Hi On Wed, Jun 04, 2014 at 08:00:49PM +0200, Steffen Dettmer wrote: > Hi, > > how to configure a bridge with multiple static IPs and/or DHPC > via /etc/network/interfaces? > > I tried many combinations, but I didn't find any working one. > > Of course everything works as expected when configuring manually > with "ip", "brctl" etc. > > Any working example would be great! > > The rest of the mail discusses what I tried so far. > > Yes, I read man bridge-utils-interfaces(5), but it has simple > examples only (single static IP or no IP). The man page tells, > interfaces used as bridge_ports > > "are the interfaces that are part of the bridge, and > they shouldn't have any stanzas defining them on the > interfaces file" -- man bridge-utils-interfaces(5) > > but this is wrong. There must be a stanza like > > auto eth3.14 > iface eth3.14 inet manual
Hm... this is VLAN 14 on eth3.... > otherwise no bridge can use it any only gives an error message > like "interface eth3.14 does not exist!". Hm. have you got the "vlan" package installed? But anyway: When you bridge interfaces together, the IP addresses should be assigned to the *bridge*, not the interfaces that join the bridge. At least that's what I've been told. > For an ordinary ethernet interface, the following works: > > auto eth3.10 > iface eth3.10 inet static > address 10.72.9.17 > netmask 255.255.255.248 > iface eth3.10 inet static > address 10.72.9.25 > netmask 255.255.255.248 > > For bridges, it is not clear how to use multiple stanzas for > multiple IPs; it seems, the options to create the bridge and to > add IPs to it are somehow mixed. Hm.. it doesn't complain about having multiple stanzas with the name iface !? (I'm surprised here, so I may well learn something) > There are options like bridge_ports. They have to be in each > "iface br0" stanza? > > (Experiments show that "bridge_ports" are accumulated (probably > simply because each stanza brctl addif each, in total producing > the desired result), but other options such as bridge_maxwait > are not.) Good. > The same approach as for Ethernet does not work for Bridges: > > iface br1 inet static > address 10.1.1.1 > netmask 255.255.255.248 > bridge_ports eth3.10 > bridge_maxwait 0 > iface br1 inet static > address 10.1.1.9 > netmask 255.255.255.248 > bridge_ports eth3.11 > bridge_ports eth3.12 > bridge_maxwait 0 > > This adds all interfaces to br1, but only the IP address from the > last block. And you're bridging VLANs 10,11 and 12. Very unusual. If the VLANs should be bridged, this is usually done on the switch... > It is similar when it comes to DHCP. Using a DHCP address on a bridge interface is .. unusual. But I guess there must be use cases where it is valid. E.g. a laptop which runs virtual machines (which are connected to the bridge), because the virtual machines need to be in the same network? I almost do this, but I decided to let the bridge interface be "unattached" - i.e. the laptop *routes* traffic from the virtual machines to the outside world via normal routing (and NAT where appropriate). This way, the virtual machines don't need to know about me moving from one LAN to another. I'd suggest something like this: # ---8<-- cut here ---8<--- auto br0 iface br0 inet dhcp bridge-ports eth3 post-up ip address add 10.1.1.1/24 dev br0 post-up ip address add 10.1.1.9/24 dev br0 # ---8<-- cut here ---8<--- or alternatively: # ---8<-- cut here ---8<--- auto br0: iface br0 inet dhcp bridge-ports eth3 auto br0:1 iface br0:1 address 10.1.1.1 netmask 255.255.255.0 auto br0:2 iface br0:2 address 10.1.1.9 netmask 255.255.255.0 # ---8<-- cut here ---8<--- which should give the bridge 3 IP addresses: One assigned by DHCP as well as 10.1.1.1 and 10.1.1.9. I assume you only want ONE IP address from DHCP :-) If you want more than that, we're really wandering into unknown territory. In general, I suspect that you are confusing VLANs with IP aliasing: - VLANs is a way of creating multiple (virtual and independent) networks on the same underlying network. This is accomplished by VLAN "tagging" - there are 10 bits reserved in the IP headers for this, allowing up to 4096 VLANs). Linux represents each VLAN on the hardware interface as a separate network device using the dot-notation, e.g. eth0.1, eth0.2 etc. Other notations are possible, but us poor puny humans are easily confused. - IP Aliasing is a way of allowing a device to have multiple IP addresses on the same VLAN. This is usually done via the "colon" notation - e.g. eth0:1, eth0:2 etc. VLANs usually do not apply in a residential setting. But if you're a geek (and your switch supports it), feel free to play away on it. -- Karl E. Jorgensen -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20140604202558.GA9871@hawking