LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 12-13-2005, 04:53 PM   #1
SWAT
Member
 
Registered: Aug 2003
Posts: 36

Rep: Reputation: 15
Bridge (with port blocking) needed!


I have a old 166Mhz with 32MB EDO-RAM, about 1GB hard disk and 2 NIC's. I want to turn this into a bridge, so I need a linux-distro with a low-memory footprint, as well as the ability to block ports (example: block everything, except 80) on the bridge-ing NIC's.
Any suggestion would be appreciated!
 
Old 12-13-2005, 05:01 PM   #2
angel115
Member
 
Registered: Jul 2005
Location: France / Ireland
Distribution: Debian mainly, and Ubuntu
Posts: 533

Rep: Reputation: 79
Hi there

Here is a link who can be use full they will explain you how to set you computer as a router/firewall
http://www.comptechdoc.org/os/linux/...ugrouting.html
 
Old 12-14-2005, 01:06 AM   #3
SWAT
Member
 
Registered: Aug 2003
Posts: 36

Original Poster
Rep: Reputation: 15
Quote:
Originally Posted by angel115
Hi there

Here is a link who can be use full they will explain you how to set you computer as a router/firewall
http://www.comptechdoc.org/os/linux/...ugrouting.html
The problem is that I'm not looking for routing/firewalling, I'm looking for bridging (with an old computer). In the article you mentioned, ports aren't even an issue (and that's neccesary if you read my story).
If you have any other tip/hints you're welcome to post them, I'll surely read them.
 
Old 01-03-2006, 05:54 PM   #4
SWAT
Member
 
Registered: Aug 2003
Posts: 36

Original Poster
Rep: Reputation: 15
Unhappy

OK, I installed the bridge-utils and transparant bridgeing works. I even have an IP on which my SSH can connect I followed this howto up until know: http://www.faqs.org/docs/Linux-HOWTO...ter-HOWTO.html

Now I have a big problem. I want to block some ports. Somehow IPtables from the howto I mentioned above, doesn't drop/block anything. Even with NO rules, the bridge works fine. I want to be able to block ports like 22, 80 etc.. How can I realize this? HELP!
 
Old 01-03-2006, 06:08 PM   #5
amosf
Senior Member
 
Registered: Jun 2004
Location: Australia
Distribution: Mandriva/Slack - KDE
Posts: 1,672

Rep: Reputation: 46
A transparent bridge blocking ports? Not normally the job they do - a bridge is sort of like a switch with less ports afaik... This is more the job of a firewall/router...

Maybe if you filled in the details of what you are trying to do?
 
Old 01-04-2006, 02:22 AM   #6
SWAT
Member
 
Registered: Aug 2003
Posts: 36

Original Poster
Rep: Reputation: 15
I need a bridge, because I want to put a PC (the bridge) between my switch and my router. Since my router doesn't allow portblocking, I want to do this with the bridge. I will have LAN party soon, and am sick and tired of people playing WoW online. That's about my background information.
 
Old 01-04-2006, 03:22 AM   #7
amosf
Senior Member
 
Registered: Jun 2004
Location: Australia
Distribution: Mandriva/Slack - KDE
Posts: 1,672

Rep: Reputation: 46
I'd personally put something like smoothwall (or just use iptables) on the PC (create router) and put connect the switch (lan party) to the red interface and the existing router to the green interface. Then block everything. I think that's the right connections. You could set it up with a pc on the green side to access the web interface of the smoothwall box, then move that box later to the red side if you wanted. That would block outgoing connections (you already have a router blocking the incomming).

A bridge is more like a switch. I don't think you can block ports with a bridge...

But then I'm thinking if you are blocking everything, then why not just unplug the router and disconnect the internet completely while you run the lan party? Normally you would only put a router in this situation if you wanted to block most ports and just leave a couple open... I guess you just want to leave 80 open and such...

Another router is what you want IMO...
 
Old 01-04-2006, 03:26 AM   #8
SWAT
Member
 
Registered: Aug 2003
Posts: 36

Original Poster
Rep: Reputation: 15
A new/another router is too expensive, and that old 166Mhz I have already. But I'll continue tingling and such. Hopefully I'll solve this puzzle :P
 
Old 01-04-2006, 03:38 AM   #9
amosf
Senior Member
 
Registered: Jun 2004
Location: Australia
Distribution: Mandriva/Slack - KDE
Posts: 1,672

Rep: Reputation: 46
You put SMOOTHWALL (small linux router distro) on the p166. It becomes a router. Cost = $0. Easy.

Or keep trying with the bridge. Let us know if you figure it out.
 
Old 01-06-2006, 05:23 PM   #10
SWAT
Member
 
Registered: Aug 2003
Posts: 36

Original Poster
Rep: Reputation: 15
Smoothwall REQUIRES 2 seperate subnets (which basically SUCKS if you want to use it as a bridge). I just used a plain Debian 3.0 "Sarge" install, which installed without too much problems. I'm using that and IPtables now as my bridge. I still have to check the performance, but I love that I can block certain ports now. I'm also writing my own little howto for it
By the way, my bridge-pc is transparant (it does have an IP) and doesn't reply to ping
 
Old 01-06-2006, 05:34 PM   #11
amosf
Senior Member
 
Registered: Jun 2004
Location: Australia
Distribution: Mandriva/Slack - KDE
Posts: 1,672

Rep: Reputation: 46
I don't see a problem since it seems that one subnet is just the firewall to existing router connection. The smothwall box can do any dhcp itself anyway? But anyway, you'll have to show how you did the router without any NAT or extra subnet as it would be interesting to see and could be usefull to others.
 
Old 01-06-2006, 05:49 PM   #12
SWAT
Member
 
Registered: Aug 2003
Posts: 36

Original Poster
Rep: Reputation: 15
For an ethernet bridge (what I needed). So it just forwards all traffic from one NIC to the other NIC and it filters some ports out (so it's NOT a router). My network is now like this: Internet <---> Router <---> Debian (bridge) <---> LAN (switch). I followed this howto: http://www.faqs.org/docs/Linux-HOWTO...UP_Linux_brctl
I needed something that was 'invisble' and wouldn't require messing with the existing network, which I succeeded in. Just follow the howto above and you can forward/block ports with IPtables, very easy.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
bridge port mac address fssengg Linux - Networking 3 05-30-2005 07:41 AM
Port Blocking adtomar Linux - Networking 6 12-14-2004 03:35 AM
port blocking BwiNfon Linux - Security 4 09-25-2003 10:51 AM
port blocking EyaL Linux - Security 3 10-19-2002 08:58 PM
PCMCIA to serial port bridge footrest Programming 0 03-22-2002 01:11 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 07:10 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration