Requirements for a Bridge
Security - Training

Running a bridge does not take much in the way of  resources. You can use any CPU that can load a 2.6 kernel and 256 MB of RAM. The standard requirements for any Linux distro with the 2.6 kernel will work.

Lesson 5 / Lesson 7

2 Network Cards
You will need a computer with two network cards.  Review your network card to see if there are errors. Use the ifconfig command.

2.6 kernel
The most important requirement that you should consider is a 2.6 kernel. The bridging utils and ebtables all work with the 2.6 kernel.

Memory
Because you may have extensive firewall rules or to make sure you can run your firewall without using SWAP, you want to make sure you have sufficient RAM.  On the Mini-ITX 2 GB of RAM will work for almost any situation the hardware can handle.  Use the free command to check memory usage, be sure you are not using SWAP.

free
total       used       free     shared    buffers     cached
Mem:       2066776     173356    1893420          0     107320      36520
-/+ buffers/cache:      29516    2037260
Swap:      2931852          0    2931852

Securing a transparent bridge is easy...do nothing. Why? If you set the bridge up with two network cards and use them to create a bridge, you cannot connect to the bridge over the network. In the example the network cards do not have IP Addresses, only the bridge has one IP Address. The reason for this is that you are working with a lower area in the OSI model, where you are not routing so IP Addresses for the Nics are not used. This makes for a very secure firewall. The problem that occurs is that if you must make changes at the bridge, they cannot be done remotely.

The basic setup makes use of pre-configured scripts that make it easy to setup and get going with a bridge. The important point is to note that this is a basic setup and may not provided the best security so you need to evaluate it for your own purposes.

Install Required Software
There are three software applications that need to be setup on the server: iptables, ebtables and bridge-utils. This is in addition to the 2.6 Linux kernel.

Setup iptables
iptables comes with almost every Linux distribution. The configuration script that will be used as an example will be placed in /etc and will be called rc.firewall.


Bridge Utils and ebtables

apt-get install ebtables

apt-get install bridge-utils

Copyright CyberMontana Inc. and BeginLinux.com
All rights reserved. Cannot be reproduced without written permission. Box 1262 Trout Creek, MT 59874