[lug] Network bridge

Aaron Nichols anichols at trumped.org
Sun Nov 30 19:06:05 MST 2008 

On Sun, Nov 30, 2008 at 4:58 AM, Jason Vallery <jason at vallery.net> wrote:
> Hi All,
>
> I'm beating my head against the wall on this one so I thought I'd send
> an email in case someone can see the obvious error in my ways.  I've
> got a Fedora 10 box that I'd like to setup networking monitoring on.
> I'd like to ensure that I capture all traffic the crosses my existing
> router/gateway.
>
> My thought is that I could set it up like this:
>
> Internet->router/gateway->eth0 (fedora box) eth1 -> switch -> LAN.

You would probably have a lot less trouble if you used the Linux box
as the router and dumped the bridge approach. Does the router do
something special which necessitates this setup? Instead of one point
of failure (and troubleshooting) you've now got two.

> On the Fedora box I have setup a bridge (br0) and enabled promiscuous
> mode on eth0 and eth1 (I can't seem to set br0 to promisc).  I've
> configured sysctl to ignore birdged traffic and not process ipchains
> rules.  I still can't get anything from eth1 to talk to the
> router/gateway.  The Fedora box can get to the internet just fine.

Does anything connected to eth1 successfully get ARP responses for the
router or the fedora box itself? If you look at hosts on the LAN, what
do their arp tables show?

If you run tcpdump on eth1, br0 and eth0 one at a time, can you
determine where packets are stopping when hosts on the LAN are sending
traffic to the router? Try pinging the router from a host on the lan
and then try each of these commands in order to see which ones show
packets:

# tcpdump -ni eth1
# tcpdump -ni br0
# tcpdump -ni eth0

If you get a flurry of traffic on eth1 for instance, maybe tune to
only show your ping and arp:

# tcpdump -ni eth1 arp or icmp

> Here is the result of brctl show
>
> bridge name     bridge id               STP enabled     interfaces
> br0             8000.000ec68772ef       yes             eth0
>                                                        eth1

Another command that may be interesting to see the output of is:

# brctl showbr br0

and

# brctl showmacs br0

Sorry I can't be of more help - nothing was obvious to me in the info
you showed but maybe trying these things will yield some more info.

Aaron

More information about the LUG mailing list