Aha, now it makes more sense. Thanks! What would be interesting to find out is why rocky is seeing sandy on eth0. Can you run a tcpdump from rocky in raw mode 'tcpdump -i eth0 -R -e -x -v -n' when you try to access the outside world from sandy?
cheers, Lennert On Wed, Jan 02, 2002 at 12:21:55PM +0000, Ganesh Sittampalam wrote: > > > I'm trying to bridge two ethernets, which ought to be pretty basic. The > > > one oddity is that the Linux box I'm using to do it (rocky) is running > > > under VMWare 3.0 on a Win2K box (sandy), [snip] > > > > > > When I generate some traffic from sandy destined for rocky, everything > > > works fine and "brctl showmacs br0" shows sandy's MAC address on port 2. > > > However, when I try to generate traffic from sandy destined for another > > > host on the network, "brctl showmacs br0" shows sandy's MAC address on > > > port 1, and the return traffic doesn't get to it (predictably enough). > > > > So the problem is that your Win2K machine cuts itself off from its local > > network when you start VMWare? Sorry, but I really don't know what could > > be the problem there. Unless I misunderstand you of course. > > Sorry, no. Here's a picture of the networking configuration: > > TCP/IP disabled > v > |-----/------- Sandy (Win2K) > | |(VMNet1) > Outside World --------| | > | |(eth1) > |------------- Rocky (Debian in VMWare on Sandy) > (eth0) > > The line from Sandy to the outside world is the real network card. The > line from Rocky to Sandy is a simulated ethernet between Rocky and Sandy > only. The line from Rocky to the outside world is a bridge onto Sandy's > network interface provided by VMWare; as far as I know this bridge is > working perfectly. > > I mentioned VMWare because it might be a complicating factor, but I > haven't seen any evidence (apart from my current problem) that the above > setup isn't a perfect simulation of two different machines connected to > the outside world via a hub and to each other using different network > cards via a cross-over cable. > > What I want to do is use Rocky to transparently firewall Sandy as much as > possible (obviously it's not going to be great). So I've disabled TCP/IP > on Sandy's main network interface and am trying to run a Linux ethernet > bridge on Rocky. It's this that I'm having the problem with. All the > separate network interfaces have different MAC addresses. When I ping > Rocky from Sandy, "brctl showmacs br0" shows Sandy's VMNet1 MAC address on > port 2 (eth1). But when I try to ping the outside world from Sandy, "brctl > showmacs br0" shows Sandy's VMNet1 MAC address as being on port 1 (eth0), > and as a result the return packets don't get sent to it by the bridge. > > Hope this makes more sense. What I'm trying to do probably sounds a bit > strange, but I'm used to always keeping Windows boxes firewalled behind > Linux, and since Sandy is a laptop the usual "shove an old 486 on the > network" solution doesn't quite work :-) I'm hoping to use bridging rather > than routing for various reasons to do with the different places I might > be plugging it in. > > Cheers, > > Ganesh > _______________________________________________ Bridge mailing list [EMAIL PROTECTED] http://www.math.leidenuniv.nl/mailman/listinfo/bridge
