ) from other network?
I need to add another NIC CARD ?
Best regards.

More information about the fedora-list mailing list