Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
02-22-2014, 05:44 PM
|
#1
|
Member
Registered: Jan 2005
Location: NZ
Distribution: Fedora / Debian
Posts: 99
Rep:
|
Bridge configuration for two interfaces for a "Passive" network monitoring system
I'm currently trailling software (software is a DDoS/Firewall mitigation tool and also so I have superior visibility & accounting over which hosts are using bandwidth) which involves putting a linux box "in line" between my ISP's router and my border router (I run services at a datacenter).
The software works by taking data in on say, eth1, sanitizing it, and then throwing it back out on eth2 to my border router.
My system which is going to be running this software is running debian squeeze, a fairly powerful server with Xeon CPU and 16GB RAM. It has two onboard gigabit ethernet adapters, and a third PCI-e card which I installed for management purposes. So eth0 is the management interface, and eth1 and eth2 are data in/data out respectively.
So my understanding is that I neded to configure a bridge using eth1 and eth2 so all traffic coming into eth1 is reflected out eth2. No routing or NAT is to take place. If the software decides it necessary, it will drop frames as needed.
All the guides I can find relate to turning a linux machine into a router, so the guides include steps on how to turn on routing and/or NAT which is not desirable in my scenario.
Can anyone point me in the right direction here?
|
|
|
02-24-2014, 04:02 AM
|
#2
|
Senior Member
Registered: Jan 2012
Distribution: Slackware
Posts: 3,348
Rep:
|
You need to create a bridge interface and add eth1 and eth2 to it. The kernel must support bridging, either by having that support compiled directly into the kernel or as a module. The bridge userspace tools must also be installed.
I can tell you how to do this from the command line:
Code:
# delete this if the kernel has built-in bridge support
modprobe 8021q
# bridges are usually called "brN" where N is some
# integer, but any name would do.
brctl addbr br0
brctl addif br0 eth1
brctl addif br0 eth2
If you do this, any traffic entering eth1 will be sent out eth2 and vice versa, which doesn't really sound like what you want. The software would be able to inspect all traffic entering either interface by monitoring the br0 interface, but wouldn't normally be able to filter or alter the traffic unless it hooks into iptables/netfilter (which may very well be what it does).
Without knowing more about the product in question, it's hard to say if this is the solution you're looking for.
Last edited by Ser Olmy; 02-24-2014 at 04:03 AM.
|
|
|
02-24-2014, 11:54 PM
|
#3
|
Member
Registered: Jan 2005
Location: NZ
Distribution: Fedora / Debian
Posts: 99
Original Poster
Rep:
|
Hi Ser Olmy, thanks for your reply. I am using this software: http://www.andrisoft.com/software/wanguard
Apparently, their presales support can only help with configuring the actual software itself and not the underlying linux system. It looks like the software is indeed making use of iptables.
For reference I'm running Debian 6.0.7.
|
|
|
02-25-2014, 12:03 AM
|
#4
|
Senior Member
Registered: Jan 2012
Distribution: Slackware
Posts: 3,348
Rep:
|
The product does indeed use iptables to filter traffic and block DDoS attacks, so a bridge setup like the one I suggested above is indeed what you're looking for.
The next question is of course where and how Debian stores bridge configurations, and it seems the answer to that question can be found here.
|
|
|
03-08-2014, 04:51 PM
|
#5
|
Member
Registered: Jan 2005
Location: NZ
Distribution: Fedora / Debian
Posts: 99
Original Poster
Rep:
|
Hi Ser Olmy,
Thanks for your reply, that looks like exactly what I need then.
Just to confirm, the bridge will forward IPv4 and IPv6 traffic, right?
|
|
|
03-09-2014, 05:06 AM
|
#6
|
Senior Member
Registered: Jan 2012
Distribution: Slackware
Posts: 3,348
Rep:
|
A bridge/switch (a switch is a multiport bridge) is an ISO layer 2 device. It forwards Ethernet frames based on the destination MAC address, and doesn't care about the actual contents of the frame. It will forward IPv4, IPv6, IPX, SNA and any other protocol you throw at it.
|
|
|
All times are GMT -5. The time now is 08:37 PM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|