Precedence web site

Wiki Home

Support-KB-NetManager >> Network-Bridging

Jump To: Support > KB > NetManager > Network > Bridging

Bridging network cards

Bridging network cards effectively turns the NetManager into a (rather expensive!) network switch. Multiple network cards can join a bridge and, in general, no more than one of them will have an IP address associated with it.

Traffic received on one network card will get forwarded onto the other network cards in the bridge, though the bridge will learn where individual machines are located and not forward on unnecessary traffic, e.g. if a bridge is made up of 4 interfaces, with machine A connected to interface 1 and machine B connected to interface 2, then traffic between A and B will not be forwarded onto interfaces 3 and 4.

The advantage of using the Netmanager to bridge rather than just connecting machines into a switch is that it can provide Firewalling on the bridge (as well as do traffic monitoring). So you could have two physical networks separated by the NetManager with the same IP address range, but block some traffic from one to the other. This is most frequently used when a private network range has been assigned by an ISP and this has been configured on all internal machines (which you are unwilling to change). Firewalling bridging would allow you to:

  • Protect your internal machines from external access. Examples from the real world include:
    • A rather daft LEA in which all schools were on the same IP address range, thus computers at one school could print to printers at another school and it would barely traceable.
    • Virus infection at an LEA spreading to all attached schools except those with NetManager installed
  • Control outbound access from internal machines. Examples include:
    • Force all users to go via the NetManager web-proxy so that you can make your filtering mandatory.
    • Block outbound POP3 or sending spam from infected machines.

If you are free to choose your own internal network range, then using NAT is usually preferable.

Configuring

Bridging can be set up from the Console Menu by going to option N (Network Configuration) and then option B (Configure bridged networking). Generally, you will configure your network without any bridging to begin with. You can then create a bridge between your internal network card and another one. The connection to the router can then be moved from being connected into the main internal network to the second network card in the NetManager (this is usually a 1-wire change).

Caveats

When firewalling is enabled on a bridge, it is important not to mix up the interfaces. The interface with an IP address configured is your usual internal network. When the firewall is in its default security mode, external traffic will not be allowed into the network from other members of the bridge.

Precedence Technologies Ltd, Technology House, 36a Union Lane, Cambridge, UK | Tel: 08456 446 800
Edit - History - Print - Recent Changes - Search
Page last modified on January 05, 2010, at 09:42 AM by sborrill