Hi!

Okay, this may sound a bit contradicting, simple router? Anyway, let me start with what I want to build.

I need to have a machine to work as a bridge/router between two networks.

This is the actual situation:
I am on a dhcp network which goes through a router. But I want to build a personal network within this network. So, I want one machine to interface between the "Internet" and my personal network.

I have a machine with two Intel network card. Running Slackware 9.1-current. It's job is purely as a bridge.

Now, I need help in a step by step way of what I need to do.

Performance is a consideration. Security is optional. Thanks in advance.

By the way, the personal network would consist of Slack and Mac Os X only. No pesky Windoze.

Unless I'm missing something here, this should be straight forward.

You need to configure your two NICs, this is done in /etc/rc.d/rc.inet1.conf

You need to enable IP forwarding, that's in /etc/rc.d/rc.ip_forward. Like most things in /etc/rc.d, if the init script is already in there you just need to 'chmod +x' it to enable.

I don't know your network IP details, but obviously you want to set the cards up as interfaces to two different networks.

Firewall script goes in /etc/rc.d/rc.firewall. You will probably need INPUT, OUTPUT and FORWARD tables. Masquerading/SNAT? Not enough info.

I believe that DHCP can be set up to work across routers. If not, why not just use static IPs or run your own DHCP server on the router.

That's about it.

Thanks for the pointers. Can you explain why do I need mazquerading and/or SNAT? And how do I use them.

Masquerading or SNAT are used in iptables firewall to make all network requests from a subnet (eg HTTP) appear to be coming from the machine with the firewall on it. Usually used to share internet connection between several computers.

I don't know if you need it or not, maybe not.

might be worth having a look at http://www.ipcop.org

its a distro just for firewalling, routing and most network needs.

Okay, I have some problem with setting up 2 NIC now.
I have changed my mind about using Intel NIC, I am using two 3C905C NIC.
I am using 2.6.3 kernel.

when I lspci I get

00:00.0 Host bridge: VIA Technologies, Inc. VT8363/8365 [KT133/KM133] (rev 03)
00:01.0 PCI bridge: VIA Technologies, Inc. VT8363/8365 [KT133/KM133 AGP]
00:07.0 ISA bridge: VIA Technologies, Inc. VT82C686 [Apollo Super South] (rev 40)
00:07.1 IDE interface: VIA Technologies, Inc. VT82C586/B/686A/B PIPC Bus Master IDE (rev 06)
00:07.2 USB Controller: VIA Technologies, Inc. USB (rev 16)
00:07.3 USB Controller: VIA Technologies, Inc. USB (rev 16)
00:07.4 Host bridge: VIA Technologies, Inc. VT82C686 [Apollo Super ACPI] (rev 40)
00:09.0 Ethernet controller: 3Com Corporation 3c905C-TX/TX-M [Tornado] (rev 78)
00:0a.0 Multimedia audio controller: Ensoniq ES1371 [AudioPCI-97] (rev 08)
00:0c.0 Unknown mass storage controller: CMD Technology Inc PCI0680 (rev 01)
00:0d.0 Ethernet controller: 3Com Corporation 3c905C-TX/TX-M [Tornado] (rev 78)
01:00.0 VGA compatible controller: nVidia Corporation NV17 [GeForce4 MX 460] (rev a3)

which shows two NIC detected. But my problem is

the second nic eth1 hardware address is invalid

ifconfig -a returns:

dummy0 Link encap:Ethernet HWaddr 00:00:00:00:00:00
BROADCAST NOARP MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)

eth0 Link encap:Ethernet HWaddr 00:04:75:AD:6F:3E
inet addr:10.5.0.4 Bcast:10.5.0.255 Mask:255.255.255.0
inet6 addr: fe80::204:75ff:fead:6f3e/64 Scope:Link
UP BROADCAST NOTRAILERS RUNNING MULTICAST MTU:1500 Metric:1
RX packets:29184 errors:0 dropped:0 overruns:2 frame:0
TX packets:1063 errors:0 dropped:0 overruns:0 carrier:0
collisions:37 txqueuelen:1000
RX bytes:8215818 (7.8 Mb) TX bytes:154883 (151.2 Kb)
Interrupt:9 Base address:0xcc00

eth1 Link encap:Ethernet HWaddr FF:FF:FF:FF:FF:FF
inet addr:77.7.7.1 Bcast:77.7.7.255 Mask:255.255.255.0
BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:21420 frame:0
TX packets:85932 errors:0 dropped:0 overruns:0 carrier:64260
collisions:21420 txqueuelen:1000
RX bytes:88080300 (83.9 Mb) TX bytes:88080300 (83.9 Mb)
Interrupt:9 Base address:0xe800

