SEO

Do I have to enable bridge if I want to make Linux box (PC) as Router
(4-port NIC for local LAN and 1-port NIC for WAN)?. I have two NIC
cards, one is 4-port NIC card which is to connect all four local PC's
for Net connection and one port NIC connected to DSL/Cable MOdem. Do I
have to enable Bridge?. In this case how do I have to name the ethernet
ports, like eth0, eth1, eth2......eth4?.

Also if I want to access the Router over the LAN to configure the
Router parameters, do I have to connect one more NIC or Is there any
alternative way is there?.

Thanks.

GS wrote:
> Do I have to enable bridge if I want to make Linux box (PC) as Router
> (4-port NIC for local LAN and 1-port NIC for WAN)?. I have two NIC
> cards, one is 4-port NIC card which is to connect all four local PC's
> for Net connection and one port NIC connected to DSL/Cable MOdem. Do I
> have to enable Bridge?. In this case how do I have to name the ethernet
> ports, like eth0, eth1, eth2......eth4?.
>
> Also if I want to access the Router over the LAN to configure the
> Router parameters, do I have to connect one more NIC or Is there any
> alternative way is there?.

Unless you really need to do a lot of packet limiting to individual
machines, you would be well off to just use a switch and not need to
manage five NICs. You don't need or want bridge, you want each machine
to have a private IP address, like 192.168.1.xxx (xxx range 1..254).
Then you set you main machine to MASQUERADE packets from the internal
NIC(s) to the outside world, so only the correct ISP provided IP address
shows.

You want the iptables policy to reject everything in the INPUT stream,
then allow only what you really want to pass. As a start, I make the
first (most often used) rule to accept anything established or related.
Then you accept as little as possible from the internal machines, only
things like http, maybe mail (smtp) connections to your provider's
outbound mailer, etc. If you use chat or similar you need to open that,
but ONLY if you initiate it from you inside machines.

Unless you want to run servers, you want to drop everything except
established tcp and maybe udp sockets. *Maybe* you allow ping, if you
must. You have to turn on the forwarding flag in /proc/sys/net/ipv4 so
your protected machines can talk to the outside world.

Never use telnet connections, they can be sniffed and are in clear text.
Set up ssh and use that instead, change the config file (usually
/etc/ssh/sshd_config) to allow protocol two only, you will see something
like "2,1" and should replace it with just "2" because there are
weaknesses in protocol one.

To allow incoming connections, definitely use redirect so the connect
comes in on a port other than the ssh (22) port. People *will* probe all
the standard orts. If you know what IP or range of IPs you will use,
only allow connect from them.

Being secure is a fair bit of work, there are some canned solutions out
there which will do much of it for you. I hear all good things about
"Astaro Security Linux" so that's a possible, but there are others.

Needless to say, to be secure it takes a lot more work than just
plugging the wires and running. Take backups, try not to leave critical
stuff like passwords and account numbers on machines.

--
bill davidsen
SBC/Prodigy Yorktown Heights NY data center
http://newsgroups.news.prodigy.com

Bill,

Withour Bridge enabled, how can I communicate from one PC to other PC
within LAN?. Since my Linux Box should act like Router/Switch (To Route
all local LAN packets to outside WAN, also I need to switch
functionality to switch local LAN packets), for that I have to enable
Bridging. Am I wrong?.

GS wrote:

> Withour Bridge enabled, how can I communicate from one PC to other PC
> within LAN?. Since my Linux Box should act like Router/Switch (To Route
> all local LAN packets to outside WAN, also I need to switch
> functionality to switch local LAN packets), for that I have to enable
> Bridging. Am I wrong?.

What is "Bridge"?

If you have a standard distribution,
you don't need to do anything except set up routing properly,
eg with system-config-network or Start=>System Settings=>Network ...
Packets will automatically go to the right place.

You should set up a firewall, eg shorewall,
on the box connected to the world.

Maybe I misunderstood the question.

--
Timothy Murphy
e-mail (<80k only): tim /at/ birdsnest.maths.tcd.ie
tel: +353-86-2336090, +353-1-2842366
s-mail: School of Mathematics, Trinity College, Dublin 2, Ireland

Tim,

I need to do two projects on Linux, one is Linux Bridge and other one
is Linux Router. The above procedure tells for Router, I am looking for
how can I configure my Linux PC (I have two NIC's and one 4-port NIC
card too) as Bridge?. I have to do this porject on Linux Bridge, Thanks
in advance.

GS wrote:

> Tim,
>
> I need to do two projects on Linux, one is Linux Bridge and other one
> is Linux Router. The above procedure tells for Router, I am looking for
> how can I configure my Linux PC (I have two NIC's and one 4-port NIC
> card too) as Bridge?. I have to do this porject on Linux Bridge, Thanks
> in advance.

Sorry, I'm not really the person to ask,
as I don't understand the question.

I assumed you were just trying to set up a LAN
with one computer on the LAN connected to the internet,
and I just remarked that you didn't actually need to do anything
for this to work with any normal Linux distribution,
except to set up the routing appropriately.

But I think you must be trying to do something more subtle.

--
Timothy Murphy
e-mail (<80k only): tim /at/ birdsnest.maths.tcd.ie
tel: +353-86-2336090, +353-1-2842366
s-mail: School of Mathematics, Trinity College, Dublin 2, Ireland

Guys:

Basically I would like to implement 802.1Q functionality, can somebody
point me whether do I need bridge to be enabled or not?. Most of the
answers tells me, I don't need bridge to switch packets from One
Ethernet (WAN side) to the other sidee (LAN side).

Thanks.