|
Okay - whacky configuration here, not one I
have seen in any of
the searching I have done over the last few
weeks.
I have two subnets - each either side of a
hardware router
(ie. *not* the linux bridge box) with this
router DHCP'ing its IP
address from an ISP. There are other
machines on the ISP side of
the router, each DHCP'ing their IP
addresses. The machines
upstream of the router get their addresses DHCP-wise from the
router itself ... so far so good!
The router will only pass IP, and I
want (for all sorts of reasons)
to maintain NetBeui on the local PCs
- both behind the router and
in front of it - for local
windows connectivity. In essence, I
want
to build a NetBeui
bridge.
I am running redhat 7.2, the kernel-2.4.2
... I have built a
tailored kernel and am having trouble
trying to get it to do just
what i need ... it seems to be so close,
but I am having problems.
None of the bridging/iptables config is in
the boot scripts yet,
when Ican set it all up by hand, I will
perform that step.
I have two ethernet cards in
the bridge, eth0 and eth1. eth0 is
connected to the local side
(192.168.123.0 - 255.255.255.0) of the
router and eth1 to the ISP (144.136.170.0 - 255.255.252.0)
side.
They are
initialising okay at boot as
I can run up a terminal, do:
ifconfig eth0
192.168.123.10
ifconfig eth1
0.0.0.0
route add -net 192.168.123.0
eth0
route add default gw
192.168.123.254
and ping other machines on my routed subnet
successfully, as well
as out on the net. This is going through the
router and I have
obviously set up the DNS satisfactorily too as I
can ping
www.sun.com
for example.
After reading swathes of stuff on the net, I have
had best success
with the following:
ifconfig eth0 0.0.0.0
ifconfig eth1
0.0.0.0
brctl addif wgroup eth0
brctl addif wgroup
eth1 brctl addbr wgroup
brctl addif wgroup eth0
brctl addif wgroup
eth1
iptables -F
iptables -P FORWARD
DROP ifconfig wgroup up
I should mention that I omitted config'ing eth0 to
0.0.0.0
at first, in the hope that I'd be able to have
things working
as they were and simply add ethernet packet
forwarding ... I
found that eth0 disappeared from the route table
as soon as
I added it to the wgroup bridge anyway - I thought
that having
an IP address assigned to eth0 at this point might
be causing
me problems, so now I explicitly set it to
0.0.0.0
At this point the bridge seems happy. I can
see NetBeui happily
flying across the bridge. tcpdump -i eth0
and eth1 report
different IP traffic, so it looks good in
principle. I am still
seeing various ARP stuff mirrored on both
interfaces - but I figure
I'll sort that out
later. Most beautifully, my windows machines
can all see each other across the bridge -
whoopee!
Now, I'd like to be able to *use* the bridge
machine from time to
time, not to mention also telnet in to
it, so it needs an IP
address - s I:
ifconfig wgroup
down ifconfig wgroup 192.168.123.10 iptables -F
iptables -P FORWARD
DROP iptables -A INPUT -i eth1 -j DROP
iptables -A OUTPUT -o eth1 -j
DROP
route add -net 192.168.123.0
wgroup
ifconfig wgroup
up At this point, I can again ping from the bridge to
machines on
the subnet behind the router - which is
cool. I want the bridge
to use the router as a gateway to the net, so I
add
route add default gw
192.168.123.254
and I can once more ping www.sun.com from the bridge.
At this point all seems fine. I see the odd
glitch in the
windows connectivity, but it comes straight back
so I'm not too
perplexed. However, my joy is short
lived. From time to time,
I see IP activity on the local subnet mirroring
the other side
of the bridge that I can't explain. I'm
beginning to think I
should do something about these ARPs making their
way (both ways)
across the bridge, not to mention
the IGMP packets that also
cross without hesitation. Not fully
understanding all the ins
and outs of this networking dark magic, I'm also
worried I'm
publishing my local MAC addresses to the
world.
The big killer at this stage though is that the
bridge seems
to be passing DHCP also and I get problems when
the router
renews its IP address from the ISP. The
bridge forwards the
request back to the upstream side of the router
and it answers
itself before the ISP does - giving itself an IP
address.
I had hoped that specifying a policy of
iptables -P FORWARD
DROP
would cause the bridge to drop all IP related
packets instead
of forwarding them - but, alas, it would appear
not. Now I'm
concerned now that the periodic windows glitches
may be
symptomatic of some other similar
problem!
So - question is, can anybody see any problems
with what I've
done, or offer some advice of any kind?
Essentially, this
all started out as a solution to a simple problem
... I want
to be able to build NetBeui only bridge. Of
course, obce I
solve this problem, you just know that I'll want
to replace
my hardware router with the linux NAT stuff don't
you! The
only real attraction of the dedicated router is
that it will
be sucking much less juice than a full-blown PC
will, so it's
more energy efficient to use it for now - but I'll
solve that
problem when I come to
it! |
