On Mon, 2006-02-13 at 18:38 -0600, Boyd Stephen Smith Jr. wrote:
> On Sunday 12 February 2006 20:58, Ow Mun Heng <[EMAIL PROTECTED]> wrote
> about '[gentoo-user] is iptables needed on a Bridge':
> > Just got a bridge setup to put in to monitor network traffic. I wonder
> > if there's a need to put in iptables/ebtables into it.
>
> While I have seen iptables rules like -i br0 -o br0 ACCEPT, I do not think
> they are necessary normally. I know my bridge device will move traffic
> from eth0 to eth1 and vice-versa without iptables (I don't think it's even
> in my kernel).
I only asked this question because I am paranoid and when building
internet connected servers, being paranoid is a good thing(tm).
>From what I read, putting iptables/ebtables is for using the bridge as
an in-place-firewall (transparently etc).
I also wanted to know if there's a need for iptables, mainly for
security. But since there isnt' an ip addressed to br0, I would presume
that it is safe, but I thought I'll check here 1st.
>
> > the bridge(br0) does not have an ip address.
>
> That seems wrong to me, my bridge device (between the two GB eithernet
> ports on my MB) does indeed get an IP address and neither eth0/1 gets one.
Yes. That's right, eth0 and eth1 don't get an ip.
/etc/conf.d/net contains
config_eth0("null")
config_eth1("null")
I don't put an IP on the bridge (Br0) because there isn't a need for
one. What I do is put another eth card (eth2) into the mix and put a
private IP into it for SSH access and admin etc.
> Might check this out:
> http://www.headnut.org/files/linux-gentoo_bridge_guide.txt
Have read through it (again) I believe i"ve seen this before when I was
researching bridges
--
[email protected] mailing list
