[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Bridging and Routing (4 Nic's on one machine)



Perhaps somebody could confirm that, but the bridge is not really necesary
in your case.

You will use another IP subnet for your VPN network, and then allow
traffic from that to the internal IP subnet.

In your case, I think, you are dropping/rejecting the traffic from WLAN to
LAN and from LAN to WLAN, this is correct, but, as I said in my first
response, you need to enable the traffic from VPN to LAN and from LAN to
VPN.

When you create an VPN you need to attach them to a logical network (IP
subnet in your case). If you really want to use a bridge, you can use the
same IP subnet for your VPN and then I say YES, you need a bridge for
that, but if you use another IP subnet, then you really don't need a
bridge.

You must think in a VPN as another network interface connected to your box.

More clear?

Regards

-- 
Samuel Díaz García
ArcosCom Wireless, S.L.L.

CIF: B11828068
c/ Romero Gago, 19
Arcos de la Frontera
11630 - Cadiz

http://www.arcoscom.com

mailto:samueldg arcoscom com
msn: samueldg arcoscom com

Tlfn.: 956 70 13 15
Fax:   956 70 34 83


El Vie, 22 de Septiembre de 2006, 7:39, Roger Grosswiler escribió:
>> Perhaps I haven't stand fine. I stand you have an external iface (that
>> is a wifi interface) and you want to connect to your computer using an
>> VPN (OpenVPN) and then access to your internal network. Am I right?
>>
>> If I right, you don't need bridge configuration.
>>
>> When you configure OpenVPN server, this will add a new iface to your
>> server, then, you only need to allow routing from your VPN network to
>> your internal network (allow routing and allowing with iptables the
>> traffic).
>>
>> The problem that you will encounter is the netbios broadcast frames that
>> don't allow you explore de routed networks (internal network), but using
>> direct acces via IP you will access without problems to your samba
>> shared (windows shares).
>>
>> Regards
>>
>> Roger Grosswiler escribió:
>>> I would like to install openvpn afterwards and gain access via wlan on
>>> the
>>> external if to the internal network and use printers, shares etc.
>>>
>>> I think i gonna need bridging there(?)
>>>
>>> Roger
>>>
>>>> Think in a bridge as a kind of switch. It works at OSI Level 2
>>>> (Ethernet)
>>>> not at upper levels (IP).
>>>>
>>>> The IP you assign to bridge must be the IP you need to access to the
>>>> IP
>>>> subnet you need to access from the bridge interface.
>>>>
>>>> The first question is: Do you really need a bridge?
>>>>
>>>> If you don't need to connect networks at Ethernet level, you don't
>>>> need
>>>> it.
>>>>
>>>> Perhaps I don't stand fine your required configuration, but I can't
>>>> see
>>>> that you really need bridges.
>>>>
>>>> Can you explain a bit more your wanted configuration?
>>>>
>>>> Regards
>>>>
>>>> --
>>>> Samuel Díaz García
>>>> ArcosCom Wireless, S.L.L.
>>>>
>>>> CIF: B11828068
>>>> c/ Romero Gago, 19
>>>> Arcos de la Frontera
>>>> 11630 - Cadiz
>>>>
>>>> http://www.arcoscom.com
>>>>
>>>> mailto:samueldg arcoscom com
>>>> msn: samueldg arcoscom com
>>>>
>>>> Tlfn.: 956 70 13 15
>>>> Fax:   956 70 34 83
>>>>
>>>>
>>>> El Jue, 21 de Septiembre de 2006, 9:03, Roger Grosswiler escribió:
>>>>> Hello,
>>>>>
>>>>> I think about bridging the firewall on the next install.
>>>>> Unfortunately,
>>>>> the same firewall routes to 2 other subnets:
>>>>>
>>>>> - 1 external
>>>>> - 1 DMZ
>>>>>
>>>>> Both have separate IP-Ranges. In fact, with the internal Network, i
>>>>> have
>>>>> 3
>>>>> Subnets (internal-> eth0, external -> eth1, dmz -> eth2)
>>>>>
>>>>>
>>>>> I would like to now:
>>>>>
>>>>> Can i use this combination:
>>>>>
>>>>> 1 bridge eth0->eth1
>>>>> 1 bridge eth0->eth2
>>>>>
>>>>> and: which ip-adress does the bridge need? is there any ip possible
>>>>> or
>>>>> which one is to set preferably on the bridge?
>>>>>
>>>>> Thanks for your replies.
>>>>>
>>>>> Roger
>>>>>
>>>>> --
>
>
> No, not a 100% what i would like to have:
>
> Connection 1:
> Client from internal Lan -> Firewall (Proxy) -> www
>
> Connection 2:
> Client with WLAN external -> Firewall -> Using resources from internal LAN
>
>
> The WLAN-Card is on the clients side. What i think is that i should use
> bridging for Connection 2, as i cannot use the internal resources (Network
> 10.0.0.0) with my external WLAN (192.168.0.0) - i think i cannot just
> install openvpn on the server as a bridged vpn, don't i? I also need to
> have bridging on those 2 nics?
>
> Thanks,
> Roger
>
>
>
>
>



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]