On 12/12/2010 2:39 PM, Simon Hobson wrote:
> Christ Schlacta wrote:
>> ... far as I can tell, the bridges are set up right and working,
> Does traffic flow if you clear Shorewall (ie do "shorewall clear") ?
> If not then you need to fix that before trying to get Shorewall
> working.
>
>> is there more I need to do to handle a bridge device in ubuntu (my
>> interfaces looks liek this:)
>>
>> auto lo
>> iface lo inet loopback
>>
>> auto wan0
>> iface wan0 inet dhcp
>>
>> auto lan0
>> iface lan0 inet static
>> address 10.0.0.254
>> netmask 255.255.255.0
>> network 10.0.0.0
>> broadcast 10.0.0.255
>>
>> auto lan1
>> iface lan1 inet static
>> address 10.0.1.254
>> netmask 255.255.255.0
>> network 10.0.1.0
>> broadcast 10.0.1.255
>>
>> #auto br-lan0
>> #iface br-lan0 inet static
>> # address 10.0.0.254
>> # netmask 255.255.255.0
>> # network 10.0.0.0
>> # broadcast 10.0.0.255
>> # bridge_ports lan0
>>
>> #auto br-lan1
>> #iface br-lan1 inet static
>> # address 10.0.1.254
>> # netmask 255.255.255.0
>> # network 10.0.1.0
>> # broadcast 10.0.1.255
>> # bridge_ports lan1
> Going entirely from memory (so there are probably loads of syntax
> errors), and it's a while since I last set one up, on Debian systems
> I do something like this :
>
> auto br0
> iface br0 inet static
> address ...
> ...
> pre-up brctl addbr br0
> pre-up ip link set up dev eth0
> pre-up brctl addif br0 eth0
> pre-up ip link set up dev ethn
> pre-up brctl addif br0 ethn
> ...
>
> There's probably a more elegant way to do it, and it really needs a
> script that can check if the bridge already exists and so on -
> otherwise any error in the pre-up commands causes the system to abort
> bringing up the interface.
>
I found the problem, I think. ubuntu 10.10 has a new feature (not sure
when it was introduced) but the iface lan0 inet manual is the key. it
does the ip link set up that you mentioned, but handles it the ubuntoid
way. Shorewall was indeed handling everything right, thank you for
helping me figure this out :)
On another note: Tom, you might considder adding a recommendation to
the howtos and guides that even on a multiple interface router, that it
be configured to use bridges. I've found that swapping interfaces,
enabling or disabling vlans, and other simple updates are greatly
simplified by using bridges.
the working final config is below:
auto lo
iface lo inet loopback
auto wan0
iface wan0 inet manual
auto br-wan0
iface br-wan0 inet dhcp
bridge_ports wan0
bridge_fd 0
bridge_hello 0
auto lan0
iface lan0 inet manual
auto br-lan0
iface br-lan0 inet static
address 10.0.0.254
netmask 255.255.255.0
network 10.0.0.0
broadcast 10.0.0.255
bridge_ports lan0
bridge_fd 0
bridge_hello 0
auto lan1
iface lan1 inet manual
auto br-lan1
iface br-lan1 inet static
address 10.0.1.254
netmask 255.255.255.0
network 10.0.1.0
broadcast 10.0.1.255
bridge_ports lan1
bridge_fd 0
bridge_hello 0
------------------------------------------------------------------------------
Oracle to DB2 Conversion Guide: Learn learn about native support for PL/SQL,
new data types, scalar functions, improved concurrency, built-in packages,
OCI, SQL*Plus, data movement tools, best practices and more.
http://p.sf.net/sfu/oracle-sfdev2dev
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
