Lucky Leavell wrote:
OS: SuSE 9.1 with latest patches
I found the thread on using SuSE as a bridging firewall earlier this year but seem to be stuck.
What is your goal? If you only want a transparent bridge-filter, you should not assign any IP to the eth's and the bridge. Just do a brctl addbr br0 brctl addif br0 eth0 brctl addif br0 eth1 (maybe you'll need to manually up the if's) and add iptables -A FORWARD -i br0 -o br0 -j ACCEPT and you should be set. Of course if the bridge filtering machine itself should be accessible it needs an IP address and correct routing/default gateway settings. But you don't have to have an ip on the bridge device nor on all if's in the bridge. Additional filtering can then be done by using -m physdev (see ebtables doc) because -i -o may become meaningless for packets traversing the bridge. Just add the usual LOG's before drop and you'll see whenever you miss a packet in the log file while building your firewall (assuming you do it yourself and not using SuSEFirewall) -- C U - -- ---- ----- -----/\/ René Gallati \/\---- ----- --- -- -