LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 02-22-2014, 05:44 PM   #1
brokenpromises
Member
 
Registered: Jan 2005
Location: NZ
Distribution: Fedora / Debian
Posts: 99

Rep: Reputation: 21
Exclamation Bridge configuration for two interfaces for a "Passive" network monitoring system


I'm currently trailling software (software is a DDoS/Firewall mitigation tool and also so I have superior visibility & accounting over which hosts are using bandwidth) which involves putting a linux box "in line" between my ISP's router and my border router (I run services at a datacenter).

The software works by taking data in on say, eth1, sanitizing it, and then throwing it back out on eth2 to my border router.

My system which is going to be running this software is running debian squeeze, a fairly powerful server with Xeon CPU and 16GB RAM. It has two onboard gigabit ethernet adapters, and a third PCI-e card which I installed for management purposes. So eth0 is the management interface, and eth1 and eth2 are data in/data out respectively.

So my understanding is that I neded to configure a bridge using eth1 and eth2 so all traffic coming into eth1 is reflected out eth2. No routing or NAT is to take place. If the software decides it necessary, it will drop frames as needed.

All the guides I can find relate to turning a linux machine into a router, so the guides include steps on how to turn on routing and/or NAT which is not desirable in my scenario.

Can anyone point me in the right direction here?
 
Old 02-24-2014, 04:02 AM   #2
Ser Olmy
Senior Member
 
Registered: Jan 2012
Distribution: Slackware
Posts: 3,348

Rep: Reputation: Disabled
You need to create a bridge interface and add eth1 and eth2 to it. The kernel must support bridging, either by having that support compiled directly into the kernel or as a module. The bridge userspace tools must also be installed.

I can tell you how to do this from the command line:
Code:
# delete this if the kernel has built-in bridge support
modprobe 8021q
# bridges are usually called "brN" where N is some
# integer, but any name would do.
brctl addbr br0
brctl addif br0 eth1
brctl addif br0 eth2
If you do this, any traffic entering eth1 will be sent out eth2 and vice versa, which doesn't really sound like what you want. The software would be able to inspect all traffic entering either interface by monitoring the br0 interface, but wouldn't normally be able to filter or alter the traffic unless it hooks into iptables/netfilter (which may very well be what it does).

Without knowing more about the product in question, it's hard to say if this is the solution you're looking for.

Last edited by Ser Olmy; 02-24-2014 at 04:03 AM.
 
Old 02-24-2014, 11:54 PM   #3
brokenpromises
Member
 
Registered: Jan 2005
Location: NZ
Distribution: Fedora / Debian
Posts: 99

Original Poster
Rep: Reputation: 21
Hi Ser Olmy, thanks for your reply. I am using this software: http://www.andrisoft.com/software/wanguard

Apparently, their presales support can only help with configuring the actual software itself and not the underlying linux system. It looks like the software is indeed making use of iptables.

For reference I'm running Debian 6.0.7.
 
Old 02-25-2014, 12:03 AM   #4
Ser Olmy
Senior Member
 
Registered: Jan 2012
Distribution: Slackware
Posts: 3,348

Rep: Reputation: Disabled
The product does indeed use iptables to filter traffic and block DDoS attacks, so a bridge setup like the one I suggested above is indeed what you're looking for.

The next question is of course where and how Debian stores bridge configurations, and it seems the answer to that question can be found here.
 
Old 03-08-2014, 04:51 PM   #5
brokenpromises
Member
 
Registered: Jan 2005
Location: NZ
Distribution: Fedora / Debian
Posts: 99

Original Poster
Rep: Reputation: 21
Hi Ser Olmy,

Thanks for your reply, that looks like exactly what I need then.

Just to confirm, the bridge will forward IPv4 and IPv6 traffic, right?
 
Old 03-09-2014, 05:06 AM   #6
Ser Olmy
Senior Member
 
Registered: Jan 2012
Distribution: Slackware
Posts: 3,348

Rep: Reputation: Disabled
A bridge/switch (a switch is a multiport bridge) is an ISO layer 2 device. It forwards Ethernet frames based on the destination MAC address, and doesn't care about the actual contents of the frame. It will forward IPv4, IPv6, IPX, SNA and any other protocol you throw at it.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
ifup: couldn't read interfaces file "/etc/network/interfaces" dobharweim Linux - Networking 1 12-13-2013 12:20 PM
[SOLVED] Solved Ununtu 12.04 "Desktop" network-manager and /etc/network/interfaces conflicts MrDave Linux - Networking 0 02-20-2013 05:44 AM
[SOLVED] LFS: "eth0 does not exist" w/ multiple interfaces. Also, system will not shutdown. TwoGuesses Linux From Scratch 3 06-13-2011 04:00 AM
ifup: couldn't read interfaces file "/etc/network/interfaces" debian lenny lorimer73 Linux - Networking 1 08-24-2010 04:47 PM
[SOLVED] im-switch says scim-bridge but system im is still "simple" - whats wrong? compul Debian 2 02-27-2010 08:18 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 08:37 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration