[lug] Network bridge

Jason Vallery jason at vallery.net
Sun Nov 30 04:58:11 MST 2008


Hi All,

I'm beating my head against the wall on this one so I thought I'd send
an email in case someone can see the obvious error in my ways.  I've
got a Fedora 10 box that I'd like to setup networking monitoring on.
I'd like to ensure that I capture all traffic the crosses my existing
router/gateway.

My thought is that I could set it up like this:

Internet->router/gateway->eth0 (fedora box) eth1 -> switch -> LAN.

The existing router/gateway will still serve up DHCP to the network
and eth0 will have an internal IP address.


On the Fedora box I have setup a bridge (br0) and enabled promiscuous
mode on eth0 and eth1 (I can't seem to set br0 to promisc).  I've
configured sysctl to ignore birdged traffic and not process ipchains
rules.  I still can't get anything from eth1 to talk to the
router/gateway.  The Fedora box can get to the internet just fine.

Here is the result of ifconfig:

br0       Link encap:Ethernet  HWaddr 00:0E:C6:87:72:EF
          inet addr:10.0.1.2  Bcast:10.0.1.255  Mask:255.255.255.0
          inet6 addr: fe80::20e:c6ff:fe87:72ef/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:2752 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1988 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:261715 (255.5 KiB)  TX bytes:283269 (276.6 KiB)

eth0      Link encap:Ethernet  HWaddr 00:21:85:97:B8:FF
          inet6 addr: fe80::221:85ff:fe97:b8ff/64 Scope:Link
          UP BROADCAST RUNNING PROMISC MULTICAST  MTU:1500  Metric:1
          RX packets:2719 errors:0 dropped:0 overruns:0 frame:0
          TX packets:2642 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:297809 (290.8 KiB)  TX bytes:348614 (340.4 KiB)
          Interrupt:16 Base address:0x4000

eth1      Link encap:Ethernet  HWaddr 00:0E:C6:87:72:EF
          inet6 addr: fe80::20e:c6ff:fe87:72ef/64 Scope:Link
          UP BROADCAST RUNNING PROMISC MULTICAST  MTU:1500  Metric:1
          RX packets:155 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1066 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:37094 (36.2 KiB)  TX bytes:137309 (134.0 KiB)



Here is the contents of my ifcfg files:

ifcfg-br0

DEVICE=br0
TYPE=Bridge
BOOTPROTO=static
IPADDR=10.0.1.2
NETMASK=255.255.255.0
GATEWAY=10.0.1.1
ONBOOT=yes
DELAY=0
STP=on
NM_CONTROLLED=no



ifcfg-eth0

DEVICE=eth0
HWADDR=00:21:85:97:b8:ff
BOOTPROTO=static
ONBOOT=yes
NM_CONTROLLED=no
TYPE=Ethernet
PEERDNS=no
BRIDGE=br0
USERCTL=no


ifcfg-eth1

DEVICE=eth1
HWADDR=00:0e:c6:87:72:ef
BOOTPROTO=static
ONBOOT=yes
TYPE=Ethernet
NM_CONTROLLED=no
PEERDNS=no
BRIDGE=br0
USERCTL=no


Here is the result of brctl show

bridge name	bridge id		STP enabled	interfaces
br0		8000.000ec68772ef	yes		eth0
							eth1


Here is the contents of /etc/sysctl.conf

net.ipv4.ip_forward = 1
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.default.accept_source_route = 1
kernel.sysrq = 0
kernel.core_uses_pid = 1
net.bridge.bridge-nf-call-ip6tables = 0
net.bridge.bridge-nf-call-iptables = 0
net.bridge.bridge-nf-call-arptables = 0


Anyone have a suggestion?

Thanks in advance.



-- 
Jason Vallery
jason at vallery.net

mobile: +1.720.352.8822
home: +1.303.993.3712
web: http://vallery.net/



More information about the LUG mailing list