-1

I am trying to build an Ubuntu server to act as a web content filter, using Squidguard and Dansguardian. There are great resources such as this:

https://help.nceas.ucsb.edu/ubuntu_network_configuration

I am following guides such as this one to create this web content filter server on Ubuntu Server 14.04.2:

http://www.theopensourcerer.com/2014/04/how-to-install-a-squid-dansguardian-content-filter-on-ubuntu-server/

In short, I have a virtual machine with 2 NICs, currently able to hit both the Internet through my firewall (on eth0), and then also able to hit internal Network (on eth1)s. Both NICs have static IP addresses. I am not understanding how to configure the bridge in /etc/network/interfaces. Or should I do bonding? I have installed bridge-utils already.

Here is my current, working, interfaces config that allows my server to ping external and internal and to the added routes:

# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface
auto eth0
iface eth0 inet static
        address 192.168.1.4
        netmask 255.255.255.0
        network 192.168.1.0
        broadcast 192.168.1.255
        gateway 192.168.1.2
        dns-search example.com domain.example.com
        dns-nameservers 10.16.4.198 8.8.8.8
        dns-search example.com

# The secondary network interface
auto eth1
iface eth1 inet static
        address 10.16.3.4
        netmask 255.255.255.0
        network 10.16.3.0
        broadcast 10.16.3.255
        # Persistent routes
        post-up route add -net 10.16.2.0/24 gw 10.16.3.252
        post-up route add -net 10.16.4.0/24 gw 10.16.3.252
        post-up route add -net 10.16.5.0/24 gw 10.16.3.252

My first attempt at a bridge failed to both get my test windows 7 workstation to hit the internet and I could not access its internal IP and/or eth1. Here it is:

# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface
auto eth0
iface eth0 inet static
        address 192.168.1.4
        netmask 255.255.255.0
        network 192.168.1.0
        broadcast 192.168.1.255
        gateway 192.168.1.2
        dns-search example.com domain.example.com
        dns-nameservers 10.16.4.198 8.8.8.8
        dns-search example.com

# The secondary network interface
auto eth1
iface eth1 inet static
        address 10.16.3.4
        netmask 255.255.255.0
        network 10.16.3.0
        broadcast 10.16.3.255
        # Persistent routes
        post-up route add -net 10.16.2.0/24 gw 10.16.3.252
        post-up route add -net 10.16.4.0/24 gw 10.16.3.252
        post-up route add -net 10.16.5.0/24 gw 10.16.3.252

# Bridge interface
auto br0
iface br0 inet manual
        bridge_ports eth0 eth1
        bridge_stp on

Any advice is appreciated.

LCP
  • 1
  • Why are you trying to bridge? These are obviously two different networks, and a bridge is inappropriate. – Michael Hampton May 12 '15 at 21:37
  • The guide (above) that I am following uses a bridged connection. Also I had successfully used a bridged connection with two NICs in the same type of configuration using untangle 9.04 VMware appliance. It successfully acted as a gateway for my workstations. However for reasons I do not wish to get into I was unable to provision it as a web content filter. If there is a better way to configure an Ubuntu server in a virtual machine for the purposes I am attempting, then please advise. – LCP May 12 '15 at 21:58
  • I am asking for help. I do not understand the downvotes. – LCP May 13 '15 at 03:56

2 Answers2

0

your bridge setup is wrong I think.

if you read the example carefully
your bridge needs to carry the config info not the interfaces (NICs)

====================================================== # Set up interfaces iface eth0 inet manual iface eth1 inet manual

Bridge setup

auto br0 iface br0 inet static bridge_ports eth0 eth1 address 192.168.1.2 broadcast 192.168.1.255 netmask 255.255.255.0 gateway 192.168.1.1

=======================================

but in your case I am not sure it is possible as each of your interfaces connects to separate network, I am not sure if this kind of setup can be bridged.

if I am reading your specs right than what you need to do is a. create 2 bridge interfaces , one for each NIC

i.e.

====================== br0 for eth0 internal LAN network (in your case the 192.168.x.x) and br1 for eth1 external WAN network (in your case the 10.16.x.x)

=======================

than use the appropriate bridge for input and out put of your VM in place of the ethX interfaces you are not just bridging the networks you do routing here

also maybe you should just look into using the Sophos UTM instead. it will give you all of the above and more...

vlad
  • 1
  • 1
0

Take a look at the example how to setup the Squid for transparent web filtering on an OS with 2 NICs - http://docs.diladele.com/tutorials/transparently_filtering_https_centos/index.html

Rafael
  • 534
  • 2
  • 3