Re: Bridge and Router on the same device

Linux Advanced Routing and Traffic Control

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 11/13/06, Net Cerebrum <netcerebrum@xxxxxxxxx> wrote:

I want to configure a device with three network interfaces where two of them
would bridge two segments of the LAN subnet and the third one would be
connected to the WAN link.

eth0 - 10.10.10.2/24 to be connected to the internet gateway having IP
10.10.10.1/24 (also the default gateway for the device)
eth1 and eth2 bridged as br0 with IP address 172.16.100.1 connected to
different segments of the subnet 172.16.100.0/24.


                               WAN (10.10.10.1)
                                         |
                                         |
                                eth0 (10.10.10.2)



-----eth1
     eth2------
LAN (172.16.100.0/24)                                LAN
(172.16.100.0/24)


I plan to configure the Bridge IP ( 172.16.100.1) as the default gateway for
the LAN and also regulate the traffic between the two bridged interfaces
(eth1 and eth2) using a user space tool. Further since the traffic meant for
internet would pass through eth0, there would be a need to regulate the
traffic between eth1 and eth0 and also eth2 and eth0.

Is the above arrangement feasible ? Would it be possible to define static
routes on this device itself involving hosts reachable through either of the
interfaces.

Thank you in advance.



I think it's possible, but, what does "regulating traffic between the
two bridged interfaces"? Remember that a bridge works at the data link
layer, so I think it won't be possible filter bridged traffic at
higher layers (TCP/IP) on the bridge device. Maybe you can filter at
network and transport layers on the physical interfaces which are
attached to the bridge (eth1, eth2) with iptables if you really need
it. Don't know if you mean filtering by saying "regulating".

Routing and bridging is possible. The default gateway for the hosts in
172.16.100.0/24 should be  172.16.100.1, and there's nothing wrong
with using a IP which is bonded to a bridge interface. For traffic
that needs to be routed from the 172.16.100.0/24 network through the
WAN interface you can treat the bridge as a physical interface.
10.10.10.1 should be the default gateway for this machine.

Regards.
_______________________________________________
LARTC mailing list
LARTC@xxxxxxxxxxxxxxx
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[Index of Archives]     [LARTC Home Page]     [Netfilter]     [Netfilter Development]     [Network Development]     [Bugtraq]     [GCC Help]     [Yosemite News]     [Linux Kernel]     [Fedora Users]
  Powered by Linux