This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Help with bridging

I just downloaded and installed v7 on a spare computer.   I installed 3 NICs  and I am kind of confused on how bridging works and how to set it up.

What I am trying to accomplish is having 1 NIC to connect to for admin purposes and having the other 2 bridged.  I successfully configured the bridge (although I am confused about the convert interface option).

This is how I tried to set it up and was unsucessful when trying to ping a dns server out on the internet.

-->  -->  --> LAN

Questions:
1. Do I need to restart ASG (and other equipment) after I connect everything?
2. I already read the admin guide and it didn't give me a lot of information about bridging - Can someone explain what convert interfaces means?
3. What is the best practice for this as far as the amount of NICs - is it recommended to have 3, 2 for bridging and 1 for admin?
4. Where can I see - or what am I supposed to see when the bridge is sucessfully configured?

Sorry for all the questions - I appreciate any help ...

Thanks,

This thread was automatically locked due to age.

Parents

0 Mike_Cunningham over 17 years ago

I'm also trying to create a bridge for testing & monitoring with little success.

Three NICs, one for admin purposes (on a different subnet), two used to create a bridge (no IP addesses assigned).

The ASG is plugged into a switch port replacing the cable that feeds a small switch in a lab, which should allow (and monitor) all traffic with a single rule of Any source - Any service - Any Destination - Allow.

I'm seeing all/most ? traffic dropped in the packetfilter log.

I thought using this kind of configuration, you could drop a bridged ASG anywhere in
a network, without changing or adding IP addresses ?

Any suggestions or ideas would be appreciated.
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 Mike_Cunningham over 17 years ago

I'm also trying to create a bridge for testing & monitoring with little success.

Three NICs, one for admin purposes (on a different subnet), two used to create a bridge (no IP addesses assigned).

The ASG is plugged into a switch port replacing the cable that feeds a small switch in a lab, which should allow (and monitor) all traffic with a single rule of Any source - Any service - Any Destination - Allow.

I'm seeing all/most ? traffic dropped in the packetfilter log.

I thought using this kind of configuration, you could drop a bridged ASG anywhere in
a network, without changing or adding IP addresses ?

Any suggestions or ideas would be appreciated.
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 BrucekConvergent over 17 years ago in reply to Mike_Cunningham

You only need 2 nics (although a 3rd on is not a bad idea). I have a customer running a 425 like this, works fine. Not sure why you're dropping traffic, though.
Cancel
Vote Up 0 Vote Down

Cancel
0 Mike_Cunningham over 17 years ago in reply to BrucekConvergent

Further to my previous post where all traffic appears to be dropped across the bridge, if I assign an IP address to the bridge, with the any-any-any-allow rule, I get no filtering and things appear to work as expected. (all traffic is passed)

Can anyone tell me why ? This sort of negates the advantage of a transparent bridge if I have to assign it an IP address.

Thanks,

Mike
Cancel
Vote Up 0 Vote Down

Cancel
0 BarryG over 17 years ago in reply to Mike_Cunningham

I suppose you could give it an IP that wouldn't be reachable on your network.

Barry
Cancel
Vote Up 0 Vote Down

Cancel
0 BrucekConvergent over 17 years ago in reply to BarryG

Why is it a problem to have an IP address assigned to the bridge? It doesn't force you to NAT anything, etc. I've had no issues with it set this way. If it's set to an RFC internal range (10.0.0.0/8, 172.16.0.0/16 through 172.32.0.0/16, 192.168.0.0/24), it's not routable from the internet....
Cancel
Vote Up 0 Vote Down

Cancel