Configure FC2 as Bridge
Nigel Wade
nmw at ion.le.ac.uk
Fri Feb 4 10:59:08 UTC 2005
Franco wrote:
>
> Hi, i have your same output of ifconfig, when i restart
> the network i see that just eth0 is in promiscuous mode seams that
> eth1 don't is in this state. How can i do to change state?
> How can i do to controll the bridge ( firewall ) from other network?
> I need to add another NIC CARD ?
> Best regards.
>
I have a custom init.d script which starts my bridge. In that I have the
follwing code:
brctl addbr bridge
for card in $CARDS; do
brctl addif bridge $card
ifconfig $card promisc 0.0.0.0
done
where $CARDS contains a list of the cards I'm adding into the bridge. The
cards are put into promiscous mode here, with the ifconfig command. Is there
an option you can add into /etc/sysconfig/network-script/ifcfg-eth1 which
will put it into promiscuous mode, something like PROMISC=yes?
As to network cards, you only need 2 to make a bridge. The bridge interface
is a pseudo-interface which you use to communicate with the bridge device.
If you are not intending to communicate with the bridge over the network you
don't need to ifconfig it and give it an IP. For a bridging firewall this
makes it even more secure as it can then only be accessed from the console.
But it makes it much less convenient to administer.
You can see what the status of the bridge is using brctl, for example to see
what bridges are up and running:
# brctl show
bridge name bridge id STP enabled interfaces
bridge 8000.0001034126cc yes eth0
eth1
To see what MACs it's got in it's address table:
# brctl showmacs bridge # (in your case this would be br0)
port no mac addr is local? ageing timer
1 00:00:e8:86:15:9e no 120.45
1 00:00:e8:86:17:23 no 211.15
2 00:04:76:d6:d2:0e yes 0.00
...
--
Nigel Wade, System Administrator, Space Plasma Physics Group,
University of Leicester, Leicester, LE1 7RH, UK
E-mail : nmw at ion.le.ac.uk
Phone : +44 (0)116 2523548, Fax : +44 (0)116 2523555
More information about the fedora-list
mailing list