Setting Sentry in Bridge Mode
Brought to you by:
obsid
Menu
▾
▴
#2 Setting Sentry in Bridge Mode
I have been trying to setup a bridging firewall for quite
some time now, and have had no luck getting it to work.
I have built the script with fwbuilder on Red Hat 9, and
have everything configured on the floppy. I'm using the
latest release of SentryFirewall rc.10. The problem, is
that nothing will pass through it, even when I try to
open everything up.
Does someone have a sample configuration (in fwbuilder)
that I can look at to see what I need to do? Also, for a
bridging firewall, do I need to have 3 Network cards in
the machine, or can I just use 2?
My first try at this was using a Compaq ML370 with 3
NICs. NIC 1 was the management interface with a live
IP. NIC 2 and 3 were setup as un-numbered interfaces
to just filter traffic. I do NOT want any routing or any
type of NAT on this machine. It's primary function will be
to filter IP ports (live IP's on the external side, and live
IP's on the internal side)
Thanks in advance!
Logged In: YES
user_id=594915
I did the following :-
Set up the machine with 2 nic cards (management from
console only)
#!/bin/sh
#
# rc.firewall This shell script boots up the bridge and firewall.
#
#
# For use with the Sentry Firewall.
BRCTL=/usr/sbin/brctl
IPTABLES=/sbin/iptables
IFCONFIG=/sbin/ifconfig
${IFCONFIG} br0 down
${BRCTL} delbr br0
${BRCTL} addbr br0
${BRCTL} stp br0 off
${BRCTL} addif br0 eth0
${BRCTL} addif br0 eth1
${IFCONFIG} eth0 down
${IFCONFIG} eth1 down
${IFCONFIG} eth0 0.0.0.0 up
${IFCONFIG} eth1 0.0.0.0 up
${IFCONFIG} br0 up
At this point my bridge works.
I then added iptables firewall rules using Shawn Grimes
document
http://linux.co.uk/Members/oddjob/howtos/additional_docs/Fir
ewalling_for_Free.pdf as a guide.