> > > > Mike Lander wrote: > > > > > not sure how to config shorewall or if I have this bridge right but > > > now there seems to be several ways to config shorewall here > > > which shorewall docs should I look at with suse 11.1 and shorewall 4.2.9? > > > > Hi Mike, > > > > 'brctl show br0' will show you the bridge configuration. > Tom > > linux-rwu0:~ # brctl show br0 > bridge name bridge id STP enabled interfaces > br0 8000.0016177efed1 no eth1 > tap0 > > > > > Do you need to firewall traffic through the bridge? If not, simply set > > 'routeback' on 'br0' and you are finished. That's > > http://www.shorewall.net/SimpleBridge.html. If you need to firewall > > traffic through the bridge, then you need to folllow > > http://www.shorewall.net/bridge-Shorewall-perl.html. > > I do need to firewall traffic to the internet eth0, however traffic > between the bridge I just need traffic shaping. I remove the push > route and bridge option. > > Items I changed in shorewall from stock two interface is in interfaces,masq, > and routestopped > which is correct according to simple bridge I believe. I changed these as > follows > > net eth0 detect tcpflags,nosmurfs > loc br0 detect routeback > > masq > eth0 br0 > > routestopped > br0 - > > However when starting the bridge with /etc/init.d/bridge, I lose connectivity > with > the internet from the firewall and lan. I believe routing in the > /etc/init.d/bridge > is incorrect. I followed examples and I believe the gateway is incorrect. > Here is /etc/init.d/bridge, ip route ls and ifconfig.
Ok changing the gateway to my eth0 gateway fixed that with the complaint SIOCADDRT: File exists but now the box and lan have internet access. If I leave gateway blank complains as well maybe remove gateway from /etc/sysconfig/routes to make it pretty. However things are working now. or maybe modify script to remove gateway entry? linux-rwu0:~ # /etc/init.d/bridge start Fri Jun 12 03:42:43 2009 TUN/TAP device tap0 opened Fri Jun 12 03:42:43 2009 Persist state set to: ON SIOCADDRT: File exists Starting OpenVPN Mike ------------------------------------------------------------------------------ Crystal Reports - New Free Runtime and 30 Day Trial Check out the new simplified licensing option that enables unlimited royalty-free distribution of the report engine for externally facing server and web deployment. http://p.sf.net/sfu/businessobjects _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
