[Bridge] Linux Bridge + NAT + firewall

Sebastian Tabarce blue_moon_ro at yahoo.com
Mon Apr 30 06:23:03 PDT 2007 

Hello everybody!

I'm trying to setup at home a linux router for me and my 3 friends. Basically I had some spare network cards around and that is why I have not bought a switch or a router. Also all of us are rarely at home at the same time so bandwidth will not be a problem. And I thought it would be fun to try to make this work in linux. However, I've hit a dead end.

This is my problem:
- I have a spare computer running CentOS 5 (RHEL 5 clone) with 5 network cards
- we have an internet connection via a cable modem. The cable modem is linked at eth4 to the above computer that will be setup as router.
- all the computers in the house are linked to the same above computer to eth0...eth3.
I did the following:
- I'm using dhclient to obtain an IP for eth4 via DHCP. The internet connection works on this computer, I am able to navigate, etc. I had to spoof the MAC address of eth4 since the MAC of one of the other computers was registered at our ISP. (Yes, I could have exchanged the network cards, if it wouldn't have been a laptop....)
- I used bridge-utils to configure a bridge composed of eth0...eth3

my rc.local:

#create bridge

brctl addbr br0
brctl stp br0 off
brctl addif br0 eth0
....
brctl addif br0 eth3
ifconfig eth0 0.0.0.0
...
ifconfig eth3 0.0.0.0
ifconfig br0 192.168.0.1 netmask 255.255.255.0 up

#spoof MAC and get DHCP IP addres on eth4
ifconfig eth4 down
ifconfig eth4 hw ehter addr xx:xx:xx:xx:xx:xx:xx:xx
ifconfig eth4 up
dhclient eth4

#iptables 
 iptables -t nat -A POSTROUTING -o eth4 -j MASQUERADE
iptables -A INPUT -i eth4 -o br0 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -i eth0 -o eth4 -j ACCEPT  

- the other computers also have IPs in the 192.168.0.xxx range with 192.168.0.1 set as gateway and DNS and are running Windows and linux.

My question is how do I masquerade all  4 computers linked to br0 and make them connect to the internet using my cable modem connection on eth4?
I tried using iptables but could not obtained so far a result. IP forwarding is enabled in /etc/sysctl.conf.
I'm thinking of refining afterwards the rules to have a true firewall, but first I need a working NAT.....

Thanks a lot,
Sebastian

       
---------------------------------
Ahhh...imagining that irresistible "new car" smell?
 Check outnew cars at Yahoo! Autos.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.linux-foundation.org/pipermail/bridge/attachments/20070430/afd8aef7/attachment.htm

More information about the Bridge mailing list