Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
Bridging a network connection
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Documentation, Tips & Tricks
View previous topic :: View next topic  
Author Message
carambola5
Apprentice
Apprentice


Joined: 10 Jul 2002
Posts: 214
Location: Madtown, WI

PostPosted: Tue Mar 04, 2003 7:28 am    Post subject: Bridging a network connection Reply with quote

Before going into the details, I'd like to give props to vvx from #linuxorbit on freenode. He was the only person to actually help me from beginning to end.

Network Bridging
Network bridging is the transparent combination of two networks into one. In essence you are putting a hub/switch between the networks... only instead of a hub, you can now use a Linux box.

NOTE: This is very different from routing or using NAT. Make sure bridging is what you need.

Step 1: The kernel
You need 802.11d bridging enabled:

Code:
cd /usr/src/linux
cp .config ~/kernelconf
make mrproper
mv ~/kernelconf ./.config
make menuconfig #Networking Options-> 802.11d bridging support (I compiled in.  Modularizing will probably work too)
make dep && make clean bzImage modules modules_install
mount /boot
mv /boot/bzImage /boot/bzImage.bak
cp arch/i386/boot/bzImage /boot
#modify your grub.conf file accordingly
cd /
umount /boot
shutdown -r now


OK, so you have a kernel that supports bridging now. Sweet. IF you made bridging a module, be sure to do:
Code:
echo bridge >> /etc/modules.autoload



You might as well install the utilities straight away:
Code:
emerge bridge-utils


Step 2: Installing the second NIC
This isn't really related to Gentoo except for one part: Be aware that your device mappings may change. I, for example, had my eth0 become eth1, leaving eth0 for my new NIC.

Also, if there isn't a hub/switch/router between two computers, you will need a crossover cable.


Step 3: Getting it to work
This is what took me forever. Hopefully, it'll only take you a minute or two.
Code:

brctl addbr br0 #"br0" is an arbitrary name
brctl addif br0 eth0
brctl addif br0 eth1
ifconfig eth0 0.0.0.0 #don't worry about giving these bogus addresses
ifconfig eth1 0.0.0.0 #the 0.0.0.0's get swallowed by the bridge
ifconfig br0 <ip> netmask <netmask> up
route add default gw <gateway> netmask <netmask>


Done! Right? Nope. These changes you just made aren't all persistent (as in, they vanish upon the next reboot)

Step 4: Preserving the changes
Here's what to do: edit your /etc/conf.d/net file and change the following:
Code:
iface_eth0="0.0.0.0"
iface_eth1="0.0.0.0"
iface_br0="<insert what used to be in iface_eth0 here>"


I think that's it.... I hope. I haven't actually rebooted yet to test whether the routing table is correct.
_________________
Get Firefox!

Proper Web Development

I'm done at 999.
Back to top
View user's profile Send private message
GenKiller
n00b
n00b


Joined: 04 Mar 2003
Posts: 66
Location: United States of America

PostPosted: Tue Mar 04, 2003 8:22 pm    Post subject: Reply with quote

Thank you very much for posting this ! I've been looking for this for a while, and have yet to find a concise tutorial on doing it. Thanks carambola5! :D
_________________
http://www.digital-drip.com
Back to top
View user's profile Send private message
rojaro
l33t
l33t


Joined: 06 May 2002
Posts: 732

PostPosted: Wed Mar 05, 2003 7:30 pm    Post subject: Re: Bridging a network connection Reply with quote

carambola5 wrote:
Network bridging is the transparent combination of two networks into one. In essence you are putting a hub/switch between the networks... only instead of a hub, you can now use a Linux box.

you can do much more usefull stuff with this - e.g. running a really transparent proxy server or a fully transparent firewall, traffic shaper what ever. if you run the br0 interface in promisc mode you also can use this as a fully invisible packet sniffer, network traffic logger ... lots of possibilities here :^)
_________________
A mathematician is a machine for turning coffee into theorems. ~ Alfred Renyi (*1921 - †1970)
Back to top
View user's profile Send private message
Vancouverite
Apprentice
Apprentice


Joined: 28 Sep 2002
Posts: 162
Location: Vancouver, Canada

PostPosted: Fri Mar 07, 2003 3:52 am    Post subject: Reply with quote

This type of transparent firewall works wonderfully using OpenBSD. With the advantage of the excellent Packet Filter. The howto is here
Back to top
View user's profile Send private message
rojaro
l33t
l33t


