Simon Walter writes:
> On 06/10/2016 03:55 PM, Greg Olsen wrote:
>> On 2016-06-10 06:34, Greg Olsen wrote:
>> [snip]
>> > The only side-effect are the extra messages during ifup with
>> > "bridge_ports none":
>> >
>> > iface testbr1 inet static
>> > bridge_ports none
>> >
On 06/10/2016 03:55 PM, Greg Olsen wrote:
On 2016-06-10 06:34, Greg Olsen wrote:
[snip]
> The only side-effect are the extra messages during ifup with
> "bridge_ports none":
>
> iface testbr1 inet static
> bridge_ports none
> address 10.91.0.1
> netmask 255.25
On 2016-06-10 06:34, Greg Olsen wrote:
[snip]
> The only side-effect are the extra messages during ifup with
> "bridge_ports none":
>
> iface testbr1 inet static
> bridge_ports none
> address 10.91.0.1
> netmask 255.255.0.0
> network 10.91.0.0
> broadcast
On 2016-06-10 03:02, Simon Walter wrote:
[snip]
> Though, you do need to specify the bridge to be created and destroyed,
> which is something I thought was done automatically. It is when there
> are ports specified. As Rainer pointed out, when bridge_ports is "none",
> then the bridge device is
On 06/09/2016 10:24 PM, Simon Hobson wrote:
Or I could do as Mr. Hobson does and run shorewall in a container. Would that actually be
a more insulated "secure" approach?
"Security" is a relative thing, and depends on your priorities. Putting the
firewall in it's own VM would improve isolation
On 2016-06-09 02:50, Simon Walter wrote:
> Hi everyone,
>
> After some testing, I have a question about an option in
> /etc/default/shorewall:
> wait_interface
> If I add the bridge interface to that line, shorewall will not start
> unless a container is brought up. I suppose that is why I was thi
Simon Walter wrote:
> After some testing, I have a question about an option in
> /etc/default/shorewall:
> wait_interface
> If I add the bridge interface to that line, shorewall will not start unless a
> container is brought up. I suppose that is why I was thinking of bridging the
> bridge ine
Hi everyone,
After some testing, I have a question about an option in
/etc/default/shorewall:
wait_interface
If I add the bridge interface to that line, shorewall will not start
unless a container is brought up. I suppose that is why I was thinking
of bridging the bridge inerface with a tap i
Adam, Rainer, Simon,
Thanks guys. I thought I knew what I was doing, but now I think I might
be able to execute this better with all of your advice.
Cheers,
Simon
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/
Simon Walter writes:
> On 06/06/2016 08:48 PM, Rainer Weikusat wrote:
>> Simon Walter writes:
>>> On 06/05/2016 12:16 AM, Rainer Weikusat wrote:
Simon Walter writes:
[...]
> auto br0
> iface br0 inet static
> pre-up ip tuntap add dev tap0 mode tap
> pre-up ip l
Simon Walter wrote:
>> You don't need the tap port for that, the bridge will happily work
>> without any ports statically assigned to it.
>
> And will I be able to set up iptables with just the bridge? I was thinking of
> using shorewall. I've never used it before, but it seems like it's
> con
On 06/06/2016 08:48 PM, Rainer Weikusat wrote:
Simon Walter writes:
On 06/05/2016 12:16 AM, Rainer Weikusat wrote:
Simon Walter writes:
[...]
I am adding containers (LXC) and
virtual network to the box, I think I will add an tap and bridge
interface to an /etc/network/interface.d/ file. If
Simon Walter writes:
> On 06/05/2016 12:16 AM, Rainer Weikusat wrote:
>> Simon Walter writes:
>>
>> [...]
>>
>>> I am adding containers (LXC) and
>>> virtual network to the box, I think I will add an tap and bridge
>>> interface to an /etc/network/interface.d/ file. If I use something
>>> like:
>
On 06/05/2016 12:16 AM, Rainer Weikusat wrote:
Simon Walter writes:
[...]
I am adding containers (LXC) and
virtual network to the box, I think I will add an tap and bridge
interface to an /etc/network/interface.d/ file. If I use something
like:
auto br0
iface br0 inet static
pre-up ip t
Simon Walter writes:
[...]
> I am adding containers (LXC) and
> virtual network to the box, I think I will add an tap and bridge
> interface to an /etc/network/interface.d/ file. If I use something
> like:
>
> auto br0
> iface br0 inet static
> pre-up ip tuntap add dev tap0 mode tap
> pr
On 06/03/2016 11:23 PM, Rainer Weikusat wrote:
This stop-modify-restart is a bit coarse-grained and it's also
possible to do this manually without 'interface downtime' but there's
no general interface for that: The sequence of commands will depend on
both the running configuration and the desir
On Fri, Jun 03, 2016 at 05:14:28PM +0200, Didier Kryn wrote:
> Le 03/06/2016 12:52, Simon Walter a écrit :
> >OK. I see. So it's only with restart. Got it. By non-static is that only
> >dhcp or are there other non-static setups? I would imagine a dhcp setup
> >would restart fine, but maybe I am suc
Le 03/06/2016 12:52, Simon Walter a écrit :
OK. I see. So it's only with restart. Got it. By non-static is that only
dhcp or are there other non-static setups? I would imagine a dhcp setup
would restart fine, but maybe I am such a simple user.
You can still stop and then start...
Didie
Rainer Weikusat writes:
> Simon Walter writes:
>> I am working on some cdist scripts for setting up some network interfaces.
>>
>> So far I am modifying the /etc/network/interfaces and then bring down
>> and up the interfaces. For a while now /etc/init.d/networking has a
>> warning that it is dep
Simon Walter writes:
> I am working on some cdist scripts for setting up some network interfaces.
>
> So far I am modifying the /etc/network/interfaces and then bring down
> and up the interfaces. For a while now /etc/init.d/networking has a
> warning that it is deprecated. I understand why. So I
On Fri, Jun 03, 2016 at 07:52:51PM +0900, Simon Walter wrote:
> On 06/03/2016 04:43 PM, Adam Borowski wrote:
> > On Fri, Jun 03, 2016 at 08:56:50AM +0900, Simon Walter wrote:
> >> I am working on some cdist scripts for setting up some network interfaces.
> >>
> >> So far I am modifying the /etc/net
On 06/03/2016 04:43 PM, Adam Borowski wrote:
> On Fri, Jun 03, 2016 at 08:56:50AM +0900, Simon Walter wrote:
>> I am working on some cdist scripts for setting up some network interfaces.
>>
>> So far I am modifying the /etc/network/interfaces and then bring down
>> and up the interfaces. For a whil
On Fri, Jun 03, 2016 at 08:56:50AM +0900, Simon Walter wrote:
> I am working on some cdist scripts for setting up some network interfaces.
>
> So far I am modifying the /etc/network/interfaces and then bring down
> and up the interfaces. For a while now /etc/init.d/networking has a
> warning that
Hi All,
I am working on some cdist scripts for setting up some network interfaces.
So far I am modifying the /etc/network/interfaces and then bring down
and up the interfaces. For a while now /etc/init.d/networking has a
warning that it is deprecated. I understand why. So I issue:
# ip address fl
24 matches
Mail list logo
