This is part of The Pile, a partial archive of some open source mailing lists and newsgroups.
Subject: Re: transparent bridging .. (I think thats what it's called) From: Jerry Winegarden <jbw@oit.duke.edu> Date: Tue, 14 Dec 1999 21:17:00 -0500 (EST) On Mon, 13 Dec 1999, Mohammad A. Haque wrote: > Anyone know how to setup (if possible) a transparent bridge using linux? > > basically need my network to look like this without subnetting... > > [ DSL router ]---[ linux bridge ]-----[ DNS/SMTP/HTTP machine ] > eth0 eth1 > > I know freebsd can do it . Wondering if linux can. > The answer is definitely - yes, but... You really should use IP Masquerading (via IP Chains) and include portforwarding to allow access through your firewall for one web server, one mail server, one ftp server, or one of whatever network server you want. This means: you will look like ONE MACHINE to the ISP, you will have a firewall to protect you (some) from bad guys, and you will still be able to have your web server accessible from outside. The IP Masq is easy (the IP Masq HOWTO and there are web sites that will produce your rc.firewall script with the proper invocations of the ipchains command or the IP Masquerade HOWTO has an example a (semi)strong firewall script. If you have a recent enough version of RedHat (e.g. 6.x), IP Chains support will be present in your kernel. You may also want to run dhcpd on your linux box for your internal LAN. Are you sure you want to run a DNS server that's accessible from the outside? A caching-nameserver is a pretty good idea, since it would reduce the number of lookups out over your (slower) DSL connection. However, what "publicly accessible" internet domain would you be providing name SERVICE for? All of your machines are on a "private local" network if you put them behind your ip masq box/firewall. With no maintenance requirements on your part (as there are with regular DNS servers), you point to your caching nameserver first (it remembers all your DNS requests/answers and builds a table dynamically) and then to your ISP's DNS server (if you haven't been there yet). What names/addresses are there that you have to make available to others not on your local LAN? That would be the only reason to have a port forward for DNS requests from outside. ===