Linux.com

debianfirewall

debianfirewall

  • Linux.com Member
  • Posts: 5
  • Member Since: 16 May 09
  • Last Logged In: 18 May 09

Latest Posts

Posted by
Topic
Post Preview
Posted
  • debianfirewall
    Bridge firewall that allows ssh in, and allows htt
    Bridge firewall that allows ssh in, and allows http/https out, but nothing else... ebtable ruleset isn't working :( I'm trying to make a bridge firewall that allows ssh in, and allows http/https out, but nothing else... ebtable ruleset isn't working :( This is what I have so far. When I set the default policy to allow everything gets through, when deny nothing gets through: Here is the net setup: squid/sshserver --> eth1 [firewall] eth0 ---> Internet What is supposed to be allowed: ssh server (port 22 TCP) <--eth1 [firewall] eth0 <--- Internet ssh/squidserver --> eth1 [firewall] eth0 --> Internet (ports 80 and 443 TCP) What is supposed to be disallowed (spoofed ip w/o proper squidserver mac address going out) (anything else coming in) (probably anything else going out aswell (maybe allow dns, dhcp) Here is the ruleset right now: ebtables -L Bridge table: filter Bridge chain: INPUT, entries: 0, policy: ACCEPT Bridge chain: FORWARD, entries: 8, policy: DROP -p IPv4 --ip-proto icmp -j DROP -p IPv4 -i eth0 -o eth1 --ip-dst 192.168.0.22 --ip-proto tcp --ip-dport 22 -j ACCEPT -p IPv4 -i eth1 -o eth0 --ip-src 192.168.0.22 --ip-proto tcp --ip-sport 22 -j ACCEPT -p IPv4 -d 0:8:d:54:13:c9 -i eth0 -o eth1 --ip-dst 192.168.0.22 --ip-proto tcp --ip-sport 80 -j ACCEPT -p IPv4 -s 0:8:d:54:13:c9 -i eth1 -o eth0 --ip-src 192.168.0.22 --ip-proto tcp --ip-dport 80 -j ACCEPT -p IPv4 -d 0:8:d:54:13:c9 -i eth0 -o eth1 --ip-dst 192.168.0.22 --ip-proto tcp --ip-sport 443 -j ACCEPT -p IPv4 -s 0:8:d:54:13:c9 -i eth1 -o eth0 --ip-src 192.168.0.22 --ip-proto tcp --ip-dport 443 -j ACCEPT -p IPv4 -i eth0 --ip-src 192.168.0.22 -j DROP Bridge chain: OUTPUT, entries: 0, policy: ACCEPT Here are the commands used: ###The invisible bridge way: /usr/sbin/brctl addbr br0 /usr/sbin/brctl addif br0 eth0 /usr/sbin/brctl addif br0 eth1 /sbin/ip link set br0 up /sbin/ip link set eth0 up # don't ask me why /sbin/ip link set eth1 up # don't ask me why #/sbin/ip addr add 192.168.0.6 brd + dev br0 #/sbin/route add default gw 192.168.0.1 dev br0 ##Only needed if eth2 hasn't allready set default gateway # ebtables... # example rule: block all ICMP ebtables -F FORWARD ebtables -P FORWARD DROP ebtables -A FORWARD -p ip --ip-proto icmp -j DROP ## block all ICMP #ebtables -A FORWARD -i eth0 -j DROP ##Here We allow SSH to pass through to the ssh server #Incoming Connection From Internet #ebtables -i eth0 -o eth1 -p ip --ip-proto tcp --ip-destination-port 22 --ip-destination ip-of-the-ssh-server -j ACCEPT #Reply by the server To Internet #ebtables -i eth1 -o eth0 -p ip --ip-proto tcp --ip-source-port 22 --ip-source ip-of-the-ssh-server -j ACCEPT ebtables -A FORWARD -i eth0 -o eth1 -p ip --ip-proto tcp --ip-destination-port 22 --ip-destination 192.168.0.22 -j ACCEPT ebtables -A FORWARD -i eth1 -o eth0 -p ip --ip-proto tcp --ip-source-port 22 --ip-source 192.168.0.22 -j ACCEPT ##Allow squid server to access HTTP and HTTPS servers on standard ports. #Incoming Packets From HTTP Server on Internet# ebtables -i eth0 -o eth1 -p ip --ip-destination squidserver -d macaddress-of-squidserver --ip-proto tcp --i$ #Outgoing Packets From Clients on School Network# ebtables -i eth1 -o eth0 -p ip --ip-source squidserver -s macaddress-of-squidserver --ip-proto tcp --ip-des$ #Incoming Packets From HTTP Server on Internet# ebtables -i eth0 -o eth1 -p ip --ip-destination squidserver -d macaddress-of-squidserver --ip-proto tcp --i$ #Outgoing Packets From Clients on School Network# ebtables -i eth1 -o eth0 -p ip --ip-source squidserver -s macaddress-of-squidserver --ip-proto tcp --ip-des$ ##Anti-spoofing rule (Only matches the IP address of squidserver, not MAC address) ebtables -A FORWARD -i eth0 -o eth1 -p ip --ip-destination 192.168.0.22 -d 00:08:0D:54:13:C9 --ip-proto tcp --ip-source-port 80 -j ACCEPT ebtables -A FORWARD -i eth1 -o eth0 -p ip --ip-source 192.168.0.22 -s 00:08:0D:54:13:C9 --ip-proto tcp --ip-destination-port 80 -j ACCEPT ebtables -A FORWARD -i eth0 -o eth1 -p ip --ip-destination 192.168.0.22 -d 00:08:0D:54:13:C9 --ip-proto tcp --ip-source-port 443 -j ACCEPT ebtables -A FORWARD -i eth1 -o eth0 -p ip --ip-source 192.168.0.22 -s 00:08:0D:54:13:C9 --ip-proto tcp --ip-destination-port 443 -j ACCEPT ##Anti-spoofing rule (Only matches the IP address of squidserver, not MAC address) ebtables -A FORWARD -i eth0 -p ip --ip-source 192.168.0.22 -j DROP #ebtables -A FORWARD -i eth0 -j DROP #ebtables -A FORWARD -p ip -j DROP ## block everything else #ebtables -A FORWARD -i eth0 -o eth1 -p ip -j DROP The bridge works, but the filtering is either all or nothing :/
    Link to this post 19 May 09

    Bridge firewall that allows ssh in, and allows http/https out, but nothing else... ebtable ruleset isn't working :(

    I'm trying to make a bridge firewall that allows ssh in, and allows http/https out, but nothing else... ebtable ruleset isn't working :(

    This is what I have so far. When I set the default policy to allow everything gets through, when deny nothing gets through:

    Here is the net setup: squid/sshserver --> eth1 [firewall] eth0 ---> Internet

    What is supposed to be allowed:
    ssh server (port 22 TCP) <--eth1 [firewall] eth0 <--- Internet
    ssh/squidserver --> eth1 [firewall] eth0 --> Internet (ports 80 and 443 TCP)

    What is supposed to be disallowed
    (spoofed ip w/o proper squidserver mac address going out)
    (anything else coming in)
    (probably anything else going out aswell (maybe allow dns, dhcp)

    Here is the ruleset right now:
    ebtables -L
    Bridge table: filter

    Bridge chain: INPUT, entries: 0, policy: ACCEPT

    Bridge chain: FORWARD, entries: 8, policy: DROP
    -p IPv4 --ip-proto icmp -j DROP
    -p IPv4 -i eth0 -o eth1 --ip-dst 192.168.0.22 --ip-proto tcp --ip-dport 22 -j ACCEPT
    -p IPv4 -i eth1 -o eth0 --ip-src 192.168.0.22 --ip-proto tcp --ip-sport 22 -j ACCEPT
    -p IPv4 -d 0:8:d:54:13:c9 -i eth0 -o eth1 --ip-dst 192.168.0.22 --ip-proto tcp --ip-sport 80 -j ACCEPT
    -p IPv4 -s 0:8:d:54:13:c9 -i eth1 -o eth0 --ip-src 192.168.0.22 --ip-proto tcp --ip-dport 80 -j ACCEPT
    -p IPv4 -d 0:8:d:54:13:c9 -i eth0 -o eth1 --ip-dst 192.168.0.22 --ip-proto tcp --ip-sport 443 -j ACCEPT
    -p IPv4 -s 0:8:d:54:13:c9 -i eth1 -o eth0 --ip-src 192.168.0.22 --ip-proto tcp --ip-dport 443 -j ACCEPT
    -p IPv4 -i eth0 --ip-src 192.168.0.22 -j DROP

