From 9a9d03e748d8134f3312fb7e53c68c8c68f8328e Mon Sep 17 00:00:00 2001 From: teastep Date: Thu, 6 Jul 2006 15:22:50 +0000 Subject: [PATCH] Clarify when a bridge/firewall is appropriate git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@4193 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb --- docs/bridge.xml | 18 ++++++++++++++---- docs/two-interface.xml | 4 +--- 2 files changed, 15 insertions(+), 7 deletions(-) diff --git a/docs/bridge.xml b/docs/bridge.xml index c68ac7776..8e68e371c 100644 --- a/docs/bridge.xml +++ b/docs/bridge.xml @@ -15,7 +15,7 @@ - 2006-03-20 + 2006-07-06 2004 @@ -168,6 +168,16 @@ + + Inserting a bridge/firewall between a router and a set of local + hosts only works if those local hosts form a single IP network. In the + above diagram, all of the hosts in the loc zone are in the + 192.168.1.0/24 network. If the router is routing between several local + networks through the same physical interface (there are multiple IP + networks sharing the same LAN), then inserting a bridge/firewall between + the router and the local LAN won't work. + + There are other possibilities here -- there could be a hub or switch between the router and the Bridge/Firewall and there could be other systems connected to that switch. All of the systems on the local side of @@ -239,8 +249,8 @@ BOOTPROTO=dhcp ONBOOT=yes - On both the SUSE and Mandriva systems, - a separate script is required to configure the bridge itself. + On both the SUSE and Mandriva systems, a + separate script is required to configure the bridge itself. Here are scripts that I used on a SUSE 9.1 system. @@ -607,4 +617,4 @@ dmz br0:eth2 - + \ No newline at end of file diff --git a/docs/two-interface.xml b/docs/two-interface.xml index c03700458..fbf3920b3 100644 --- a/docs/two-interface.xml +++ b/docs/two-interface.xml @@ -15,9 +15,7 @@ 2006-05-24 - 2002- - - 2006 + 2002-2006 Thomas M. Eastep