apologies - my first post went out in html ....
Okay - whacky configuration here, not one I have seen in any of
the searching I have done over the last few weeks.
I have two subnets - each either side of a hardware router
(ie. *not* the linux bridge box) with this router DHCP'ing its IP
address from an ISP. There are other machines on the ISP side of
the router, each DHCP'ing their IP addresses. The machines
upstream of the router get their addresses DHCP-wise from the
router itself ... so far so good!
The router will only pass IP, and I want (for all sorts of reasons)
to maintain NetBeui on the local PCs - both behind the router and
in front of it - for local windows connectivity. In essence, I want
to build a NetBeui bridge.
I am running redhat 7.2, the kernel-2.4.2 ... I have built a
tailored kernel and am having trouble trying to get it to do just
what i need ... it seems to be so close, but I am having problems.
None of the bridging/iptables config is in the boot scripts yet,
when Ican set it all up by hand, I will perform that step.
I have two ethernet cards in the bridge, eth0 and eth1. eth0 is
connected to the local side (192.168.123.0 - 255.255.255.0) of the
router and eth1 to the ISP (144.136.170.0 - 255.255.252.0) side.
They are initialising okay at boot as I can run up a terminal, do:
ifconfig eth0 192.168.123.10
ifconfig eth1 0.0.0.0
route add -net 192.168.123.0 eth0
route add default gw 192.168.123.254
and ping other machines on my routed subnet successfully, as well
as out on the net. This is going through the router and I have
obviously set up the DNS satisfactorily too as I can ping
www.sun.com for example.
After reading swathes of stuff on the net, I have had best success
with the following:
ifconfig eth0 0.0.0.0
ifconfig eth1 0.0.0.0
brctl addif wgroup eth0
brctl addif wgroup eth1
brctl addbr wgroup
brctl addif wgroup eth0
brctl addif wgroup eth1
iptables -F
iptables -P FORWARD DROP
ifconfig wgroup up
I should mention that I omitted config'ing eth0 to 0.0.0.0
at first, in the hope that I'd be able to have things working
as they were and simply add ethernet packet forwarding ... I
found that eth0 disappeared from the route table as soon as
I added it to the wgroup bridge anyway - I thought that having
an IP address assigned to eth0 at this point might be causing
me problems, so now I explicitly set it to 0.0.0.0
At this point the bridge seems happy. I can see NetBeui happily
flying across the bridge. tcpdump -i eth0 and eth1 report
different IP traffic, so it looks good in principle. I am still
seeing various ARP stuff mirrored on both interfaces - but I figure
I'll sort that out later. Most beautifully, my windows machines
can all see each other across the bridge - whoopee!
Now, I'd like to be able to *use* the bridge machine from time to
time, not to mention also telnet in to it, so it needs an IP
address - s I:
ifconfig wgroup down
ifconfig wgroup 192.168.123.10
iptables -F
iptables -P FORWARD DROP
iptables -A INPUT -i eth1 -j DROP
iptables -A OUTPUT -o eth1 -j DROP
route add -net 192.168.123.0 wgroup
ifconfig wgroup up
At this point, I can again ping from the bridge to machines on
the subnet behind the router - which is cool. I want the bridge
to use the router as a gateway to the net, so I add
route add default gw 192.168.123.254
and I can once more ping www.sun.com from the bridge.
At this point all seems fine. I see the odd glitch in the
windows connectivity, but it comes straight back so I'm not too
perplexed. However, my joy is short lived. From time to time,
I see IP activity on the local subnet mirroring the other side
of the bridge that I can't explain. I'm beginning to think I
should do something about these ARPs making their way (both ways)
across the bridge, not to mention the IGMP packets that also
cross without hesitation. Not fully understanding all the ins
and outs of this networking dark magic, I'm also worried I'm
publishing my local MAC addresses to the world.
The big killer at this stage though is that the bridge seems
to be passing DHCP also and I get problems when the router
renews its IP address from the ISP. The bridge forwards the
request back to the upstream side of the router and it answers
itself before the ISP does - giving itself an IP address.
I had hoped that specifying a policy of
iptables -P FORWARD DROP
would cause the bridge to drop all IP related packets instead
of forwarding them - but, alas, it would appear not. Now I'm
concerned now that the periodic windows glitches may be
symptomatic of some other similar problem!
So - question is, can anybody see any problems with what I've
done, or offer some advice of any kind? Essentially, this
all started out as a solution to a simple problem ... I want
to be able to build NetBeui only bridge. Of course, obce I
solve this problem, you just know that I'll want to replace
my hardware router with the linux NAT stuff don't you! The
only real attraction of the dedicated router is that it will
be sucking much less juice than a full-blown PC will, so it's
more energy efficient to use it for now - but I'll solve that
problem when I come to it!
_______________________________________________
Bridge mailing list
[EMAIL PROTECTED]
http://www.math.leidenuniv.nl/mailman/listinfo/bridge
