headers
Casper Gripenberg | 7 Jan 2008 01:30
Picon

Bridge with IP address -> unable to connect to bridge


Hi,

I tried sending this earlier, but it didn't come through.
Apologies if this appers twice on the list.

I'm running bridging using the brouter setup described on
this page:

http://ebtables.sourceforge.net/examples.html
"Making a brouter".

The setup described there is like this:

ifconfig br0 0.0.0.0
ifconfig eth0 172.16.1.1 netmask 255.255.255.0
ifconfig eth1 172.16.2.1 netmask 255.255.255.0
ebtables -t broute -A BROUTING -p ipv4 -i eth0 --ip-dst 172.16.1.1 -j DROP
ebtables -t broute -A BROUTING -p ipv4 -i eth1 --ip-dst 172.16.2.1 -j DROP
ebtables -t broute -A BROUTING -p arp -i eth0 -d $MAC_OF_ETH0 -j DROP
ebtables -t broute -A BROUTING -p arp -i eth1 -d $MAC_OF_ETH1 -j DROP

My setup is different in that I use a public DHCP IP address
for eth0, and an interal private IP for eth1.

Internet <-> DHCP <-> eth0 br0 eth1 <-> my internal net

The bridge bridges traffic fine, but the problems come when
I try to access eth0 from my internal network.
(Continue reading)

Permalink | Reply | 0 comments |
headers
Casper Gripenberg | 6 Jan 2008 00:21
Picon

Bridge with DHCP IP address


Hi. I'm trying to run a bridge between my "internal"
network (eth1) and the external internet (eth0). I.e.
a very basic setup.

But I also want the bridge to have an IP address. I
read the docs here:
http://www.linux-foundation.org/en/Net:Bridge

Which say to set the forwarding delay to 0 and then run
dhclient on eth0:

# ifconfig eth0 0.0.0.0
# ifconfig eth1 0.0.0.0
# brctl setfd br0 0
# brctl addif br0 eth0
# dhclient eth0
# brctl addif br0 eth1
# ifconfig br0 up

The bridge works fine as a bridge, and eth0 gets
an IP address (although it takes a very long time
for the dhclient to aquire it).

But I can't reach the eth0 address from anywhere
except localhost. And I can't get out of the bridge
either to any other address..even though the routing
table it set up correctly I get destination unreachable
when I try to ping an external IP address from the
bridge box (logged in through the console).
(Continue reading)

Permalink | Reply | 2 comments |
headers
Srinivas M.A. | 7 Jan 2008 19:22
Picon

Re: Bridge with DHCP IP address

Setting up eth0 as a bridge port and also having an IP address on it
is confusing. Better perhaps to run dhclient on the bridge interface
itself.

For filtering packets as you indicate, it should be possible to do
that using ebtables. I don't know details about it though.
With this filtering, you can probably filter the outgoing DHCP
requests from br0 to go out only on eth0 and not through eth1. (They
will be broadcast, so they will get sent out of both ports normally.)

On Jan 6, 2008 4:51 AM, Casper Gripenberg
<casper.gripenberg <at> kotiportti.fi> wrote:
>
> Hi. I'm trying to run a bridge between my "internal"
> network (eth1) and the external internet (eth0). I.e.
> a very basic setup.
>
> But I also want the bridge to have an IP address. I
> read the docs here:
> http://www.linux-foundation.org/en/Net:Bridge
>
> Which say to set the forwarding delay to 0 and then run
> dhclient on eth0:
>
> # ifconfig eth0 0.0.0.0
> # ifconfig eth1 0.0.0.0
> # brctl setfd br0 0
> # brctl addif br0 eth0
> # dhclient eth0
> # brctl addif br0 eth1
(Continue reading)

Permalink | Reply | 1 comment |
headers
David A. Ranch | 7 Jan 2008 19:33
Favicon

Re: Bridge with DHCP IP address


There are similar issues like this what using port forwarding with standard iptables and there are specific iptables rules required to get this working (I've documented those NAT specific issues in my IP Masquerade HOWTO on the LDP). 

I'd recommend to take this specific issue to the ebtables forums as this really isn't a bridging issue.

--David

Setting up eth0 as a bridge port and also having an IP address on it is confusing. Better perhaps to run dhclient on the bridge interface itself. For filtering packets as you indicate, it should be possible to do that using ebtables. I don't know details about it though. With this filtering, you can probably filter the outgoing DHCP requests from br0 to go out only on eth0 and not through eth1. (They will be broadcast, so they will get sent out of both ports normally.) On Jan 6, 2008 4:51 AM, Casper Gripenberg <casper.gripenberg <at> kotiportti.fi> wrote:
Hi. I'm trying to run a bridge between my "internal" network (eth1) and the external internet (eth0). I.e. a very basic setup. But I also want the bridge to have an IP address. I read the docs here: http://www.linux-foundation.org/en/Net:Bridge Which say to set the forwarding delay to 0 and then run dhclient on eth0: # ifconfig eth0 0.0.0.0 # ifconfig eth1 0.0.0.0 # brctl setfd br0 0 # brctl addif br0 eth0 # dhclient eth0 # brctl addif br0 eth1 # ifconfig br0 up The bridge works fine as a bridge, and eth0 gets an IP address (although it takes a very long time for the dhclient to aquire it). But I can't reach the eth0 address from anywhere except localhost. And I can't get out of the bridge either to any other address..even though the routing table it set up correctly I get destination unreachable when I try to ping an external IP address from the bridge box (logged in through the console). What I want is for the bridge to have an IP address and then I want to allow access to specific ports on the bridge depending on if the packets are coming in through eth0 or eth1. Is this possible to do? Thanks. Casper
_______________________________________________ Bridge mailing list Bridge <at> lists.linux-foundation.org https://lists.linux-foundation.org/mailman/listinfo/bridge 

_______________________________________________
Bridge mailing list
Bridge <at> lists.linux-foundation.org
https://lists.linux-foundation.org/mailman/listinfo/bridge
Permalink | Reply | 0 comments |
headers
Stephen Hemminger | 8 Jan 2008 17:56

[ANNOUNCE] bridge-utils 1.4

Minor update to bridge-utils. Mostly fixing bugs in usage of sysfs.

