[ previous ] [ next ] [ threads ]
 
 From:  "Holger Bauer" <Holger dot Bauer at citec dash ag dot de>
 To:  "James W. McKeand" <james at mckeand dot biz>, <m0n0wall at lists dot m0n0 dot ch>
 Subject:  AW: AW: [m0n0wall] Transparent Filtering bridge for a two-interface only machine
 Date:  Fri, 13 Jan 2006 00:57:05 +0100
exactly. I'm having several installations out using wraps like this:

System>Advanced: filtering bridge enabled

WAN: static IP of subnet the bridge is in and at the side of the bridge where the default gateway is
found, pass any to any rule, allow fragmented packets. With this kind of setup you even can manage
the device from other subnets if the default gateway knows the route.

LAN: unconnected but with a non conflicting IP as backup for management, pass any to any rule

OPT1: bridged to WAN, pass any to any rule, allow fragmented packages

On top of this I have my shaping rules. Works great :-)

Holger




> Von: James W. McKeand [mailto:james at mckeand dot biz]
> Gesendet: Donnerstag, 12. Januar 2006 14:28
> An: m0n0wall at lists dot m0n0 dot ch
> Betreff: RE: AW: [m0n0wall] Transparent Filtering bridge for a
> two-interface only machine
> 
> 
> Gl wrote:
> > --- Holger Bauer wrote:
> > 
> >> No. Only OPTx Interfaces have the capability to be
> >> bridged to other interfaces. You have to use 3
> >> interfaces and leave one empty.
> >> 
> >> Holger
> > 
> > Do you mean that I need to add an extra nic, bridge
> > optx with the lan interface, and use optx as the wan
> > interface, leaving the "real" wan interface unused?
> 
> I think you would bridge the WAN to the OPTx and leave the LAN unused
> (or use a MGMT interface).
> 
> _________________________________
> James W. McKeand
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
> 
> 

____________
Virus checked by G DATA AntiVirusKit