Problems Bridging/Firewalling..

I have tried a couple angles on this and am still having challenges..

I have set out to build an Ethernet Bridge/Firewall for a GenII Honeynet
with some old hardware (PII-233mHz-80Gb RAM).. The machine has 3
interfaces. eth1 is to my internal protected net (192.168.1.0). eth0 is
connected to my DSL modem. eth2 is connected to my hub where my 5 statics ip
addressed boxes sit. eth0 and eth2 are the same subnet 66.xxx.xxx.248/32...
So eth0 connects to the dsl provider where the default gateway for my subnet
resides..
I started with installing RedHat9 and followed what I could find for HOW
TO's.. I setup eth0 and eth2 with 0.0.0.0 for their ip address and
configured eth1 appropriately.. Next, the HOWTO's called for updating the
kernel for the briding utils and ebtables to work properly.. I compiled a
2.4.23 kernel with the options needed for bridging and queueing (to allow
iptables to see the packets).. I connected eth0 and eth2 and configured the
bridge..

[root@genii]# brctl addbr br0
[root@genii]# brctl addif br0 eth0
eth0 enters promiscuous mode
[root@genii]# brctl addbr br0 eth2
eth2 enters promiscuous mode

From what I have read, the bridge should now be working... But, I am not
seeing packets get passed through the interfaces. ifconfig -a will show
both eth0 and eth2 sending/recieving packets..

Did I miss something in my steps? Has anyone else successfully built a
bridge/firewall with RedHat 9? Any overall ideas on where to look to solve
this issue?

Thanks,
Charles

On Sat, 17 Jan 2004, CHARLES THOLEN <(E-Mail Removed)> wrote:
> I have tried a couple angles on this and am still having challenges..
>
> I have set out to build an Ethernet Bridge/Firewall for a GenII Honeynet
> with some old hardware (PII-233mHz-80Gb RAM).. The machine has 3
> interfaces. eth1 is to my internal protected net (192.168.1.0). eth0 is
> connected to my DSL modem. eth2 is connected to my hub where my 5 statics ip
> addressed boxes sit. eth0 and eth2 are the same subnet 66.xxx.xxx.248/32...
> So eth0 connects to the dsl provider where the default gateway for my subnet
> resides..
> I started with installing RedHat9 and followed what I could find for HOW
> TO's.. I setup eth0 and eth2 with 0.0.0.0 for their ip address and
> configured eth1 appropriately.. Next, the HOWTO's called for updating the
> kernel for the briding utils and ebtables to work properly.. I compiled a
> 2.4.23 kernel with the options needed for bridging and queueing (to allow
> iptables to see the packets).. I connected eth0 and eth2 and configured the
> bridge..

I have not bridged, but it should not be necessary with SBC static IPs
(which in your case should be a /29 or netmask 255.255.255.248, not to be
confused with your network IP). If your bridge box has no public IP, it
would certainly make it impossible for your eth1 network to reach the
outside world unless it runs through something to masquerade it as a
public IP.

One thing you left out was how you are connected to the internet. Are you
using an SBC supplied modem/router (which already splits out your IPs) or
a simple bridge modem (and whether that uses pppoe or dhcp, which differs
by SBC region). For pppoe incoming traffic for your IPs would all be
routed to your connecting IP, or for dhcp you would not even need a bridge
(just hub/switch).

I just have a single dynamic SBC IP, but I did set up a 255.255.255.248
wireless subnet on eth1 of a box with proxy_arp enabled on eth0, so
wireless IPs appear to be on my main LAN.

--
David Efflandt - All spam ignored http://www.de-srv.com/

I have 5 static ips from SBC.. I have their standard DSL modem...

66.xxx.xxx.253 is my linksys router... eth1 connects to that privat network
and gets to the internet through that... The purpose of the bridge is to be
able to log and firewall the traffic comming to/from my 66.xxx.xxx.248/29
network...

The problem I am having is getting the kernel or the bridge software to pass
the ethernet packets properly...


"David Efflandt" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> On Sat, 17 Jan 2004, CHARLES THOLEN <(E-Mail Removed)> wrote:
> > I have tried a couple angles on this and am still having challenges..
> >
> > I have set out to build an Ethernet Bridge/Firewall for a GenII Honeynet
> > with some old hardware (PII-233mHz-80Gb RAM).. The machine has 3
> > interfaces. eth1 is to my internal protected net (192.168.1.0). eth0 is
> > connected to my DSL modem. eth2 is connected to my hub where my 5
statics ip
> > addressed boxes sit. eth0 and eth2 are the same subnet
66.xxx.xxx.248/32...
> > So eth0 connects to the dsl provider where the default gateway for my
subnet
> > resides..
> > I started with installing RedHat9 and followed what I could find for HOW
> > TO's.. I setup eth0 and eth2 with 0.0.0.0 for their ip address and
> > configured eth1 appropriately.. Next, the HOWTO's called for updating
the
> > kernel for the briding utils and ebtables to work properly.. I compiled
a
> > 2.4.23 kernel with the options needed for bridging and queueing (to
allow
> > iptables to see the packets).. I connected eth0 and eth2 and configured
the
> > bridge..
>
> I have not bridged, but it should not be necessary with SBC static IPs
> (which in your case should be a /29 or netmask 255.255.255.248, not to be
> confused with your network IP). If your bridge box has no public IP, it
> would certainly make it impossible for your eth1 network to reach the
> outside world unless it runs through something to masquerade it as a
> public IP.
>
> One thing you left out was how you are connected to the internet. Are you
> using an SBC supplied modem/router (which already splits out your IPs) or
> a simple bridge modem (and whether that uses pppoe or dhcp, which differs
> by SBC region). For pppoe incoming traffic for your IPs would all be
> routed to your connecting IP, or for dhcp you would not even need a bridge
> (just hub/switch).
>
> I just have a single dynamic SBC IP, but I did set up a 255.255.255.248
> wireless subnet on eth1 of a box with proxy_arp enabled on eth0, so
> wireless IPs appear to be on my main LAN.
>
> --
> David Efflandt - All spam ignored http://www.de-srv.com/