On Mon, 13 Aug 2007 20:58:40 +0100, Uwe Thiem wrote: > On 13 August 2007, Mateus Interciso wrote: >> Hi, basically, I want to share the internet using a Bridge on a pc with >> two NICS, one for internet, the other for Internal Network. Now, I know >> a easiest approuch would be to use NAT, which is how I'm doing now, > > Actually, masquerading would be the easiest way, but that's besides the > point. > >> but since I really need Level 2 Routing, I can't afford doing this with >> nat. > > I beg your pardon? NATting and masquerading takes place on layer 2 (IP). > > Oh, do you mean you need *incoming* routing? Won't work. > >> A simple network layout would be like this: >> >> Internet---->[eth1]Gentoo[eth0]---->LAN So, what I've done was this: >> 1)Installed the net-misc/bridge-utils 2)Enable the bridge module on the >> kernel 3)Load it >> 4)ifconfig eth0 0.0.0.0 >> 5)ifconfig eth1 0.0.0.0 >> 6)brctl addbr br0 >> 7)brctl setfd br0 0 >> 8)brctl addif br0 eth0 >> 9)brctl addif br0 eth1 >> 10)ifconfig br0 up >> Now comes the tricky part, since the internet I recieve is via DHCP, >> and on eth1, if I make: dhcpcd eth1, it timesout, but if I use dhclient >> eth1, it works, almost, I can get an IP at least, so I've sticked with >> this 11)dhclient eth1 >> 12)ifconfig eth0 10.0.0.1 netmask 255.255.255.0 >> >> Now, you would have to excuse me, because I really don't remember if >> that worked, but I think it didn't, what I made (that at least didn't >> put the whole network down), was all of this, but on step 10 forward: >> 10)ifconfig br0 10.0.0.1 netmask 255.255.255.0 up 11)dhclient eth1 >> >> And by this, I can actually browse the internal network, but not the >> internet, in none of the machines, neither the bridge, with/without a >> iptables firewall enabled. > > AFAIK, this will never work. If you really need incoming connections on > certain ports you can use port forwarding with NAT on your firewall. > Bridging is not for this kind of thing. > > Uwe > > -- > Jack Nicholson: My mother never saw the irony in calling me a son of a > bitch.
Actually, I need a fully transparent bridge, for for instance, correcly using a SIP phone, which even with siproxd, it doesn't work, so, NAT and Masquerade, won't help me. I'm pretty sure I can transform the gentoo box in a transparent bridge router, I just don't know how. -- [EMAIL PROTECTED] mailing list
