RE: Linux bridging and cascaded switches

Linux Advanced Routing and Traffic Control

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

> On the bridged firewall - The simplest/ easiest/ well tested 
> method would be to run ebtables. A more complex method used 
> before the arrival of ebtables involved pseudo-bridging.

Yes - thanks.  I've been trying some ebtables experiments.  Layer 2
filtering - takes some getting used to!   

More fundamentally, can I cascade these switches and my bridge/firewall
this deep?  How do the Internet router and internal servers find each
others' MAC addresses when they are 4 "hops" (OSI layer 2 hops)
separated?  Or am I making this too complicated?

> Internal---User---Core-----Firewall---Internet---Internet router
> Servers   switch  switch  (Bridged)    switch   (and default GW for
>                                                  internal servers)

Thanks

- Greg



-----Original Message-----
From: Mohan Sundaram [mailto:mohan.tux@xxxxxxxxx] 
Sent: Tuesday, June 19, 2007 9:53 PM
To: Greg Scott
Subject: Re:  Linux bridging and cascaded switches

Greg Scott wrote:
> Hi -
>   
> Internal---User---Core-----Firewall---Internet---Internet router
> Servers   switch  switch  (Bridged)    switch   (and default GW for
>                                                  internal servers)
> 
> The scenario is a little more complex than I drew above because the 
> internal side has more than one LAN segment participating in the
bridge.
> I'm working on a way to simulate all this here - before going into 
> production - but I have a big question;
> 
> That firewall/bridge is no longer a router - it's a bridge.  Well, a 
> bridge that also does a bunch of stateful IP layer 3 filtering.  So 
> now, it will participate in a spanning tree setup with all those 
> switches, on both sides of it - right?  I'm guessing I want to turn 
> off STP in this case.  Am I on the right track?
> 
> Thanks
> 
> - Greg Scott
 From what you have drawn, it seems like we will not have multiple paths
in the LAN and so STP will not be needed.

On the bridged firewall - The simplest/ easiest/ well tested method
would be to run ebtables. A more complex method used before the arrival
of ebtables involved pseudo-bridging.

Mohan
_______________________________________________
LARTC mailing list
LARTC@xxxxxxxxxxxxxxx
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[Index of Archives]     [LARTC Home Page]     [Netfilter]     [Netfilter Development]     [Network Development]     [Bugtraq]     [GCC Help]     [Yosemite News]     [Linux Kernel]     [Fedora Users]
  Powered by Linux