On Tue, 14 Aug 2007 15:44:37 +0200, Hans-Werner Hilse wrote: > Hi, > > On Mon, 13 Aug 2007 19:38:18 +0000 (UTC) Mateus Interciso > <[EMAIL PROTECTED]> wrote: > >> Hi, basically, I want to share the internet using a Bridge on a pc with >> two NICS, one for internet, the other for Internal Network. > > Uhm, yeah, I'd like a bridge to the internet, too. To bad the internet > is a routed infrastructure and that's technically impossible. > > But you mixed up a lot of concepts and terms, so I'd suggest reading a > book about how it all fits together some day. > >> Now, I know a easiest approuch would be to use NAT, which is how I'm >> doing now, but since I really need Level 2 Routing, I can't afford >> doing this with nat. >> [...] >> Now comes the tricky part, since the internet I recieve is via DHCP, >> and on eth1, if I make: dhcpcd eth1, it timesout, but if I use dhclient >> eth1, it works, almost, I can get an IP at least, so I've sticked with >> this > > Hm. And what's the bridge supposed to do then? I would agree that using > the bridge, other computers should be able to get IPs assigned using > DHCP (as long as your ISP is issuing IPs for those computers). But that > has nothing to do with the bridge and whether the bridging computer is > able to get an IP assigned. Somehow I have the feeling that your ISP > wouldn't ever issue more than one IP, but since you're that sure... > >> 11)dhclient eth1 > > is unnecessary, except if the bridging PC should have connectivity, too. > >> 12)ifconfig eth0 10.0.0.1 netmask 255.255.255.0 > > is unnecessary, except for internal LAN connectivity. > >> Now, you would have to excuse me, because I really don't remember if >> that worked, but I think it didn't, what I made (that at least didn't >> put the whole network down), was all of this, but on step 10 forward: >> 10)ifconfig br0 10.0.0.1 netmask 255.255.255.0 up > > Hm, that would for sure collide with the step 12 mentioned above. > >> And by this, I can actually browse the internal network, but not the >> internet, in none of the machines, neither the bridge, with/without a >> iptables firewall enabled. > > You have to use DHCP on all the machines that should have Internet > connectivity. Remember that you have just bridged your ISP link to your > LAN, and so now have level-2 access up to your ISP on all the LANs > computers. > >> Can anyone please help me? > > In fact, I don't think answering your questions help a lot since I > really doubt your approach makes sense. In order to find that out, > please just tell a bit about your Internet Connection. What you are > trying to archieve only makes sense under the following circumstances: - > your ISP only provides one physical link, - but the possibility to get > more than one IP issued (either fixed, or DHCP, from what you told, the > latter) - what basically means that there is _no_ point-to-point link > involved. - for whatever reason you don't want to use a switch (which I > would understand for firewalling issues to keep the ISP from getting > your internal traffic running through their machines). > > All of that is perfectly fine, I use such a setup for my virtual > servers, for example (although there that internal LAN is just a > software emulation). > > So please describe your internet connection and we can tell if your plan > is flawed from the beginning. I'd somehow bet a beer on that. > > -hwh
Ok, so my ISP gives my just one IP, as it you have already guessed, and yes, probably I did mixed up a lot of stuff, and I'm terrible sorry for this. I really don't need a bridge, as long as I can find a way to fix the VoIP, I tought of the bridge because the win2k3 had it enabled for routing the packages, it picked up on one side the internet connection with a valid ip 200.*.*.* and on another NIC it had the internal network (in that time 192.168.0.1/28), and it built a bridge (if I remember right, using the 192.168.0.1 IP) and we connected to the bridge, and the bridge was routing the packages from internal, to external. Of course I could be wrong, since I wasn't the guy who made this, and since we needed a firewall, bether then the w2k3, we putted the gentoo box, and I NATed the connection. So, basically, this is it. -- [EMAIL PROTECTED] mailing list