Joined: 06 May 2002
Posts: 732

PostPosted: Fri Mar 07, 2003 6:32 pm    Post subject: Reply with quote

well ... it also works wonderfully with iptables which is imho mature enough to be used in a production environment (well there are enough very expensive, well sold, commercial firewall appliances based on this technology) - no need to use openbsd for this, just google ... :)
_________________
A mathematician is a machine for turning coffee into theorems. ~ Alfred Renyi (*1921 - †1970)
Back to top
View user's profile Send private message
carambola5
Apprentice
Apprentice


Joined: 10 Jul 2002
Posts: 214
Location: Madtown, WI

PostPosted: Fri Mar 07, 2003 8:09 pm    Post subject: Reply with quote

The original reason for bridging my connection was thus:
-I have one workstation that's pretty much always on.
-I have a laptop that comes and goes.
-I didn't want another thing sucking power (I have exactly one 2-outlet power faceplate in my room)
-I have one ethernet "jack" (well, more like a cable that snakes through our heating duct into my room)

That left either bridging or routing. Bridging, is the more appropriate choice for various reasons such as fileserving.

But now I see that you could use the bridge for other purposes... take, for example, what happens when you assign your eth0 or eth1 device an internal ip and issue the up command on it. I've noticed that gkrellm pops open another krell devoted to eth0 or 1. Packet sniffing should be trivial at that point.
_________________
Get Firefox!

Proper Web Development

I'm done at 999.
Back to top
View user's profile Send private message
Vancouverite
Apprentice
Apprentice


Joined: 28 Sep 2002
Posts: 162
Location: Vancouver, Canada

PostPosted: Sat Mar 08, 2003 12:43 am    Post subject: Reply with quote

Quote:
well ... it also works wonderfully with iptables which is imho mature enough to be used in a production environment (well there are enough very expensive, well sold, commercial firewall appliances based on this technology) - no need to use openbsd for this, just google ... :)

Did I suggest otherwise? I didn't realize that netfilter/iptables was as advanced as pf.
Back to top
View user's profile Send private message
hulk2nd
Guru
Guru


Joined: 25 Mar 2003
Posts: 512
Location: Freiburg, Germany

PostPosted: Mon Apr 07, 2003 12:38 am    Post subject: Reply with quote

i have a problem: i followed exactly your steps and it also works but after rebooting the system the bridge doesn't work anymore and i have to set it up again (yes, i followed step 4). any solutions?

these are the settings i made within my /etc/conf.d/net:

Code:
iface_eth0="0.0.0.0"
iface_eth1="0.0.0.0"
iface_br0="192.168.0.3 broadcast 192.168.0.255 netmask 255.255.255.0 up"

...

gateway="br0/192.168.0.1"


thanx and greetz, hulk
Back to top
View user's profile Send private message
de4d
Apprentice
Apprentice


Joined: 12 Sep 2002
Posts: 181
Location: fr. i. br. (ger)

PostPosted: Mon Apr 07, 2003 10:48 am    Post subject: Reply with quote

Quote:

That left either bridging or routing. Bridging, is the more appropriate choice for various reasons such as fileserving.


cant follow you here. my homelan is divided into 3 subnets (2 routing boxes) and everything works the way it worked when it had been one segment.

imho routing is the more appr. choice, for there is no need to configure a bridge to filter out unwanted packets to unwanted destinations or unneeded traffic....

am i missing something?

edit: and yes, i like your bridging tutorial :]
_________________
void main(){fork();main();}
Back to top
View user's profile Send private message
hulk2nd
Guru
Guru


Joined: 25 Mar 2003
Posts: 512
Location: Freiburg, Germany

PostPosted: Mon Apr 07, 2003 6:24 pm    Post subject: Reply with quote

i personally need a bridge: i have to network adapters in my pc: one 10/00mbit onboard (rj45) and one 10/100mbit pci ethernet card (rj45,bnc). im connected to the router with with bnc cables and to my digital satellite receiver with the other network adapter; cross cable. the sat receiver also needs internet access and thats why i bridge my network adapters. and why should i install a bouncer or something like that on the pc if there is network bridging. this is the absolute best solution for me

greetz, hulk
Back to top
View user's profile Send private message
reaz82
Apprentice
Apprentice


Joined: 14 Mar 2003
Posts: 203
Location: Austin, Texas

PostPosted: Wed Apr 16, 2003 4:32 am    Post subject: Reply with quote

here is a link to my post which addresses the same issue..

https://forums.gentoo.org/viewtopic.php?t=43768&highlight=ethernet+bridging

however i would like to know what are the advantages of bridging as a pose to ip masquerading?
Back to top
View user's profile Send private message
Vancouverite
Apprentice
Apprentice


