On 13 August 2007, Mateus Interciso wrote: > Hi, basically, I want to share the internet using a Bridge on a pc with > two NICS, one for internet, the other for Internal Network. > Now, I know a easiest approuch would be to use NAT, which is how I'm > doing now,
Actually, masquerading would be the easiest way, but that's besides the point. > but since I really need Level 2 Routing, I can't afford doing > this with nat. I beg your pardon? NATting and masquerading takes place on layer 2 (IP). Oh, do you mean you need *incoming* routing? Won't work. > A simple network layout would be like this: > > Internet---->[eth1]Gentoo[eth0]---->LAN > So, what I've done was this: > 1)Installed the net-misc/bridge-utils > 2)Enable the bridge module on the kernel > 3)Load it > 4)ifconfig eth0 0.0.0.0 > 5)ifconfig eth1 0.0.0.0 > 6)brctl addbr br0 > 7)brctl setfd br0 0 > 8)brctl addif br0 eth0 > 9)brctl addif br0 eth1 > 10)ifconfig br0 up > Now comes the tricky part, since the internet I recieve is via DHCP, and > on eth1, if I make: dhcpcd eth1, it timesout, but if I use dhclient eth1, > it works, almost, I can get an IP at least, so I've sticked with this > 11)dhclient eth1 > 12)ifconfig eth0 10.0.0.1 netmask 255.255.255.0 > > Now, you would have to excuse me, because I really don't remember if that > worked, but I think it didn't, what I made (that at least didn't put the > whole network down), was all of this, but on step 10 forward: > 10)ifconfig br0 10.0.0.1 netmask 255.255.255.0 up > 11)dhclient eth1 > > And by this, I can actually browse the internal network, but not the > internet, in none of the machines, neither the bridge, with/without a > iptables firewall enabled. AFAIK, this will never work. If you really need incoming connections on certain ports you can use port forwarding with NAT on your firewall. Bridging is not for this kind of thing. Uwe -- Jack Nicholson: My mother never saw the irony in calling me a son of a bitch. -- [EMAIL PROTECTED] mailing list
