Today I needed to replicate a Cisco PIX firewall setup with a PC running Linux (Debian, Kernel 2.6). Pretty much the same setup as your standard NAT/Router/firewall box, except I added a caching BIND9 dns server too. I have three network ports - eth0, eth1, eth2 - I figured I'd make eth0 the external real ip address and bridge eth1 and eth2 and the br0 bridge interface would be 192.168.1.1. I tested this out and with a Knoppix 3.7 client - wouldn't get an ip address via DHCP, but the DHCP server logged the following to syslog:
Code:
Mar 9 10:07:13 server dhcpd: DHCPDISCOVER from 00:04:75:78:63:30 via br0
Mar 9 10:07:14 server dhcpd: DHCPOFFER on 192.168.1.10 to 00:04:75:78:63:30 via br0
the Mac address is correct for the Knoppix client.
I used the dhcp3 server package from Debian, there is a /etc/default/dhcp3 file used by its init.d script to tell it what interfaces to server on (br0).
Anyway, so I got rid of the bridging and assigned 192.168.1.1 directly to eth1 and it works great as a NAT router/firewall, so I needed to have it working right away and set it up like that. Anyone have any ideas why it wouldn't work with the bridge - I plan on playing with this again in the future (& adding a squid transproxy...)
Thanks,
Slacky
Here is my /etc/dhcpd.conf:
Code:
# (add your comments here)
default-lease-time 600;
max-lease-time 7200;
option subnet-mask 255.255.255.0;
option broadcast-address 192.168.1.255;
option routers 192.168.1.1;
option domain-name-servers 192.168.1.1;
option domain-name "mydomain.org";
subnet 192.168.1.0 netmask 255.255.255.0 {
range 192.168.1.10 192.168.1.100;
}
