May 17, 2009

Transparent firewall: I cannot get it to work,

I am trying to set up a transparent firewall using the ethernet bridge commands.
What this firewall needs to do is allow ONLY ssh through from the internet, and allow the intranet (Local Lan) to communicate with the outside world.

The internet is coming in through eth0, the local intranet LAN is past eth1

Right now I am testing with a laptop connected to eth1 via crossover cable.
I have tried these commands as spelled out in http://www.linuxjournal.com/article/8172

They do NOT work and do NOT allow the laptop to even do DHCP to get an address.

(Also the grsecurity kernel I tried to compile can't even find the hda1 but that's another story) NOTHING WORKS.

Here's what I tried and failed with:
/usr/sbin/brctl addbr br0
/usr/sbin/brctl addif br0 eth0
/usr/sbin/brctl addif br0 eth1
/sbin/ip link set br0 up
/sbin/ip addr add 192.168.0.6 brd + dev br0
/sbin/route add default gw 192.168.0.1 dev br0