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:134 errors:0 dropped:0 overruns:0 frame:0
TX packets:134 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:7196 (7.0 Kb) TX bytes:7196 (7.0 Kb)

sit0 Link encap:UNSPEC HWaddr 00-00-00-00-31-00-00-00-00-00-00-00-00-00-00-00
NOARP MTU:1480 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)

A snipet of dmesg:

PCI: Found IRQ 9 for device 0000:00:09.0
PCI: Sharing IRQ 9 with 0000:00:0d.0
3c59x: Donald Becker and others. www.scyld.com/network/vortex.html
0000:00:09.0: 3Com PCI 3c905C Tornado at 0xcc00. Vers LK1.1.19
PCI: Found IRQ 9 for device 0000:00:0d.0
PCI: Sharing IRQ 9 with 0000:00:09.0
0000:00:0d.0: 3Com PCI 3c905C Tornado at 0xe800. Vers LK1.1.19
***WARNING*** No MII transceivers found!

And it also complain of :

NET: Registered protocol family 10
IPv6 over IPv4 tunneling driver
eth0: no IPv6 routers present
eth1: no IPv6 routers present

I know I turn on IPv6 module and there is no IPv6 implemented in the network. Add this in, incase it is the cause.

How can I make use of my second NIC in 2.6.* kernel. I have checked Ethernet-Howto and it says 2.6 automatically detect second or more NIC which has been done.

You're no newbie, you should be answering questions on this forum as well as asking them!
:-)

You are ahead of me on this one, I'm not using kernel 2.6.3, have never used ipV6 and have never done tunneling. Unless you somehow set all that up by accident, I think I'll have to leave this to the gurus ...

Well, I am newbie in setting up a router/bridge
I had a few attemps at it before now. I always stuck at getting the kernel to detect the second NIC. Due to lack of time, I abandon it. But now, I have to get it up because I need to use it.

It is true that I am confused with the router setup stuff.

By the way, I switch on IPv6 as module for fun. I will turn it off the next time I compile the kernel cause I notice I didn't turn on a few feature I need in the kernel for bridging. But I doubt that is the cause for detecting the MAC address on eth1 as FF:FF:FF:FF:FF:FF.

might be worth trying a 3com and a intel nic. if you have two nics the same there maybe some kernel confusion when it is trying to figure out what to do with them.

That is an idea. But I would prefer both to be 3com as it has build in checksum for a few protocol (3c905C).

Can the router goes withought name server?

How are you doing the setup for the second card? Can't you just use ifconfig eth0 and ifconfig eth1 for this, especially since they're both recognized that way? Why the ipV6? Is that the protocol you'll be using? Does iptables work with that?

IPv6 is for fun. Will remove it when I recompile my kernel.
I use ifconfig but it doesn't work. Why?
IP can be assign to it. But can't ping it from another machine.
The hardware address (MAC) shows FF:FF:FF:FF:FF:FF on the eth1 when I check it using ifconfig (refer to the posting above).
I also tried using rc.inet1.conf with the same result.

dumb question... but are you trying to ping it from the right side of the local network you're trying to set up. I apologize if this seems remedial, but I'm confused because what you're doing should be working. Can you sent the two cards up in rc.inet.conf eth0 with a private IP (10.0.0.10) and the other (eth1) with the outiside network IP and gateway (or as DHCP if that's how you're getting you numbers?

Here's a good tutorial on setting up a little ip forwarding policies for 2.4 (which should work the same on 2.6 although I haven't tested it)... http://www.tldp.org/HOWTO/IP-Masquer...FIREWALL-2.4.X

Hope that helps. Again, the ifconfig should work... It seems od that it's not.