Martin, Thanks for the input but unfortunately it didn't help. I believe brctl turns the interfaces on and 255.255.255.0 is the default netmask so while your observations were correct and I've fixed my script, it didn't change the behavior.
Any other ideas? Regards, Brad -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Martin Bammer Sent: Monday, January 13, 2003 12:51 AM To: [EMAIL PROTECTED] Subject: Re: [Bridge] Help for a newbie Am Montag, 13. Januar 2003 01:20 schrieb Brad Morgan: > I'm trying to get bridging to work with a RedHat 8.0 system (kernel > 2.4.18-19.8.0) and I'm not having much success. > > I have a Linux Firewall (RH 8.0) connected to an Adelphia cable modem on > eth0 and my home network hub on eth1. The bridge machine and 4 Windows > machines are connected to the hub. > > I reconfigured as follows: > > Remove the firewall eth1 connection to the hub and connect it with a > crossover cable to eth0 on the bridge machine. The eth1 interface on the > bridge machine remains connected to the hub. > > I'm attempting a simple experiment first so I've set my Netfilter rules as > follows: > > iptables --policy INPUT ACCEPT > iptables --policy OUTPUT ACCEPT > iptables --policy FORWARD ACCEPT > > iptables -t nat --policy PREROUTING ACCEPT > iptables -t nat --policy OUTPUT ACCEPT > iptables -t nat --policy POSTROUTING ACCEPT > > iptables -t mangle --policy PREROUTING ACCEPT > iptables -t mangle --policy OUTPUT ACCEPT > > # Remove any existing rules from the built-in chains > iptables --flush > iptables -t nat --flush > iptables -t mangle --flush > > # Remove any pre-existing user-defined chains > iptables --delete-chain > iptables -t nat --delete-chain > iptables -t mangle --delete-chain > > I configure the bridge as follows: > > ifconfig eth0 down > ifconfig eth1 down > ifconfig eth0 0.0.0.0 promisc > ifconfig eth1 0.0.0.0 promisc > brctl addbr br0 > brctl stp br0 off > brctl addif br0 eth0 > brctl addif br0 eth1 > ifconfig br0 192.168.0.2 up > route add default gw 192.168.0.100 > > "brctl showmacs br0" shows the ethernet addresses of all machines as > expected and using gbrctl the ethernet interfaces go from listening to > learning to forwarding as expected. > > None of the Windows machines can see the firewall with the bridge enabled. > Ethereal shows > packets being on eth0 but no responses from either the bridge machine or > the firewall. > > /var/log/messages contains: > > Jan 12 15:45:44 Polo-Morgan kernel: ip_conntrack (512 buckets, 4096 max) > Jan 12 15:47:30 Polo-Morgan kernel: NET4: Ethernet Bridge 008 for NET4.0 > Jan 12 15:47:31 Polo-Morgan kernel: device eth0 entered promiscuous mode > Jan 12 15:47:31 Polo-Morgan /etc/hotplug/net.agent: invoke ifup br0 > Jan 12 15:47:31 Polo-Morgan kernel: device eth1 entered promiscuous mode > Jan 12 15:47:31 Polo-Morgan kernel: eth0: Setting promiscuous mode. > Jan 12 15:47:31 Polo-Morgan last message repeated 4 times > Jan 12 15:47:31 Polo-Morgan kernel: eth1: Promiscuous mode enabled. > Jan 12 15:47:31 Polo-Morgan last message repeated 3 times > Jan 12 15:47:31 Polo-Morgan kernel: br0: port 2(eth1) entering listening > state > Jan 12 15:47:31 Polo-Morgan kernel: br0: port 1(eth0) entering listening > state > Jan 12 15:47:46 Polo-Morgan kernel: br0: port 2(eth1) entering learning > state > Jan 12 15:47:46 Polo-Morgan kernel: br0: port 1(eth0) entering learning > state > Jan 12 15:48:01 Polo-Morgan kernel: br0: port 2(eth1) entering forwarding > state > Jan 12 15:48:01 Polo-Morgan kernel: br0: topology change detected, > propagating > Jan 12 15:48:01 Polo-Morgan kernel: br0: port 1(eth0) entering forwarding > state > Jan 12 15:48:01 Polo-Morgan kernel: br0: topology change detected, > propagating > Jan 12 15:50:20 Polo-Morgan kernel: eth0: Setting promiscuous mode. > Jan 12 15:54:52 Polo-Morgan ntpd[657]: synchronisation lost > Jan 12 16:05:47 Polo-Morgan kernel: br0: port 2(eth1) entering disabled > state > Jan 12 16:05:47 Polo-Morgan kernel: br0: port 1(eth0) entering disabled > state > Jan 12 16:05:48 Polo-Morgan kernel: br0: port 1(eth0) entering disabled > state > Jan 12 16:05:48 Polo-Morgan kernel: br0: port 2(eth1) entering disabled > state > > It looks like it should be working but I've probably overlooked something > stupid. Can someone enlighten me? > > Thanks, > > Brad Morgan I think the problem is: eth0 and eth1 are still down. And what is with the netmask in line > ifconfig br0 192.168.0.2 up Try something like that: ifdown eth0 ifdown eth1 ifconfig eth0 0.0.0.0 promisc up || return=$rc_failed ifconfig eth1 0.0.0.0 promisc up || return=$rc_failed brctl addbr br0 || return=$rc_failed brctl addif br0 eth0 || return=$rc_failed brctl addif br0 eth1 || return=$rc_failed brctl sethello br0 1 || return=$rc_failed brctl setmaxage br0 4 || return=$rc_failed brctl setfd br0 4 || return=$rc_failed brctl stp br0 off || return=$rc_failed ifconfig br0 192.168.1.60 netmask 255.255.255.0 up || return=$rc_failed route add default gw 192.168.1.1 _______________________________________________ Bridge mailing list [EMAIL PROTECTED] http://www.math.leidenuniv.nl/mailman/listinfo/bridge _______________________________________________ Bridge mailing list [EMAIL PROTECTED] http://www.math.leidenuniv.nl/mailman/listinfo/bridge