Joined: 28 Sep 2002
Posts: 162
Location: Vancouver, Canada

PostPosted: Wed Apr 16, 2003 10:26 am    Post subject: Reply with quote

A transparent bridge is great for a stealth firewall and intrusion detection system since it has no IP addresses this also means that it cannot be used as a really transparent proxy (as previously posted). Network Address Translation (IP masquerading) is entirely different, it simply translates non routable IP's to the live IP on the gateway.
_________________
Screenshot
Back to top
View user's profile Send private message
xedx
Tux's lil' helper
Tux's lil' helper


Joined: 23 May 2003
Posts: 93

PostPosted: Sat Jun 14, 2003 4:40 am    Post subject: Reply with quote

how bout a halted bridging stealth firewall . next to being the most paranoid setup :wink:
_________________
--+//+
Back to top
View user's profile Send private message
revresxunil
Tux's lil' helper
Tux's lil' helper


Joined: 29 Sep 2002
Posts: 129
Location: UW Madison

PostPosted: Sat Aug 23, 2003 2:19 am    Post subject: Reply with quote

i made a script for init.d that would start the bridge... works for me.. dont know if anybody else already did somethign like this (and made it better)....

Code:

depend() {
        use logger dns
        need net
}

start() {
        ebegin "starting bridge br0"
        /sbin/brctl addbr br0
        /sbin/brctl addif br0 eth0
        /sbin/brctl addif br0 eth1
        ifconfig br0 x.x.x.x netmask 255.255.255.0
        route add default gw x.x.x.x netmask 255.255.255.0
}

stop() {
        ebegin "<start rant>"
        ebegin "Well since I dont know how to"
        ebegin "actually program a runscript"
        ebegin "you are just going to have to reboot."
        ebegin "why would you want to stop the bridge anyway?"
        ebegin "<end rant>"
}
Back to top
View user's profile Send private message
kronon
Apprentice
Apprentice


Joined: 11 Aug 2003
Posts: 212
Location: NL

PostPosted: Sat Apr 10, 2004 3:05 pm    Post subject: Reply with quote

I would like to have a bridge so that I can connect my wireless network to my wired network (truh my server at home). I have compiled the bridge modules but when I try to append it or probe it I get an error. when I do depmod -a it say that bridge.o misses solved symbols (so it says it has unresolved symbols). And when I modprobe bridge I get
Quote:
/lib/modules/2.4.22-gentoo-r7/kernel/net/bridge/bridge.o: /lib/modules/2.4.22-gentoo-r7/kernel/net/bridge/bridge.o: unresolved symbol br_ioctl_hook
/lib/modules/2.4.22-gentoo-r7/kernel/net/bridge/bridge.o: /lib/modules/2.4.22-gentoo-r7/kernel/net/bridge/bridge.o: unresolved symbol br_handle_frame_hook
/lib/modules/2.4.22-gentoo-r7/kernel/net/bridge/bridge.o: insmod /lib/modules/2.4.22-gentoo-r7/kernel/net/bridge/bridge.o failed
/lib/modules/2.4.22-gentoo-r7/kernel/net/bridge/bridge.o: insmod bridge failed


Is this just a kernel bug or did I miss any options?

[edit]I use the same server to get my computer on the internet so I have to keep atleast 1 ip, is that posible and if so how.
Back to top
View user's profile Send private message
kronon
Apprentice
Apprentice


Joined: 11 Aug 2003
Posts: 212
Location: NL

PostPosted: Sat Apr 10, 2004 6:50 pm    Post subject: Reply with quote

Okey I have compiled it into the kernel. The kernel get's compiled so this should work right? Wrong, at least it didn't for me I created this script
Code:
ifconfig ra0 down
ifconfig eth1 down
ifconfig br1 down
brctl delbr br1

ifconfig eth1 0.0.0.0
ifconfig ra0 0.0.0.0

##Configure wireless interface
iwconfig ra0 channel 2
iwconfig ra0 mode ad-hoc
iwconfig ra0 rate auto
iwconfig ra0 key [1] xxxxxxxxxx restricted
iwconfig ra0 essid black

brctl addbr br1
brctl addif br1 ra0
brctl addif br1 eth1
ifconfig br1 192.168.2.105 netmask 255.255.254.0 up
#ifconfig br1 up

iwconfig ra0

and all it did whas melt eth1 and ra0 together. While I still can't acces the wired network (eth1) with my wireless laptop.
:cry:
Back to top
View user's profile Send private message
sigmalll
Guru
Guru


Joined: 24 Aug 2003
Posts: 332

PostPosted: Sun Apr 18, 2004 9:49 am    Post subject: Re: Bridging a network connection Reply with quote

carambola5 wrote:
Also, if there isn't a hub/switch/router between two computers, you will need a crossover cable.


