Hi
wir haben einen Server mit 6 Nic am Start, wobei Nic 2 + 3 als Bridge Br0 laufen sollen.
Wenn ich mir mit tcpdump eth2 und eth3 ansehe, sehe ich jedoch nicht den selben Traffic. Ich bin davon ausgegangen, das der Traffic 1zu1 weitergleitet wird. Wir wollen später über IPtables den Trafic zwischen eth2 und eth3 Filtern (FW/iptables). Anbei meine Config, für den goldenen Tipp wäre ich dankbar.
[root@fil-fra network-scripts]# more ifcfg-*
:::::::::::::: ifcfg-br0 :::::::::::::: DEVICE=br0 TYPE=Bridge IPADDR=192.168.10.2 NETMASK=255.255.255.0 BROADCAST=192.168.10.255 NETWORK=192.168.10.0 STP=no IPV6INIT=no ONBOOT=yes BOOTPROTO=none :::::::::::::: ifcfg-eth0 :::::::::::::: # Intel Corporation 82546EB Gigabit Ethernet Controller (Copper) DEVICE=eth0 BOOTPROTO=none BROADCAST=xx.xx.18.63 HWADDR=00:0E:0C:68:06:F0 IPADDR=xx.xx.18.50 IPV6INIT=no IPV6_AUTOCONF=no NETMASK=255.255.255.192 NETWORK=xx.xx.18.0 ONBOOT=yes GATEWAY=xx.xx.18.1 TYPE=Ethernet :::::::::::::: ifcfg-eth1 :::::::::::::: # Intel Corporation 82546EB Gigabit Ethernet Controller (Copper) DEVICE=eth1 HWADDR=00:0E:0C:68:06:F1 ONBOOT=no BOOTPROTO=dhcp TYPE=Ethernet :::::::::::::: ifcfg-eth2 :::::::::::::: # Intel Corporation 82546GB Gigabit Ethernet Controller (Copper) DEVICE=eth2 HWADDR=00:1B:21:52:0F:78 ONBOOT=yes BRIDGE=br0 :::::::::::::: ifcfg-eth3 :::::::::::::: # Intel Corporation 82546GB Gigabit Ethernet Controller (Copper) DEVICE=eth3 HWADDR=00:1B:21:52:0F:79 ONBOOT=yes BRIDGE=br0 :::::::::::::: ifcfg-eth4 :::::::::::::: # Intel Corporation 82546GB Gigabit Ethernet Controller (Copper) DEVICE=eth4 HWADDR=00:1B:21:52:0F:7A TYPE=ETHER #BRIDGE=br1 ONBOOT=yes BOOTPROTO=dhcp :::::::::::::: ifcfg-eth5 :::::::::::::: # Intel Corporation 82546GB Gigabit Ethernet Controller (Copper) DEVICE=eth5 HWADDR=00:1B:21:52:0F:7B TYPE=ETHER #BRIDGE=br1 ONBOOT=yes BOOTPROTO=dhcp :::::::::::::: ifcfg-lo :::::::::::::: DEVICE=lo IPADDR=127.0.0.1 NETMASK=255.0.0.0 NETWORK=127.0.0.0 # If you're having problems with gated making 127.0.0.0/8 a martian, # you can change this to something else (255.255.255.255, for example) BROADCAST=127.255.255.255 ONBOOT=yes NAME=loopback [root@fil-fra network-scripts]#uname -a
Linux fil-fra 2.6.18-164.el5 #1 SMP Thu Sep 3 03:33:56 EDT 2009 i686 i686 i386 GNU/Linux[root@fil-fra network-scripts]#brctl show bridge name bridge id STP enabled interfaces br0 8000.001b21520f78 no eth3 eth2 [root@fil-fra network-scripts]#[root@rtp-filter-frankfurt network-scripts]# ifconfig -a br0 Link encap:Ethernet HWaddr 00:1B:21:52:0F:78 inet addr:192.168.10.2 Bcast:192.168.10.255 Mask:255.255.255.0 inet6 addr: fe80::21b:21ff:fe52:f78/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:8454 errors:0 dropped:0 overruns:0 frame:0 TX packets:34 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:413866 (404.1 KiB) TX bytes:8500 (8.3 KiB) eth0 Link encap:Ethernet HWaddr 00:0E:0C:68:06:F0
inet addr:xx.xx.18.50 Bcast:xx.xx.18.63 Mask:255.255.255.192 inet6 addr: fe80::20e:cff:fe68:6f0/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:42052 errors:0 dropped:0 overruns:0 frame:0 TX packets:47260 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:100 RX bytes:5850469 (5.5 MiB) TX bytes:28105052 (26.8 MiB) Base address:0x3040 Memory:fe8c0000-fe8e0000 ...
eth2 Link encap:Ethernet HWaddr 00:1B:21:52:0F:78
inet6 addr: fe80::21b:21ff:fe52:f78/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:361408 errors:0 dropped:0 overruns:0 frame:0 TX packets:204 errors:0 dropped:0 overruns:0 carrier:0 collisions:1 txqueuelen:100 RX bytes:41240902 (39.3 MiB) TX bytes:54453 (53.1 KiB) Memory:fe780000-fe7a0000 eth3 Link encap:Ethernet HWaddr 00:1B:21:52:0F:79
inet6 addr: fe80::21b:21ff:fe52:f79/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:196596 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:0 (0.0 b) TX bytes:12424750 (11.8 MiB) Memory:fe7a0000-fe7c0000 ...
lg Jan |