    Bridge chain: OUTPUT, entries: 0, policy: ACCEPT


    Here are the commands used:

    ###The invisible bridge way:

    /usr/sbin/brctl addbr br0
    /usr/sbin/brctl addif br0 eth0
    /usr/sbin/brctl addif br0 eth1
    /sbin/ip link set br0 up
    /sbin/ip link set eth0 up # don't ask me why
    /sbin/ip link set eth1 up # don't ask me why
    #/sbin/ip addr add 192.168.0.6 brd + dev br0
    #/sbin/route add default gw 192.168.0.1 dev br0 ##Only needed if eth2 hasn't allready set default gateway

    # ebtables...
    # example rule: block all ICMP
    ebtables -F FORWARD
    ebtables -P FORWARD DROP
    ebtables -A FORWARD -p ip --ip-proto icmp -j DROP ## block all ICMP
    #ebtables -A FORWARD -i eth0 -j DROP

    ##Here We allow SSH to pass through to the ssh server
    #Incoming Connection From Internet #ebtables -i eth0 -o eth1 -p ip --ip-proto tcp --ip-destination-port 22 --ip-destination ip-of-the-ssh-server -j ACCEPT
    #Reply by the server To Internet #ebtables -i eth1 -o eth0 -p ip --ip-proto tcp --ip-source-port 22 --ip-source ip-of-the-ssh-server -j ACCEPT
    ebtables -A FORWARD -i eth0 -o eth1 -p ip --ip-proto tcp --ip-destination-port 22 --ip-destination 192.168.0.22 -j ACCEPT
    ebtables -A FORWARD -i eth1 -o eth0 -p ip --ip-proto tcp --ip-source-port 22 --ip-source 192.168.0.22 -j ACCEPT

    ##Allow squid server to access HTTP and HTTPS servers on standard ports.
    #Incoming Packets From HTTP Server on Internet# ebtables -i eth0 -o eth1 -p ip --ip-destination squidserver -d macaddress-of-squidserver --ip-proto tcp --i$
    #Outgoing Packets From Clients on School Network# ebtables -i eth1 -o eth0 -p ip --ip-source squidserver -s macaddress-of-squidserver --ip-proto tcp --ip-des$
    #Incoming Packets From HTTP Server on Internet# ebtables -i eth0 -o eth1 -p ip --ip-destination squidserver -d macaddress-of-squidserver --ip-proto tcp --i$
    #Outgoing Packets From Clients on School Network# ebtables -i eth1 -o eth0 -p ip --ip-source squidserver -s macaddress-of-squidserver --ip-proto tcp --ip-des$
    ##Anti-spoofing rule (Only matches the IP address of squidserver, not MAC address)
    ebtables -A FORWARD -i eth0 -o eth1 -p ip --ip-destination 192.168.0.22 -d 00:08:0D:54:13:C9 --ip-proto tcp --ip-source-port 80 -j ACCEPT
    ebtables -A FORWARD -i eth1 -o eth0 -p ip --ip-source 192.168.0.22 -s 00:08:0D:54:13:C9 --ip-proto tcp --ip-destination-port 80 -j ACCEPT
    ebtables -A FORWARD -i eth0 -o eth1 -p ip --ip-destination 192.168.0.22 -d 00:08:0D:54:13:C9 --ip-proto tcp --ip-source-port 443 -j ACCEPT
    ebtables -A FORWARD -i eth1 -o eth0 -p ip --ip-source 192.168.0.22 -s 00:08:0D:54:13:C9 --ip-proto tcp --ip-destination-port 443 -j ACCEPT
    ##Anti-spoofing rule (Only matches the IP address of squidserver, not MAC address)
    ebtables -A FORWARD -i eth0 -p ip --ip-source 192.168.0.22 -j DROP

    #ebtables -A FORWARD -i eth0 -j DROP
    #ebtables -A FORWARD -p ip -j DROP ## block everything else
    #ebtables -A FORWARD -i eth0 -o eth1 -p ip -j DROP


