Am Montag, 13. Januar 2003 01:20 schrieb Brad Morgan:
> I'm trying to get bridging to work with a RedHat 8.0 system (kernel
> 2.4.18-19.8.0) and I'm not having much success.
>
> I have a Linux Firewall (RH 8.0) connected to an Adelphia cable modem on
> eth0 and my home network hub on eth1. The bridge machine and 4 Windows
> machines are connected to the hub.
>
> I reconfigured as follows:
>
> Remove the firewall eth1 connection to the hub and connect it with a
> crossover cable to eth0 on the bridge machine. The eth1 interface on the
> bridge machine remains connected to the hub.
>
> I'm attempting a simple experiment first so I've set my Netfilter rules as
> follows:
>
> iptables --policy INPUT ACCEPT
> iptables --policy OUTPUT ACCEPT
> iptables --policy FORWARD ACCEPT
>
> iptables -t nat --policy PREROUTING ACCEPT
> iptables -t nat --policy OUTPUT ACCEPT
> iptables -t nat --policy POSTROUTING ACCEPT
>
> iptables -t mangle --policy PREROUTING ACCEPT
> iptables -t mangle --policy OUTPUT ACCEPT
>
> # Remove any existing rules from the built-in chains
> iptables --flush
> iptables -t nat --flush
> iptables -t mangle --flush
>
> # Remove any pre-existing user-defined chains
> iptables --delete-chain
> iptables -t nat --delete-chain
> iptables -t mangle --delete-chain
>
> I configure the bridge as follows:
>
> ifconfig eth0 down
> ifconfig eth1 down
> ifconfig eth0 0.0.0.0 promisc
> ifconfig eth1 0.0.0.0 promisc
> brctl addbr br0
> brctl stp br0 off
> brctl addif br0 eth0
> brctl addif br0 eth1
> ifconfig br0 192.168.0.2 up
> route add default gw 192.168.0.100
>
> "brctl showmacs br0" shows the ethernet addresses of all machines as
> expected and using gbrctl the ethernet interfaces go from listening to
> learning to forwarding as expected.
>
> None of the Windows machines can see the firewall with the bridge enabled.
> Ethereal shows
> packets being on eth0 but no responses from either the bridge machine or
> the firewall.
>
> /var/log/messages contains:
>
> Jan 12 15:45:44 Polo-Morgan kernel: ip_conntrack (512 buckets, 4096 max)
> Jan 12 15:47:30 Polo-Morgan kernel: NET4: Ethernet Bridge 008 for NET4.0
> Jan 12 15:47:31 Polo-Morgan kernel: device eth0 entered promiscuous mode
> Jan 12 15:47:31 Polo-Morgan /etc/hotplug/net.agent: invoke ifup br0
> Jan 12 15:47:31 Polo-Morgan kernel: device eth1 entered promiscuous mode
> Jan 12 15:47:31 Polo-Morgan kernel: eth0: Setting promiscuous mode.
> Jan 12 15:47:31 Polo-Morgan last message repeated 4 times
> Jan 12 15:47:31 Polo-Morgan kernel: eth1: Promiscuous mode enabled.
> Jan 12 15:47:31 Polo-Morgan last message repeated 3 times
> Jan 12 15:47:31 Polo-Morgan kernel: br0: port 2(eth1) entering listening
> state
> Jan 12 15:47:31 Polo-Morgan kernel: br0: port 1(eth0) entering listening
> state
> Jan 12 15:47:46 Polo-Morgan kernel: br0: port 2(eth1) entering learning
> state
> Jan 12 15:47:46 Polo-Morgan kernel: br0: port 1(eth0) entering learning
> state
> Jan 12 15:48:01 Polo-Morgan kernel: br0: port 2(eth1) entering forwarding
> state
> Jan 12 15:48:01 Polo-Morgan kernel: br0: topology change detected,
> propagating
> Jan 12 15:48:01 Polo-Morgan kernel: br0: port 1(eth0) entering forwarding
> state
> Jan 12 15:48:01 Polo-Morgan kernel: br0: topology change detected,
> propagating
> Jan 12 15:50:20 Polo-Morgan kernel: eth0: Setting promiscuous mode.
> Jan 12 15:54:52 Polo-Morgan ntpd[657]: synchronisation lost
> Jan 12 16:05:47 Polo-Morgan kernel: br0: port 2(eth1) entering disabled
> state
> Jan 12 16:05:47 Polo-Morgan kernel: br0: port 1(eth0) entering disabled
> state
> Jan 12 16:05:48 Polo-Morgan kernel: br0: port 1(eth0) entering disabled
> state
> Jan 12 16:05:48 Polo-Morgan kernel: br0: port 2(eth1) entering disabled
> state
>
> It looks like it should be working but I've probably overlooked something
> stupid. Can someone enlighten me?
>
> Thanks,
>
> Brad Morgan
I think the problem is: eth0 and eth1 are still down. And what is with the
netmask in line
> ifconfig br0 192.168.0.2 up
Try something like that:
ifdown eth0
ifdown eth1
ifconfig eth0 0.0.0.0 promisc up || return=$rc_failed
ifconfig eth1 0.0.0.0 promisc up || return=$rc_failed
brctl addbr br0 || return=$rc_failed
brctl addif br0 eth0 || return=$rc_failed
brctl addif br0 eth1 || return=$rc_failed
brctl sethello br0 1 || return=$rc_failed
brctl setmaxage br0 4 || return=$rc_failed
brctl setfd br0 4 || return=$rc_failed
brctl stp br0 off || return=$rc_failed
ifconfig br0 192.168.1.60 netmask 255.255.255.0 up ||
return=$rc_failed
route add default gw 192.168.1.1
_______________________________________________
Bridge mailing list
[EMAIL PROTECTED]
http://www.math.leidenuniv.nl/mailman/listinfo/bridge
