hi,
Yes, the bridge machine is connected to a switch cisco catalyst 2900.
Don't know today if what i want to do is not stupid and if there is not
a better solution. :)
My aim is to filter traffic between customer machines. I don't have
acces to their machine, i don't know if they apply patchs and I don't
want someone hack/scan a machine from another machine on the lan.
There are 10,15 machines, so a bridge/fw machine with 10,15 eth is not
possible. I have think to put all machines on seperate vlan, create a
trunk with all vlan and connect it to a bridge machine. And after, with
vconfig, create vlan device and create a bridge with all vlan device.
"bridge" is here for not play with subnet.
i have try with the (not pached) bridge from kernel. And same result, no
packet go from a vlan to another.
seb
Lennert Buytenhek wrote:
>Hi,
>
>What other network equipment are you using in your setup? I'm particularly
>interested in the brand of switches you use (I assume your bridge machine
>connects to a switch?)
>
>cheers,
>Lennert
>
>
>
>On Tue, Sep 11, 2001 at 05:56:56PM +0200, sebastien Robart wrote:
>
>>hi,
>>
>>I am trying to make a bridge between some vlan.
>>i have installed the vlan patch
>>(http://scry.wanfear.com/~greear/vlan.html), installed bridge patch on a
>>2.4.9ac7 kernel
>>
>>vconfig add eth0 2
>>vconfig add eth0 3
>>brctl addbr test
>>brctl addif test eth0.2
>>brctl addif test eth0.3
>>ifconfig test 192.168.1.11
>>
>>from /var/log/message
>>"
>>Sep 11 15:54:13 tt kernel: VLAN REGISTER: Allocated new group.
>>Sep 11 15:55:04 tt kernel: eth0.2: add 01:00:5e:00:00:01 mcast address
>>to master interface
>>Sep 11 15:55:07 tt kernel: eth0.3: add 01:00:5e:00:00:01 mcast address
>>to master interface
>>Sep 11 15:55:21 tt kernel: eth0.2: dev_set_promiscuity(master, 1)
>>Sep 11 15:55:21 tt kernel: eth0: Promiscuous mode enabled.
>>Sep 11 15:55:21 tt kernel: device eth0 entered promiscuous mode
>>Sep 11 15:55:21 tt kernel: device eth0.2 entered promiscuous mode
>>Sep 11 15:55:24 tt modprobe: modprobe: Can't locate module net-pf-10
>>Sep 11 15:55:24 tt kernel: eth0.3: dev_set_promiscuity(master, 1)
>>Sep 11 15:55:24 tt kernel: device eth0.3 entered promiscuous mode
>>Sep 11 15:55:32 tt kernel: test: port 2(eth0.3) entering listening state
>>Sep 11 15:55:32 tt kernel: test: port 1(eth0.2) entering listening state
>>Sep 11 15:55:47 tt kernel: test: port 2(eth0.3) entering learning state
>>Sep 11 15:55:47 tt kernel: test: port 1(eth0.2) entering learning state
>>Sep 11 15:56:02 tt kernel: test: port 2(eth0.3) entering forwarding state
>>Sep 11 15:56:02 tt kernel: test: topology change detected, propagating
>>Sep 11 15:56:02 tt kernel: test: port 1(eth0.2) entering forwarding state
>>Sep 11 15:56:02 tt kernel: test: topology change detected, propagating
>>Sep 11 16:06:19 tt kernel: eth0: Promiscuous mode enabled.
>>"
>>
>>from the bridge, i can ping others computers on vlans but there are no
>>"bridge" between vlans.
>>i have tryed to change mtu, but no success.
>>
>>Someone already make this setting work (vlan + bridge) ?
>>
>>thx
>>seb
>>
>>
>>_______________________________________________
>>Bridge mailing list
>>[EMAIL PROTECTED]
>>http://www.math.leidenuniv.nl/mailman/listinfo/bridge
>>
>
_______________________________________________
Bridge mailing list
[EMAIL PROTECTED]
http://www.math.leidenuniv.nl/mailman/listinfo/bridge