    The bridge works, but the filtering is either all or nothing :/

  • debianfirewall
    RE: Why don't these ebtables rules work right?
    Bridge chain: FORWARD, entries: 8, policy: DROP -p IPv4 --ip-proto icmp -j DROP -p IPv4 -i eth0 -o eth1 --ip-dst 192.168.0.22 --ip-proto tcp --ip-dport 22 -j ACCEPT -p IPv4 -i eth1 -o eth0 --ip-src 192.168.0.22 --ip-proto tcp --ip-sport 22 -j ACCEPT -p IPv4 -d 0:8:d:54:13:c9 -i eth0 -o eth1 --ip-dst 192.168.0.22 --ip-proto tcp --ip-sport 80 -j ACCEPT -p IPv4 -s 0:8:d:54:13:c9 -i eth1 -o eth0 --ip-src 192.168.0.22 --ip-proto tcp --ip-dport 80 -j ACCEPT -p IPv4 -d 0:8:d:54:13:c9 -i eth0 -o eth1 --ip-dst 192.168.0.22 --ip-proto tcp --ip-sport 443 -j ACCEPT -p IPv4 -s 0:8:d:54:13:c9 -i eth1 -o eth0 --ip-src 192.168.0.22 --ip-proto tcp --ip-dport 443 -j ACCEPT -p IPv4 -i eth0 --ip-src 192.168.0.22 -j DROP Why doesn't this work?
    Link to this post 18 May 09

    Bridge chain: FORWARD, entries: 8, policy: DROP
    -p IPv4 --ip-proto icmp -j DROP
    -p IPv4 -i eth0 -o eth1 --ip-dst 192.168.0.22 --ip-proto tcp --ip-dport 22 -j ACCEPT
    -p IPv4 -i eth1 -o eth0 --ip-src 192.168.0.22 --ip-proto tcp --ip-sport 22 -j ACCEPT
    -p IPv4 -d 0:8:d:54:13:c9 -i eth0 -o eth1 --ip-dst 192.168.0.22 --ip-proto tcp --ip-sport 80 -j ACCEPT
    -p IPv4 -s 0:8:d:54:13:c9 -i eth1 -o eth0 --ip-src 192.168.0.22 --ip-proto tcp --ip-dport 80 -j ACCEPT
    -p IPv4 -d 0:8:d:54:13:c9 -i eth0 -o eth1 --ip-dst 192.168.0.22 --ip-proto tcp --ip-sport 443 -j ACCEPT
    -p IPv4 -s 0:8:d:54:13:c9 -i eth1 -o eth0 --ip-src 192.168.0.22 --ip-proto tcp --ip-dport 443 -j ACCEPT
    -p IPv4 -i eth0 --ip-src 192.168.0.22 -j DROP

    Why doesn't this work?

  • debianfirewall
    RE: Why don't these ebtables rules work right?
    This is ebtables (ethernet bridge). It cannot use iptables and can't really screw with the protocal stuff IIRC (other than notice what proto is being used).
    Link to this post 18 May 09

    This is ebtables (ethernet bridge). It cannot use iptables and can't really screw with the protocal stuff IIRC (other than notice what proto is being used).

