Pseudo Bridge

Pseudo Bridge

Post by Frav » Thu, 29 Nov 2007 02:23:49


Hi all... I have a problem here.
I need to put a firewall that do packet limiting per second without
changing my network topology and my machines configuration... I
thinked of building a simple bridge, but a bridge can`t control
packets this way... So someone told me to do a Pseudo Bridge, but I`m
having some trouble. Here`s my network

A B
C D E
----------Gateways------------BandwithControl----------Routers---------
Clients

A = 208.48.246.0/24
B = 10.1.1.1, 10.1.1.2 or 10.1.1.3
C = 10.1.1.20 (bridge)
D = 10.1.20.0/16
E = 10.2.0.0/16

So, the wan interfaces of the routers has as default gateway 10.1.1.1,
10.1.1.2 or 10.1.1.3 passing by my bandwith controller. This works
fine!

But I need to rate the packets that come from the lan side of the
routers before passing by the bandwith controll, so I'm thinking in
build some linux box that do this with pseudo-bridging... It goes
something like

A B
C X
Y D E
----------Gateways------------BandwithControl----------PSEUDO-
BRIDGE--------------Routers---------Clients

But I don`t know which IP`s I put on interfaces X and Y.

If I configure X = 10.1.1.120 and Y=10.1.1.121, do I need to add
routes in my pseudo-bridge? If the bridge default route is 10.1.1.1,
all packets that come from Y interface would be redirected to
10.1.1.1? I don`t want this...

I need to do something that does not change any configuration or much
changes in this topology.

I think I was a bit confusing haha but it was the best way I found to
explain my problem...

Thank you all!
 
 
 

Pseudo Bridge

Post by Frav » Thu, 29 Nov 2007 02:32:53


*** in hell, what a mess! let me see if I can fix those diagrams

Hi all... I have a problem here.
I need to put a firewall that do packet limiting per second without
changing my network topology and my machines configuration... I
thinked of building a simple bridge, but a bridge can`t control
packets this way... So someone told me to do a Pseudo Bridge, but I`m
having some trouble. Here`s my network

A B C D E
---Gateways---BandwithControl--Routers--Clients

A = 208.48.246.0/24
B = 10.1.1.1, 10.1.1.2 or 10.1.1.3
C = 10.1.1.20 (bridge)
D = 10.1.20.0/16
E = 10.2.0.0/16

So, the wan interfaces of the routers has as default gateway
10.1.1.1,
10.1.1.2 or 10.1.1.3 passing by my bandwith controller. This works
fine!
But I need to rate the packets that come from the lan side of the
routers before passing by the bandwith controll, so I'm thinking in
build some linux box that do this with pseudo-bridging... It goes
something like

A B C
X Y D E
--Gateways----BandwithControl--PSEUDO-BRIDGE---Routers-Clients

But I don`t know which IP`s I put on interfaces X and Y.
If I configure X = 10.1.1.120 and Y=10.1.1.121, do I need to add
routes in my pseudo-bridge? If the bridge default route is 10.1.1.1,
all packets that come from Y interface would be redirected to
10.1.1.1? I don`t want this...
I need to do something that does not change any configuration or much
changes in this topology.
I think I was a bit confusing haha but it was the best way I found to
explain my problem...
Thank you all!

 
 
 

Pseudo Bridge

Post by Frav » Thu, 29 Nov 2007 02:38:18

damn...
The pseudo-bridges left interface is X and right interface is Y