On Wed, 21 Nov 2007 10:28:00 -0600, Matt Zagrabelny wrote: > On Wed, 2007-11-21 at 16:11 +0000, Mateus Interciso wrote: >> On Wed, 21 Nov 2007 13:04:40 +0000, Mateus Interciso wrote: > > [...] > >> Maybe, if I explain a little more about the fisical network we have, it >> may be easier to understand(or find the problem) > > I think you would need a second public IP address to assign to the Linux > box, or a third NIC that you could stick on the bottom and connect into > the D-Link Switch, see below. > >> The bridge works like this >> |---(eth0)---|---->|---(NIC1)--| >> |---BRIDGE---| |---W2k3----| >> Internet--->|---(eth1)---| |---(NIC2)--|--->[D-Link Switch]===>LAN > > > > > |---(eth0)---|---->|---(NIC1)--| > |---BRIDGE---| |---W2k3----| > Internet--->|---(eth1)---| |---(NIC2)--|--->[D-Link Switch]===>LAN > |---(eth2)---|---------------------------^ > > eth2 has 10.100.0.1 > > Looking at this picture makes my head hurt though. ;) > >> where NIC1 has the internet IP assigned by the ISP, and NIC2 has the >> internal IP 10.100.0.2, I would like to put the ip 10.100.0.1 on the >> bridge, so that I can access via ssh, and use internet there, so I can >> download ebtables to make the firewall, as well as other monithoring >> tools (like SNMP for instance). > > If you want to use the internet with a 1918 address, then you will have > to stick it behind a NAT device, in your diagram it is in front. How is > the address supposed to be translated? > >> But when I put >> ifconfig br0 10.100.0.1 netmask 255.255.255.0 up it doesn't ping >> 10.100.0.2 for instance, am I missing something here? > > It arps for 10.100.0.2 and no one responds, this is expected as the arp > request doesn't ever reach NIC2 on W2k3. The windows is actually routing the internet to all the clients, and strangelly the VoIP works behind windows RRAS and not behind Linux NAT, so I figured to make a linux bridge and put a firewall,snort,etc there... I'll try sticking the 3rd NIC on the bridge, and linking directly in the D-Link Switch, of course it should work, and make a mess of a drawing, but...if that's what it needs... Thanks a lot :D Mateus - To unsubscribe from this list: send the line "unsubscribe linux-net" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
