Nieuws:

Welkom, Gast. Alsjeblieft inloggen of registreren.
Heb je de activerings-mail niet ontvangen?

Auteur Topic: Linux/Ubuntu Bridge for firewall/iptables  (gelezen 284 keer)

Offline erikkn

  • Lid
Linux/Ubuntu Bridge for firewall/iptables
« Gepost op: 2016/01/06, 21:16:47 »
Hi guys,

I'm totaly stuck with a problem and I could use your help :).
Topology: Modem - Router (192.168.77.254) - bridge - switches. The idea is to configure the bridge as a firewall for the network.

I started with installing the bridge utils (apt-get install bridge-utils). After that i made the bridge (brctl addbr br0) and added my interfaces to the bridge (brctl addif eth0 p1p1).
After this i changed my /etc/network/interfaces:

# The loopback network interface
auto lo br0
iface lo inet loopback

# The primary network interface
auto p1p1
iface p1p1 inet manual

auto eth0
iface eth0 inet manual
#
auto p2p1
iface p2p1 inet static
address 192.168.77.121
netmask 255.255.255.0
gateway 192.168.77.254
dns-nameserver 8.8.8.8
#
auto br0
iface br0 inet dhcp
bridge_ports p1p1 eth0

As you can see i've one management interface for SSH access.

Okay, so after this i placed this PC between my router and core-switch and it's working. When i unplug one cable, i've no internet, so the bridge is working.

Now that the bridge is working, i made some iptables rules. For testing purpose i inserted the following rules:
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -j DROP
iptables -A FORWARD -j DROP
iptables -A OUTPUT -p tcp --sport 22 -j ACCEPT
iptables -A OUTPUT -j DROP

Now the following problem occurs: i can still use the internet, the iptables are not working!
Can please someone point me to the right direction, cuz like i said, im stuck.

Thanks!

Offline Buzzin

  • Lid
  • Steunpunt: Nee
Re: Linux/Ubuntu Bridge for firewall/iptables
« Reactie #1 Gepost op: 2016/01/07, 15:21:14 »
Ik heb geen problemen om engels te lezen/begrijpen, maar dit is een Nederlands forum.
Graag je vraag vertalen.
Football: A battle between two teams of mindless thugs over scraps of coloured cloth. Usually accompanied by the spectacle of 22 overpaid primadonnas kicking a ball on a field.
DebianDevuan, KDE & OperaVivaldi addict, RedHat Engineer

Offline Buzzin

  • Lid
  • Steunpunt: Nee
Re: Linux/Ubuntu Bridge for firewall/iptables
« Reactie #2 Gepost op: 2016/01/07, 15:34:54 »
Misschien dat ik je niet helemaal begrijp, maar waarom ├╝berhaupt een bridge?
Volgens mij kun je dit toch afhandelen met iptables?
De firewalls hier hebben in ieder geval geen bridging aan staan en werken prima als router/firewall als spin in 6 netwerken....
Football: A battle between two teams of mindless thugs over scraps of coloured cloth. Usually accompanied by the spectacle of 22 overpaid primadonnas kicking a ball on a field.
DebianDevuan, KDE & OperaVivaldi addict, RedHat Engineer