  • debianfirewall
    Why don't these ebtables rules work right?
    This is on a bridging firewall eth0 it das internaught eth1 is the trusted network It is supposed to allow port 22 in from the internet (works) and allow a specific box to connect to http and https server, and allow nothing else for now out or in. It also is supposed to makesure no ip spoofing of the specific box happens. The port 22 in works. The http and https out doesn't [code] ###The invisible bridge way: /usr/sbin/brctl addbr br0 /usr/sbin/brctl addif br0 eth0 /usr/sbin/brctl addif br0 eth1 /sbin/ip link set br0 up /sbin/ip link set eth0 up # don't ask me why /sbin/ip link set eth1 up # don't ask me why #/sbin/ip addr add 192.168.0.6 brd + dev br0 #/sbin/route add default gw 192.168.0.1 dev br0 ##Only needed if eth2 hasn't allready set default gateway # ebtables... # example rule: block all ICMP ebtables -F FORWARD ebtables -A FORWARD -p ip --ip-proto icmp -j DROP ## block all ICMP #ebtables -A FORWARD -i eth0 -j DROP ##Here We allow SSH to pass through to the ssh server #Incoming Connection From Internet #ebtables -i eth0 -o eth1 -p ip --ip-proto tcp --ip-destination-port 22 --ip-destination ip-of-the-ssh-server -j ACCEPT #Reply by the server To Internet #ebtables -i eth1 -o eth0 -p ip --ip-proto tcp --ip-source-port 22 --ip-source ip-of-the-ssh-server -j ACCEPT ebtables -A FORWARD -i eth0 -o eth1 -p ip --ip-proto tcp --ip-destination-port 22 --ip-destination 192.168.0.22 -j ACCEPT ebtables -A FORWARD -i eth1 -o eth0 -p ip --ip-proto tcp --ip-source-port 22 --ip-source 192.168.0.22 -j ACCEPT ##Allow squid server to access HTTP and HTTPS servers on standard ports. #Incoming Packets From HTTP Server on Internet# ebtables -i eth0 -o eth1 -p ip --ip-destination squidserver -d macaddress-of-squidserver --ip-proto tcp --ip-source-port 80 -j ACCEPT #Outgoing Packets From Clients on School Network# ebtables -i eth1 -o eth0 -p ip --ip-source squidserver -s macaddress-of-squidserver --ip-proto tcp --ip-destination-port 80 -j ACCEPT #Incoming Packets From HTTP Server on Internet# ebtables -i eth0 -o eth1 -p ip --ip-destination squidserver -d macaddress-of-squidserver --ip-proto tcp --ip-source-port 443 -j ACCEPT #Outgoing Packets From Clients on School Network# ebtables -i eth1 -o eth0 -p ip --ip-source squidserver -s macaddress-of-squidserver --ip-proto tcp --ip-destination-port 443 -j ACCEPT ##Anti-spoofing rule (Only matches the IP address of squidserver, not MAC address) ebtables -A FORWARD -i eth0 -o eth1 -p ip --ip-destination 192.168.0.22 -d 00:08:0D:54:13:C9 --ip-proto tcp --ip-source-port 80 -j ACCEPT ebtables -A FORWARD -i eth1 -o eth0 -p ip --ip-source 192.168.0.22 -s 00:08:0D:54:13:C9 --ip-proto tcp --ip-destination-port 80 -j ACCEPT ebtables -A FORWARD -i eth0 -o eth1 -p ip --ip-destination 192.168.0.22 -d 00:08:0D:54:13:C9 --ip-proto tcp --ip-source-port 443 -j ACCEPT ebtables -A FORWARD -i eth1 -o eth0 -p ip --ip-source 192.168.0.22 -s 00:08:0D:54:13:C9 --ip-proto tcp --ip-destination-port 443 -j ACCEPT ##Anti-spoofing rule (Only matches the IP address of squidserver, not MAC address) ebtables -A FORWARD -i eth0 -p ip --ip-source 192.168.0.22 -j DROP ebtables -A FORWARD -i eth0 -j DROP [/code]
    Link to this post 18 May 09

    This is on a bridging firewall
    eth0 it das internaught
    eth1 is the trusted network

    It is supposed to allow port 22 in from the internet (works)
    and allow a specific box to connect to http and https server,
    and allow nothing else for now out or in. It also is supposed to makesure no ip spoofing of the specific box happens.

    The port 22 in works.
    The http and https out doesn't


    ###The invisible bridge way:

    /usr/sbin/brctl addbr br0
    /usr/sbin/brctl addif br0 eth0
    /usr/sbin/brctl addif br0 eth1
    /sbin/ip link set br0 up
    /sbin/ip link set eth0 up # don't ask me why
    /sbin/ip link set eth1 up # don't ask me why
    #/sbin/ip addr add 192.168.0.6 brd + dev br0
    #/sbin/route add default gw 192.168.0.1 dev br0 ##Only needed if eth2 hasn't allready set default gateway

    # ebtables...
    # example rule: block all ICMP
    ebtables -F FORWARD
    ebtables -A FORWARD -p ip --ip-proto icmp -j DROP ## block all ICMP
    #ebtables -A FORWARD -i eth0 -j DROP

    ##Here We allow SSH to pass through to the ssh server
    #Incoming Connection From Internet #ebtables -i eth0 -o eth1 -p ip --ip-proto tcp --ip-destination-port 22 --ip-destination ip-of-the-ssh-server -j ACCEPT
    #Reply by the server To Internet #ebtables -i eth1 -o eth0 -p ip --ip-proto tcp --ip-source-port 22 --ip-source ip-of-the-ssh-server -j ACCEPT
    ebtables -A FORWARD -i eth0 -o eth1 -p ip --ip-proto tcp --ip-destination-port 22 --ip-destination 192.168.0.22 -j ACCEPT
    ebtables -A FORWARD -i eth1 -o eth0 -p ip --ip-proto tcp --ip-source-port 22 --ip-source 192.168.0.22 -j ACCEPT