I haven't tried this with Linux yet, but I have used bridges on XP and used a regular 'straight through' cable.
Back to top
View user's profile Send private message
kronon
Apprentice
Apprentice


Joined: 11 Aug 2003
Posts: 212
Location: NL

PostPosted: Mon Apr 19, 2004 1:51 pm    Post subject: Reply with quote

I use a strait cable 2. But it shouldn't matter because the switch will straiten it out. So that I connect computers with the switch using straight en twisted cables.
I'm also able to connect to my server, so I don't see any problems on this side.
Back to top
View user's profile Send private message
sg00
n00b
n00b


Joined: 24 Feb 2003
Posts: 20
Location: Vilnius, Lithuania

PostPosted: Mon Jul 19, 2004 4:37 am    Post subject: Performance Reply with quote

Hello,

I'm very interesting is setting up a bridge, but would like to know:

How about performance of such bridge?
What are minimum hardware requirements?


Thanks,
--
sg00
Back to top
View user's profile Send private message
revresxunil
Tux's lil' helper
Tux's lil' helper


Joined: 29 Sep 2002
Posts: 129
Location: UW Madison

PostPosted: Tue Jul 20, 2004 5:39 pm    Post subject: Reply with quote

I had the bridge working on a p2 200, but I didnt bench it with more than 3 computers.
Back to top
View user's profile Send private message
darkarmani
n00b
n00b


Joined: 07 Apr 2005
Posts: 2

PostPosted: Thu Apr 07, 2005 9:41 pm    Post subject: Init scripts included with latest bridge-utils Reply with quote

I didn't see anyone document the configuration and init scripts now that bridge-utils comes with a /etc/conf.d/bridge file and a /etc/init.d/bridge file.

Here is the way I setup my bridge using 2 ethernet devices and one bridge device that uses DHCP to get an IP address. I'm assuming you have followed the rest of this thread and will only cover the conf.d and init.d setup.

Configuring the bridge
1) emerge bridge-utils
2) Edit /etc/conf.d/bridge
Code:

# declare bridge device
bridge="bridge0"

# add interfaces to bridge device
bridge_bridge0_devices="eth0 eth1"

(Note: scant documentation on this file--by scant i mean none)

Configure interfaces in /etc/conf.d/net
3.) Edit:
Code:

iface_eth0="0.0.0.0"
iface_eth1="0.0.0.0"
iface_bridge0="dhcp"
dhcpcd_bridge0="-h bridger"


Setup init scripts in /etc/init.d
4) Make eth1 come up automatically: ln -s /etc/init.d/net.eth0 /etc/init.d/net.eth1
5) Make bridge0 come up automatically: cp /etc/init.dnet.eth0 /etc/init.d/net.bridge0
6) Edit net.bridge0 so it comes up after /etc/init.d/bridge is run. I don't like having to edit an init script because I don't want to have to maintain this file, but I don't see any other way. (any ideas?) Your depend() function might look different but the important part is the "need bridge."

Code:

depend() {
     use hotplug pcmcia
     # added this to force the bridge script to run first
      need bridge
}

7) rc-update add net.eth0 default
8 ) rc-update add net.eth1 default
9) rc-update add net.bridge0 default
10) rc-update add bridge default

Test before booting
- /etc/init.d/net.eth0 restart
- /etc/init.d/net.eth1 restart
- /etc/init.d/net.bridge0 restart
- /etc/init.d/bridge restart

The last one should be redundant since net.bridge0 should force it to run. Verify that it works. When you reboot your machine you everything should come up automatically.
Back to top
View user's profile Send private message
dReWz
n00b
n00b


Joined: 17 Sep 2004
Posts: 5

PostPosted: Mon Apr 11, 2005 12:15 am    Post subject: bridging vpn connection with eth0 Reply with quote

Great howto.

I have the following situation. I got a vpn account to my school. However, whenever i vpn in, my eth0 gets all funky and i cannot get on the internet, even though i get on my school network (coz the tun takes over). I was wondering whether it was possible to have tun0 and eth0 interfaces working at the same time and what the possible steps are? I am a total networking noob and i am not even sure if what i am saying makes any sense. 8O

Let me know what you think?

dReWz
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Documentation, Tips & Tricks All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum