I dont think you can use bridge. I have tried it and didnt get it to work. So I ended up with NAT, MASQUERADE and iptables and are happy with that.
--- Chris Watt <[EMAIL PROTECTED]> skrev: > At 13:11 2002/10/08 -0400, you wrote: > > >Can someone please tell me the easiest way to route > all traffic through a > >RedHat Linux box. I would like to pass all data > transparently from eth1 > >(inside) to eth0 (outside) and vice versa. > > Actually the problem you have with documentation is > probably a result of a > minor language problem. When you talk about > "routing" you are dealing with > fairly high-level non-transparent handling of > packets. If you want to pass > traffic transparently you should either operate the > system as a network > bridge (which will handle all protocols) or, if you > want to work at the IP > level (e.g. so that you can do a bit of filtering as > well) you should use > proxy ARP. Both of these topics are covered in HOWTO > documents on tldp.org, > although the proxy ARP documentation is a bit > lacking: Last time I looked > it only dealt with 2.0 and 2.2 series kernels. There > is information on > doing proxy ARP in the actual kernel documentation > though (and it's gotten > easier rather than > more complex since earlier versions). > > Simply enabling forwarding between your interfaces > will sort of work, it > will allow machines to use your box as a router, but > it will not be > transparent (your box would need to be listed > correctly in the routing > table on every machine that was supposed to route > through it). > > Since you describe interfaces in terms of "inside" > and "outside" I'd > suggest that proxy ARP is the logical way to go if > you have "real" IP > addresses for all the machines on the "inside". > > If you want to connect machines using a reserved ip > space (like most > consumer grade "broadband router" products do) and > just one IP address > visible from the "ouside" then what you actually > want is probably one to > many NAT (Network Address Translation) which is > still covered under the IP > Masquerade howto. This approach is also > non-transparent, but can be very > simple to configure if you just setup a DHCP server > on your "inside" > network and have it specify your NAT box as the > default gateway for all the > "inside" machines. > > Good resources in addition to the routing/advanced > routing documents: > > For proxy ARP have a look at > http://www.tldp.org/HOWTO/mini/IP-Subnetworking.html > and also > http://www.tldp.org/HOWTO/mini/Proxy-ARP-Subnet/index.html > , but keep in > mind that the second document is obsolete in its > description of the actual > software (i.e. ignore section 4). > > http://www.tldp.org/HOWTO/mini/Bridge/index.html > deals with ethernet > bridging (AFAIK the most transparent method). > > Lastly > http://www.tldp.org/HOWTO/IP-Masquerade-HOWTO/index.html > and > http://www.tldp.org/HOWTO/Masquerading-Simple-HOWTO/index.html > Are good resources for filtering and NAT. I'd > suggest you not bother with > the Firewall HOWTO for the time being as the current > version doesn't appear > to have been updated for use with kernel 2.4. > For security purposes your best bet for a first NAT > setup is probably to > copy (with the minimum necessary modifications to > make it work on your > network) the sample iptables configuration script in > section 6.4.1 of the > IP-Masquerade HOWTO. > > > > -- > redhat-list mailing list > unsubscribe > mailto:[EMAIL PROTECTED]?subject=unsubscribe > https://listman.redhat.com/mailman/listinfo/redhat-list ===== http://home.no.net/~knutove/knut_ove_hauge_kuren.htm ______________________________________________________ Se den nye Yahoo! Mail på http://no.yahoo.com/ Nytt design, enklere å bruke, alltid tilgang til Adressebok, Kalender og Notisbok -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribe https://listman.redhat.com/mailman/listinfo/redhat-list
