What are the correct settings for Transparent Bridge mode?
I have a MGW that I want to physically place between a router (Default gateway) and a Firewall;
Network =>> 192.168.X.0/24 Router ==>>(eth0) MGW (eth1) ==>> 192.168.254.0/24 ==>> Firewall ==>>Cloud/Inet
several Subnets fill the spot of X
What would be the configuration Settings , under Proxies;
Transparent Bridge - Port redirects
Should I have HTTP Proxy enabled, if so what settings
In static routes do I need to put intries for each of my subnets on the network side?
as for eth0 and eth1 which Default gateway do I use?
I've attached a document with screenshots of the settings I use when I setup Transparent Bridge mode.
It should give you some idea of what to set on yours.
The only thing I don't have are the static routes. Yes, I think you would need them for the 192.168.X networks to point back to your router.
e²Message was edited by: Erik Elsasser on 9/23/10 9:08:34 PM CDT
Erik, how did you get the ibr0 to show up in your Network Interface Settings?
I am trying to prep our MWG7 for Transparent Bridge Mode and I just want to get as much done now as possible. Does it have anything to do with me not changing the Network Setup from Proxy to Transparent bridge?
you need to select 2 interfaces from your 4. For both, you need to enabled the bridge by checking "Bridge enabled". As name for both you enter ibr0 and save. You will be logged out and the box will reboot. Afterwards the bridge is created. You should make sure that you are accessing the box over a 3rd interface which is not part of the bridge as the IPs of the two interfaces will be removed.
If I understand it correctly, atleast four interfaces are required, two of those combined to form a Bridge interface. Now when a request is sent from external cloud to an internal webserver (Reverse proxy implemented in Transparent mode), Webwahser will intercept it before passing it on to the webserver. This implementation won't work if you have only two ports on webwahser appliance. Right?
I guess that in this case, I don't need to change my DNS entries to point to webwahser's IP address instead of webserver's as was the case in reverse proxy in explixit proxy mode.
I don´t see why you would need 4 interfaces. I also do not really understand why you use a bridge interface for the management console? Maybe you can explain a bit more.
Usually two interfaces should be enough:
eth0 and eth1 combined to ibr0. You can add an IP address to ibr0 which can be used by MWG to talk to the Web Servers and to access the Web GUI. You can of course use additional interfaces like eth2 for MWG to talk to the Web Servers and eth3, but that is optional.