[NTLUG:Discuss] Solutions for a 'Transparent Bridge'

David Stanaway david at stanaway.net
Tue Jan 27 01:32:01 CST 2009 

Cool.

Glad it worked.

Just goes to show - a good HOWTO never dates :P

how the different interfaces are named is not important, just so long as 
it is consistent and you can identify which is which.

Using iptables with that config, you can be sure every single packet 
that passes is logged or sanitized, and you can block packets that you 
could not with a promiscuous setup.


Ralph Green wrote:
> Howdy,
>   I think I have followed all the discussion.  But, how can I prove my
> mail server did not miss some messages?
>   Anyway, there were two major solutions I saw posted.  One involved a
> hub.  It might actually do everything you need.  I would rather try the
> other solution, since it seems more flexible, so I decided to test it.
> That is what I was reporting to you.  My on board nic came up as eth0 by
> default.  I took no specific action to get that.  The PCI card was
> plugged into the system when I did a fresh install of xubuntu for this
> test.  I had no cables plugged into those ethernet ports.  After the
> install was all done, and I had added wireshark and bridge-utils, I
> configured and tested the eth1 and eth2 ports as the transparent bridge.
> I plugged eth0 into the switch that got its feed from the transparent
> bridge.  So, I could send traffic to it and wireshark on the bridge
> showed that traffic.  The first packets I monitored were pings from
> another machine to the eth0 port on this test machine.  If you wanted to
> be able to vnc to the machine to manage it, this eth0 port would be
> handy.
>   One slightly funny bit was that I notices the article was a little
> old.  The author recommended staying with a 2.4 kernel because he did
> not trust the new fangled 2.6 kernel.  His example showed a version
> number of .95 for bridge-utils and the current version was 1.41.  The
> setup worked fine, in spite of his concern about the new fangled kernel.
> Good day,
> Ralph
>
> On Mon, 2009-01-26 at 21:14 -0600, David Simmons wrote:
>   
>> It seems like you're missing part of the discussion....your 'on-board' nic
>> must be eth0....how are you using that?
>>
>>     
>>> Howdy,
>>>  I setup a system like this and I think it will do what you want.  I
>>> used one of the dual port nic cards and added it to a system with an
>>> onboard nic.  I made the transparent bridge from eth1 and eth2, so I
>>> made the appropriate adjustments to his commands. After that, I plugged
>>> the two ethernet ports inline with my internet connection and ran
>>> wireshark to monitor br0.  It is showing all traffic to my lan from the
>>> internet and back.  It also shows all broadcast traffic on my lan.
>>>
>>>  
>>>       
>> Modified list of commands
>>     
>>> brctl addbr br0
>>> brctl addif br0 eth1
>>> brctl addif br0 eth2
>>> ifconfig eth1 down
>>> ifconfig eth2 down
>>> ifconfig eth1 0.0.0.0 up
>>> ifconfig eth2 0.0.0.0 up
>>> ifconfig br0 10.0.3.129 up
>>> echo "1" > /proc/sys/net/ipv4/ip_forward
>>> route add default gw 10.0.3.129
>>>
>>>  If you want to borrow this system for a few months, that would be fine.
>>> It is a fairly small system.
>>> Good luck,
>>> Ralph
>>>
>>> On
>>>       
>> Fri, 2009-01-23 at 23:22 -0600, David Stanaway wrote:
>>     
>>>> David Simmons wrote:
>>>>         
>>>>> Anyone out there running a transparent bridge and care to share
>>>>> their hardware/software setup with me?
>>>>>
>>>>> What I want to do is
>>>>>           
>> be able to log/watch ALL TCP/IP traffic coming from my internet
>>     
>>>>> connect to my network....would prefer sometype of aggregated log
>>>>> summaries.
>>>>>
>>>>>           
>>>> I used this setup with good success
>>>>
>>>>
>>>>         
>> http://tldp.org/HOWTO/Ethernet-Bridge-netfilter-HOWTO.html
>>     
>
>
>
> _______________________________________________
> http://www.ntlug.org/mailman/listinfo/discuss
>
>

More information about the Discuss mailing list