Release tarball:
  http://downloads.sourceforge.net/bridge/bridge-utils-1.4.tar.gz

Alon Bar-Lev (1):
      Allow bridge-utils to run when no TCP/IP is available

Denys Vlasenko (1):
      fix use of sysfs (affects 32/64 bit compat)

Jeremy Jackson (1):
      Fix parsing of port_id's (hex).

Stephen Hemminger (3):
      Add ignore for generated files.
      Update gitignore
      Use linux/if.h rather than net/if.h

--

-- 
Stephen Hemminger <stephen.hemminger <at> vyatta.com>
Permalink | Reply | 0 comments |
headers
Denys Fedoryshchenko | 9 Jan 2008 07:40

Re: [ANNOUNCE] bridge-utils 1.4


As mentioned in
http://marc.info/?l=linux-bridge&m=113105949718826&w=2

Released package doesn't contain ./configure script

For people who know what is make on, it is easy to run autoconf , but some 
know only how to use ./configure :-)

Other than this, it is works fine with me, but i didn't test it deeply yet.

On Tue, 8 Jan 2008 08:56:07 -0800, Stephen Hemminger wrote
> Minor update to bridge-utils. Mostly fixing bugs in usage of sysfs.
> 
> Release tarball:
>   http://downloads.sourceforge.net/bridge/bridge-utils-1.4.tar.gz
> 
> Alon Bar-Lev (1):
>       Allow bridge-utils to run when no TCP/IP is available
> 
> Denys Vlasenko (1):
>       fix use of sysfs (affects 32/64 bit compat)
> 
> Jeremy Jackson (1):
>       Fix parsing of port_id's (hex).
> 
> Stephen Hemminger (3):
>       Add ignore for generated files.
>       Update gitignore
>       Use linux/if.h rather than net/if.h
> 
> -- 
> Stephen Hemminger <stephen.hemminger <at> vyatta.com>
> --
> To unsubscribe from this list: send the line "unsubscribe netdev" in
> the body of a message to majordomo <at> vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html

--
Denys Fedoryshchenko
Technical Manager
Virtual ISP S.A.L.
Permalink | Reply | 0 comments |
headers
Alon Bar-Lev | 9 Jan 2008 19:16
Picon
Gravatar

Re: Re: [ANNOUNCE] bridge-utils 1.4

On 1/9/08, Denys Fedoryshchenko <denys <at> visp.net.lb> wrote:
>
> As mentioned in
> http://marc.info/?l=linux-bridge&m=113105949718826&w=2
>
> Released package doesn't contain ./configure script
>
> For people who know what is make on, it is easy to run autoconf , but some
> know only how to use ./configure :-)

Also use of automake will be great!
If you like, I can provide new autoconf/automake build for this package.

Alon.
Permalink | Reply | 0 comments |
headers
Ivan Hernandez | 10 Jan 2008 15:35
Favicon

cannot ping network when i do addif br0 eth0

i have a bridge to connect a tap0 interface with openvpn to my eth0 netwotk
the openvpn connections goes fine, but when i try to ping from the box 
it does not work
the problem looks this way:
mail:~# brctl addif br0 eth0
mail:~# ping 10.1.27.161
PING 10.1.27.161 (10.1.27.161) 56(84) bytes of data.

--- 10.1.27.161 ping statistics ---
6 packets transmitted, 0 received, 100% packet loss, time 4999ms

mail:~# brctl delif br0 eth0
mail:~# ping 10.1.27.161
PING 10.1.27.161 (10.1.27.161) 56(84) bytes of data.
64 bytes from 10.1.27.161: icmp_seq=1 ttl=64 time=0.189 ms
64 bytes from 10.1.27.161: icmp_seq=2 ttl=64 time=0.161 ms

some tip to use my eth0 card while it's on the bridge? thanks a lot!
ivan
Permalink | Reply | 1 comment |
headers
Malcolm Scott | 10 Jan 2008 15:55
Picon
Picon
Favicon

Re: cannot ping network when i do addif br0 eth0

At 12:35 today, Ivan Hernandez wrote:

> some tip to use my eth0 card while it's on the bridge?

You should add your IP address to the bridge interface (br0) rather than 
eth0.

--

-- 
Malcolm Scott
Research Assistant
University of Cambridge Computer Laboratory
Permalink | Reply | 0 comments |
headers
Joakim Tjernlund | 16 Jan 2008 00:33
Picon

Retain an IP address on a i/f partcipating in a bridge?

Currently one must unset the IP address on an i/f that is included in a
bridge and
move the IP address to the bridge i/f instead if one wants to maintain
connectivity with
the box. This is a problem for us as one loses all routes. The rename of the
i/f 
is also a problem.

Is there a fundamental reason one cannot keep the IP address on one i/f that
is a member in a bride? I only have two real interfaces in the bridge if
that 
makes it any easier.
Any pointers where I need to adjust the bride code would be appreciated.

     Jocke
Permalink | Reply | 0 comments |

Gmane