[ previous ] [ next ] [ threads ]
 
 From:  Jesse Guardiani <jesse at wingnet dot net>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  transparent bridging in 1.11
 Date:  Fri, 04 Feb 2005 12:29:25 -0500 
Hello,

I tried to get this working last night for a LONG time on a
Soekris 4801 with 1.11:

                         filtering bridge
                   +---------------------------+
                   |                           |
    m0n0 #1    <-------> WAN [m0n0 #2] OPT1 <------> Wireless AP/LAN
 (192.168.89.1)           ^      LAN                 (192.168.89.56)
                          |       ^
                          |       |
            management <--+       +--> backup management
       +--    static     ---+         +--    subnet   ---+
       |  IP: 192.168.89.13 |         | 192.168.1.51/24  |
       |  GW: 192.168.89.1  |         +------------------+
       +--------------------+

m0n0 #1 is a Generic PC functioning as my ADSL PPPoE driver,
as well as my internet firewall. m0n0 #2 is the Soekris 4801
and intended to be purely a transparent filtering bridge for
traffic shaping. m0n0 #2 is a test box. I'm trying to work
out the kinks in this setup so I can place m0n0 #2 into a
production environment with public IPs. In the production
environment it will be exceedingly important that m0n0 #2
perform as a completely transparent filtering bridge because
in the production environment the device attached to the WAN
will be a Cisco router with multiple subnets. I want to avoid
performing routing on the m0n0wall at all costs!

The rest of this email will deal only with m0n0 #2. Forget
about m0n0 #1. Just think of it as my internet gateway.

OK. I gave my WAN interface a static IP because it seemed
to be the only choice that made sense, and then I bridged
my OPT1 to the WAN and enabled OPT1. This should enable
a completely transparent filtering bridge setup, correct?

However, the bridge doesn't seem to be working as
transparently as I would expect:

For example, if I give the WAN interface the private static
IP: 192.168.89.13 with an appropriate GW, then traffic passes
properly. I don't see any additional hops when I traceroute
to the internet from my LAN, so the bridge appears to be
functioning transparently.

But if I give the WAN interface a PUBLIC static IP, then
traffic stops passing correctly. It's as if the m0n0wall is
performing routing internally, instead of just transparent
bridge filtering.

Now, I *think* that this is because my WAN interface has
an IP. I don't think it would be possible for m0n0wall to
perform any routing on this bridge if neither interface
had an IP. So how do I make an IP-less filtering bridge?
Or how do I fix my problem otherwise?

-- 
Jesse Guardiani, Systems Administrator
WingNET Internet Services,
P.O. Box 2605 // Cleveland, TN 37320-2605
423-559-LINK (v)  423-559-5145 (f)
http://www.wingnet.net