    ##Allow squid server to access HTTP and HTTPS servers on standard ports.
    #Incoming Packets From HTTP Server on Internet# ebtables -i eth0 -o eth1 -p ip --ip-destination squidserver -d macaddress-of-squidserver --ip-proto tcp --ip-source-port 80 -j ACCEPT
    #Outgoing Packets From Clients on School Network# ebtables -i eth1 -o eth0 -p ip --ip-source squidserver -s macaddress-of-squidserver --ip-proto tcp --ip-destination-port 80 -j ACCEPT
    #Incoming Packets From HTTP Server on Internet# ebtables -i eth0 -o eth1 -p ip --ip-destination squidserver -d macaddress-of-squidserver --ip-proto tcp --ip-source-port 443 -j ACCEPT
    #Outgoing Packets From Clients on School Network# ebtables -i eth1 -o eth0 -p ip --ip-source squidserver -s macaddress-of-squidserver --ip-proto tcp --ip-destination-port 443 -j ACCEPT
    ##Anti-spoofing rule (Only matches the IP address of squidserver, not MAC address)
    ebtables -A FORWARD -i eth0 -o eth1 -p ip --ip-destination 192.168.0.22 -d 00:08:0D:54:13:C9 --ip-proto tcp --ip-source-port 80 -j ACCEPT
    ebtables -A FORWARD -i eth1 -o eth0 -p ip --ip-source 192.168.0.22 -s 00:08:0D:54:13:C9 --ip-proto tcp --ip-destination-port 80 -j ACCEPT
    ebtables -A FORWARD -i eth0 -o eth1 -p ip --ip-destination 192.168.0.22 -d 00:08:0D:54:13:C9 --ip-proto tcp --ip-source-port 443 -j ACCEPT
    ebtables -A FORWARD -i eth1 -o eth0 -p ip --ip-source 192.168.0.22 -s 00:08:0D:54:13:C9 --ip-proto tcp --ip-destination-port 443 -j ACCEPT
    ##Anti-spoofing rule (Only matches the IP address of squidserver, not MAC address)
    ebtables -A FORWARD -i eth0 -p ip --ip-source 192.168.0.22 -j DROP

    ebtables -A FORWARD -i eth0 -j DROP

  • debianfirewall
    Transparent firewall: I cannot get it to work,
    I am trying to set up a transparent firewall using the ethernet bridge commands. What this firewall needs to do is allow ONLY ssh through from the internet, and allow the intranet (Local Lan) to communicate with the outside world. The internet is coming in through eth0, the local intranet LAN is past eth1 Right now I am testing with a laptop connected to eth1 via crossover cable. I have tried these commands as spelled out in http://www.linuxjournal.com/article/8172 They do NOT work and do NOT allow the laptop to even do DHCP to get an address. (Also the grsecurity kernel I tried to compile can't even find the hda1 but that's another story) NOTHING WORKS. Here's what I tried and failed with: /usr/sbin/brctl addbr br0 /usr/sbin/brctl addif br0 eth0 /usr/sbin/brctl addif br0 eth1 /sbin/ip link set br0 up /sbin/ip addr add 192.168.0.6 brd + dev br0 /sbin/route add default gw 192.168.0.1 dev br0
    Link to this post 17 May 09

    I am trying to set up a transparent firewall using the ethernet bridge commands.
    What this firewall needs to do is allow ONLY ssh through from the internet, and allow the intranet (Local Lan) to communicate with the outside world.

    The internet is coming in through eth0, the local intranet LAN is past eth1

    Right now I am testing with a laptop connected to eth1 via crossover cable.
    I have tried these commands as spelled out in http://www.linuxjournal.com/article/8172

    They do NOT work and do NOT allow the laptop to even do DHCP to get an address.

    (Also the grsecurity kernel I tried to compile can't even find the hda1 but that's another story) NOTHING WORKS.

    Here's what I tried and failed with:
    /usr/sbin/brctl addbr br0
    /usr/sbin/brctl addif br0 eth0
    /usr/sbin/brctl addif br0 eth1
    /sbin/ip link set br0 up
    /sbin/ip addr add 192.168.0.6 brd + dev br0
    /sbin/route add default gw 192.168.0.1 dev br0

Who we are ?

The Linux Foundation is a non-profit consortium dedicated to the growth of Linux.

More About the foundation...

Frequent Questions

Join / Linux Training / Board