LinuxQuestions.org
LinuxAnswers - the LQ Linux tutorial section.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
LinkBack Search this Thread
Old 05-08-2013, 01:35 AM   #1
lucmove
Member
 
Registered: Aug 2005
Location: Brazil
Distribution: Lubuntu, Slackware
Posts: 575

Rep: Reputation: 64
Two NICs - bridge and proxy


I sort of have found what I want. It's here:

http://archive09.linux.com/feature/133849

But it doesn't lay out EXACTLY what I want. I've never been very good at setting up network stuff, so I decided to come here and ask before I do something stupid.

I have a Wifi connection through a primary router that is shared with other people. My notebook connects to the Internet through that connection.

I also have a phone and a tablet using that same connection.

Two problems:

1) I want to be able to share data among my notebook, phone and tablet without worrying about any eavesdropping.

2) I wish I could use Privoxy to filter my Web browsing on the tablet and phone (I already do it on the notebook).

Solution: another Wifi router I have lying around here.

This second Wifi router cannot connect to the primary, remote router over Wifi. It's just a very cheap and basic router, not a bridge or access point, it can only receive data through an Ethernet cable, and I don't want to connect the two routers with cable. So my notebook will have to do the bridging. That's ok because then I can leverage Privoxy running on it.

So I want to keep the notebook having access to the Internet through the primary, shared router, but from now on, sharing this connection with my secondary router through an Ethernet cable.

So the notebook will be receiving data through wlan0 and sharing it through the eth0 cable with the second router (on the router's WLAN port).

If that works, the phone and tablet will no longer use the external router, just the secondary one. No one else will be able to access this secondary router, so I will have more privacy when moving data among the three machines. And the notebook will filter all the phone and tablet's Web browsing through Privoxy.

The site I mentioned above proposes two solutions for that: "bridging" and "firewalling." It's not clear to me whether I need both or just "firewalling."

Moreover, suppose I need both. Let's see what it says about "bridging."

Quote:
To create a bridge between your network adapters, begin by taking both adapters offline with the ifdown command. In our example eth0/eth1 setup, run sudo ifdown eth0 and sudo ifdown eth1 from the command line.

Next, create the bridge with sudo brctl addbr bridge0. The addbr command creates a new "virtual" network adapter named bridge0. You then connect your real network adapters to the bridge with addif: sudo brctl addif bridge0 eth0 adds the first adapter, and sudo brctl addif bridge0 eth1 adds the second.

Once configured, you activate the bridge0 virtual adapter just as you would a normal, physical Ethernet card. You can assign it a static IP address with a command like sudo ifconfig bridge0 192.168.1.100 netmask 255.255.255.0, or tell it to retrieve its configuration via DHCP with sudo dhclient bridge0.
So is this correct?
# ifdown eth0
# ifdown wlan0
# brctl addbr bridge0
# brctl addif bridge0 eth0
# brctl addif bridge0 wlan0

But then I will need DHCP on the external, Wifi connection, but I suspect I had better assign a static IP address to the eth0 connection. Right?

Moving on, if I want to filter my phone and tablet browsing with Privoxy, I guess I will need the second solution, with or without the first. Thats is not very clear to me either:

Quote:
First, you will need to bring both network adapters up and assign each a different IP address -- and, importantly, IP addresses that are on different subnets. For example, sudo ifconfig eth0 192.168.1.100 netmask 255.255.255.0 and sudo ifconfig eth1 192.168.2.100 netmask 255.255.255.0. Note that eth0's address is within the 192.168.1.x range, while eth1's is within 192.168.2.x. Maintain this separation when you add other devices to your network and you will keep things running smoothly.
So is this correct?
# ifconfig wlan0 192.168.1.100 netmask 255.255.255.0
# ifconfig eth0 192.168.2.100 netmask 255.255.255.0

But that assumes the second solution only, because the first one lumps eth0 and wlan0 together as bridge0. Or maybe I am all wrong about this.

In either case, 'ifconfig wlan0 192.168.1.100' sounds like something impossible to me because I can't choose my own wlan0 IP. The primary router does that, it dictates my IP number and the IP number of everyone else using it.

Finally, what happens when I run 'ifconfig eth0 192.168.2.100' then hit 192.168.2.100 on the browser? Will that open the secondary router admin/configuration page? That's what I need, I guess.

Sorry, I need this help because I always mix all these things up in my head.
 
Old 05-08-2013, 04:49 AM   #2
GlennsPref
Senior Member
 
Registered: Apr 2004
Location: Brisbane, Australia
Distribution: Mageia Studio-13.37 Kubuntu.
Posts: 3,325
Blog Entries: 33

Rep: Reputation: 199Reputation: 199
Hi, I think a firewall and privoxy should do it. no bridge

http://www.privoxy.org/faq/configuration.html#LANCONFIG

I think also of not using wlan, but instead using the fw to redirect between users and the proxy.

A good iptables fw script can be generated here.
 
Old 05-08-2013, 10:57 AM   #3
lucmove
Member
 
Registered: Aug 2005
Location: Brazil
Distribution: Lubuntu, Slackware
Posts: 575

Original Poster
Rep: Reputation: 64
Quote:
Originally Posted by GlennsPref View Post
Hi, I think a firewall and privoxy should do it. no bridge

http://www.privoxy.org/faq/configuration.html#LANCONFIG

I think also of not using wlan, but instead using the fw to redirect between users and the proxy.

A good iptables fw script can be generated here.
No bridge? But I am using Lubuntu, and whenever I plug the ethernet cable in to the notebook, I lose my Wifi connection, even if the other end of the cable isn't connected to anything. Lubuntu switches over to the ethernet connection immediately. As soon as I disconnect the cable, Lubuntu searches and finds my hotspot and reconnects again. I need both connections active all the time, and the notebook has to share the connection with the router. How do I do that without the bridge?

And not using wlan, what does that mean? I need wlan to connect to the Internet.

Looks like you didn't read everything I wrote. :-(
 
Old 05-08-2013, 05:42 PM   #4
lucmove
Member
 
Registered: Aug 2005
Location: Brazil
Distribution: Lubuntu, Slackware
Posts: 575

Original Poster
Rep: Reputation: 64
Well, I didn't need bridging. The other option worked, my notebook's connection is shared with the other devices.

Last edited by lucmove; 05-08-2013 at 11:26 PM.
 
Old 05-09-2013, 12:26 AM   #5
GlennsPref
Senior Member
 
Registered: Apr 2004
Location: Brisbane, Australia
Distribution: Mageia Studio-13.37 Kubuntu.
Posts: 3,325
Blog Entries: 33

Rep: Reputation: 199Reputation: 199
OK, I may have been wrong about wlan, I didn't quite understand the topology.

Glad you got it working
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] OpenVPN in bridge mode cutting access to web (Server with 3 NICs acting as router) Joaquim Almeida Linux - Networking 1 09-10-2012 12:12 AM
[SOLVED] Transparant proxy with 2 nics and NAT hophop Linux - Networking 8 04-18-2012 05:56 AM
proxy server setup, 2 NICs in same PC gjhicks Linux - Networking 4 04-06-2005 06:38 AM
When using Knoppix, I need to bridge the 2 nics together! p4ocer Linux - Networking 0 06-22-2004 02:59 PM
2 nics and a squid proxy mssucks Linux - Networking 4 03-06-2002 04:29 AM


All times are GMT -5. The time now is 04:57 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration