[ previous ] [ next ] [ threads ]
 
 From:  "Holger Bauer" <Holger dot Bauer at citec dash ag dot de>
 To:  "Roy Boverhof" <furymedia at gmail dot com>
 Cc:  "Chris Buechler" <cbuechler at gmail dot com>, <m0n0wall at lists dot m0n0 dot ch>
 Subject:  AW: [m0n0wall] Filtering Bridge blocking traffic for clients with multiple IP/subnets
 Date:  Mon, 19 Dec 2005 14:21:07 +0100
The LAN-Interface has a special role in the design of m0n0wall, so the answer you already gave to
yourself is correct.
You always need a WAN and a LAN and only OPTx-interfaces can be bridged to these.

Holger


> Von: Roy Boverhof [mailto:furymedia at gmail dot com]
> Gesendet: Montag, 19. Dezember 2005 13:50
> An: Holger Bauer
> Cc: Chris Buechler; m0n0wall at lists dot m0n0 dot ch
> Betreff: Re: [m0n0wall] Filtering Bridge blocking traffic for clients
> with multiple IP/subnets
> 
> 
> Hi all,
> 
> I am also working on a filtering bridge and I was following this
> example: http://doc.m0n0.ch/handbook/examples-filtered-bridge.html
> 
> But I have a problem, my server only has 2 NIC's... and to be honest,
> I really don't need a LAN interface. Normally adding a NIC wouldn't be
> a problem but my server is a 1U server that only has space for a 64
> bit PCI-X card.
> 
> My question is, do I really really need the LAN interface? I probably
> know the answer, just making sure I don't go out and buy a 150 euro
> NIC to get this firewall working :(
> 
> Kind regards,
> 
> Roy
> 
> 
> On 12/19/05, Holger Bauer <Holger dot Bauer at citec dash ag dot de> wrote:
> > Ok, finally got time to test this with m0n0 1.2 and I can 
> confirm that this
> > is no issue with 1.2 any more. I was using 1.11 before for 
> some reason that
> > doesn't matter in this kind of configuration, so I'll move 
> to 1.2 for this
> > installation. Thanks for pointing out the solution Chris! :-)
> >
> > Holger
> >

> > > Von: Chris Buechler [mailto:cbuechler at gmail dot com]
> > > Gesendet: Donnerstag, 15. Dezember 2005 15:42
> > > Cc: m0n0wall at lists dot m0n0 dot ch
> > > Betreff: Re: [m0n0wall] Filtering Bridge blocking traffic 
> for clients
> > > with multiple IP/subnets
> > >
> > >
> > > On 12/14/05, Holger Bauer <Holger dot Bauer at citec dash ag dot de> wrote:
> > > > I want to setup a transparent filtering bridge. This device
> > > only should provide
> > > > trafficshaping and nothing else. I have set up this in the
> > > past with success and
> > > > I'm running multiple locations with that kind of setup.
> > > However I now have to
> > > > install filtering bridges at a location where Clients have
> > > multiple IP adresses
> > > > (at the same physical NIC) from different subnets:
> > > >
> > > > Example:
> > > >
> > > > ClientA--------bridged m0n0--------ClientB
> > > >
> > > >
> > > > ClientA IPs:
> > > > 192.168.1.1/24
> > > > 10.1.1.1/24
> > > >
> > > > ClientB IPs:
> > > > 192.168.1.2/24
> > > > 10.1.1.2/24
> > > >
> > >
> > > What m0n0wall version, and what hardware?  Firewall log
> > > showing anything?
> > >
> > > Versions prior to one of the 1.2 betas had a bug in the 
> antispoofing
> > > rules as related to bridged interfaces that would pop up 
> in situations
> > > like this.  It's since been fixed though.
> > >
> > > -Chris
> > >
> > > 
> ---------------------------------------------------------------------
> > > To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> > > For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
> > >
> > >
> >
> > ____________
> > Virus checked by G DATA AntiVirusKit
> >
> >
> > 
> ---------------------------------------------------------------------
> > To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> > For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
> >
> >
> 

____________
Virus checked by G DATA AntiVirusKit