LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
Reload this Page Ethernet Bridging on a firewall
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 03-18-2007, 09:57 PM   #1
ronban
Member
 
Registered: Aug 2005
Location: India
Distribution: Gentoo
Posts: 43

Rep: Reputation: 15
Ethernet Bridging on a firewall

Hi everybody,
We installed CentOS on all our servers. We are having some problems in configuring the landscape and stabilizing the environment.

This is what we are looking at:

ADSL ROUTER (192.168.99.1)
|
| (eth0) 192.168.98.4
GATEWAY SERVER (CENTOS )
| (eth1) 192.168.99.4
|
|
|
|
SWITCH (DLINK)
|
|
|
|
| (192.168.99.0/24)
OTHER SERVERS AND COMPUTERS


Now, the gateway server has 2 interfaces. eth1 being the internal interface and eth0 being the external interface. The internal interface serves the internal network with a DHCP Server.

This above conf is working fine. We applied some standard IP table rules on the gateway.

The problem comes when we try using a bridge for eth1. We will need to install openVPN on the server and need to operate it in the bridge mode. But as soon as the bridge is started and eth1 is binded to it, no one can access the system from outside. No-one can also access internet from inside the network. do we need to use ebtables or spanning tree protocol? Building of this landscape has been a bottleneck for our project.

The openvpn clients need to get their ips from the dhcp server runnign on eth1.

I have attached a file described the landscape in detail in jpg file here.

http://www.indience.com/landscape/landscape.jpg

Any help is appreciated.

Regds
Roney
Last edited by Capt_Caveman; 03-19-2007 at 07:04 PM.
 
Old 03-19-2007, 04:16 PM   #2
Brian1
LQ Guru
 
Registered: Jan 2003
Location: Seymour, Indiana
Distribution: Distribution: RHEL 5 with Pieces of this and that. Kernel 2.6.23.1, KDE 3.5.8 and KDE 4.0 beta, Plu
Posts: 5,700

Rep: Reputation: 65
The ip for the adsl router to the eth0 are using different Class C IP ranges. Is that correct?
Other than that ebtables and Openvpn is above me.

Brian
 
Old 03-19-2007, 08:21 PM   #3
ronban
Member
 
Registered: Aug 2005
Location: India
Distribution: Gentoo
Posts: 43

Original Poster
Rep: Reputation: 15
yes, but arent these IP's be used in the local IP range. If you have the saem config, can you paste your config files please. That will be very helpful
 
Old 03-19-2007, 09:39 PM   #4
merize147
Member
 
Registered: Oct 2004
Location: Where ever I put down Lappie
Distribution: Dragged kicking and screaming to RHEL
Posts: 132

Rep: Reputation: 15
Quote:
Originally Posted by ronban
The problem comes when we try using a bridge for eth1. We will need to install openVPN on the server and need to operate it in the bridge mode.
Bridging is a layer 2 function and VPN works with IP's which is layer 3. Hence you can't have both.

-
 
Old 03-19-2007, 11:08 PM   #5
ronban
Member
 
Registered: Aug 2005
Location: India
Distribution: Gentoo
Posts: 43

Original Poster
Rep: Reputation: 15
what about a brouter ? cant we install a brouter on a linux box??
 
Old 03-20-2007, 12:58 AM   #6
jschiwal
LQ Guru
 
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 15,733

Rep: Reputation: 682Reputation: 682Reputation: 682Reputation: 682Reputation: 682Reputation: 682
Wouldn't it be better to have your remote sites on different subnets? Eth0 will need to be on the same subnet as the modem to operate. The LAN addressing for the remote sites is encapsulated in the VPN. There are numerouse VPN howtos. I entered "Linux VPN" in google and got pages of responses.

What the remote sites use, such as cisco or another linux box may determine what solution you need to work on.
Last edited by jschiwal; 03-20-2007 at 01:04 AM.
 
Old 03-20-2007, 07:29 AM   #7
merize147
Member
 
Registered: Oct 2004
Location: Where ever I put down Lappie
Distribution: Dragged kicking and screaming to RHEL
Posts: 132

Rep: Reputation: 15
Why the big push for a bridge?
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Bridging Wireless To Ethernet jrtayloriv Linux - Wireless Networking 3 12-17-2006 12:05 AM
SMP+ethernet bridging = no-no? Toshiba-Laptop Linux - Networking 0 07-01-2006 10:34 PM
Ethernet bridging pepolez Linux - Networking 3 06-12-2005 06:07 AM
ethernet bridging not working twsnnva Linux - Networking 2 01-27-2005 02:49 PM
Bridging two ethernet segments over ISDN jweigert Linux - Networking 4 07-16-2002 09:36 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 04:43 PM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration