Re: [uml-user] UML networking with a network transparent, bridging firewall

Sun, 04 Dec 2005 15:54:03 -0800 

Thanks Jeff,
I guess perhaps I have made a juvenile, schoolboyish type of error in
my conceptual model here.
Its just that all the documentation I have found so far concerning
bridging firewalls describe devices that have just one input and one
output, hence the "lego" style design.

I guessed this could be achieved using only one bridge, although as I
say, I couldn't find much info concerning more than one output
interface on the firewall.

I'm with you on the routing idea but this gets political between me
and the university IT dept. This way I get to manage my own hardware.
(Read: the project may actually happen before hell freezes over ;-)

Time some more reading about ebtables...
Regards!
--
Guy


On 12/2/05, Jeff Dike <[EMAIL PROTECTED]> wrote:
> On Fri, Dec 02, 2005 at 06:02:13PM +0000, Guy Heatley wrote:
> > Hi!
> > I have a cluster of UMLs networked together using ethernet bridging
> > and tun/tap.
> > I want to connect to a network with the following stipulations:
> >
> > 1) The UMLs (and UML host) have predetermined range of IP addresses on
> > a wider subnet. These need to stay fixed.
> >
> > 2) I want to firewall off the UMLs to prevent UML users doing nasty
> > things to the rest of the subnet e.g. setting up a DHCP server that
> > would be in competition with the real one.
> >
> > I have created 2 bridges on the host: One to hang the UMLs off and the
> > other to act as a bridging firewall, but I cant figure out how to
> > connect the bridges together.
> > I have an TUN interface added to each: one is called "fw-output" - the
> > "private side" interface on the bridging firewall, and one on the
> > bridge the UMLs hang off, called "uplink".
> >
> > Does anyone know how to get network traffic to pass between fw-output
> > and uplink? (Or. a better way of solving this problem ;-)
>
> What's the matter with just using routing to get traffic where it's going?
>
> Alternatively, bridge everything together, and use iptables/ebtables to
> throw out packets that the UMLs shouldn't be sending/receiving.
>
>                                 Jeff
>


-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://ads.osdn.com/?ad_idv37&alloc_id865&op=click
_______________________________________________
User-mode-linux-user mailing list
User-mode-linux-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/user-mode-linux-user

Reply via email to