[FredLug] Network Bridging

Paul Frields stickster at gmail.com
Sun Mar 27 12:14:21 EDT 2011 

Hi Ted,

Awesome writeup! Question below...

On Sat, Mar 26, 2011 at 5:18 PM, Ted Brunell <ted.brunell at gmail.com> wrote:
> After todays meeting was over, a small discussion started about network
> bridging in Linux.  Since we were unable to actually look at the problem, I
> decided to write something quick up in hopes that it helps.
> Bridging is a technology that simply forward packets across an interface.
>  No routing decisions are made by a bridge, it simply takes packets and
> forward them.  Setting up a bridge in Linux is fairly easy. Here are my
> configuration files from a computer at my house that uses network bridging.
> The first step is to stop Network Manager and start the network service.
> chkconfig NetwokManager off
  ^^^^^
Issue with this line, see below...

> service NetworkManager stop
> chkconfig network on
> I prefer to modify the configuration files before starting the network
> service.
> Modify your existing /etc/sysconfig/network-scripts/ifcfg-eth0 file to look
> similar to this:
> DEVICE="eth1"
> HWADDR="00:24:8C:8C:47:BA"
> ONBOOT="yes"
> BRIDGE=br1
> Notice it no longer has an IP Address, no does it specify a BOOTPROTO.  Make
> sure that the NMCONTROLLED line is gone as well. There is a new line that
> was not in the original file named  BRIDGE.  That line tells what bridge
> interface it will use.

1. That DEVICE name should probably be eth0, correct, since you're
talking about the ifcfg-eth0 file?

2. Marking NMCONTROLLED=no tells NM not to bother trying to manage
that specific interface. Wouldn't you want this line in both the
ifcfg-eth0 and ifcfg-br1?
    NMCONTROLLED=no

IIRC, with that setting you wouldn't have to "chkconfig NetworkManager
off". If you *don't* include that line, then you do need to turn NM
off, because by default NM tries to manage any interface you haven't
told it explicitly not to mess with. But marking interfaces explicitly
can be important in the case where the user/admin has a laptop using
KVM (as many people do now that 64-bit is so pervasive), where easy
access to wireless and mobile broadband are also desirable. Less
important in a wired desktop or server obviously. Also, NM is helpful
for those VPN connections too.

There is a wrinkle though, which is that if you only have one
interface available, NetworkManager will think it's not got any
connection (you'll see an "X" by the network icon). You may need to
fiddle Firefox's configuration using the "about:config" page to have
it not be sensitive to NetworkManager's idea of whether you're online.
The setting is "toolkit.networkmanager.disable" and if you set it to
"true" then Firefox will simply assume you know whether you're online
or not. Nothing like making things more complicated!

> To create the bridge interface, create a file in
> /etc/sysconfig/network-scripts named ifcfg-br1 (I keep the bridge number and
> the interface number the same).
> DEVICE="br1"
> ONBOOT="yes"
> TYPE=Bridge
> IPADDR=192.168.1.1
> NETMASK=255.255.255.0
> Notice that this interface has an IP Address, but no hardware address and
> the device name is br1.  Also, the capital B in TYPE=Bridge is important.
>  Without it the configuration is not valid.
> You can now start your network service and you should be able to ping other
> devices on your network from you new bridge interface.
> service network restart
> If you run ifconfig as root, you should see output similar to:
> # ifconfig
> br1       Link encap:Ethernet  HWaddr 00:24:8C:8C:47:BA
>           inet addr:192.168.1.1  Bcast:192.168.1.255  Mask:255.255.255.0
>           inet6 addr: fe80::224:8cff:fe8c:47ba/64 Scope:Link
>           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
>           RX packets:436008 errors:0 dropped:0 overruns:0 frame:0
>           TX packets:462542 errors:0 dropped:0 overruns:0 carrier:0
>           collisions:0 txqueuelen:0
>           RX bytes:371787667 (354.5 MiB)  TX bytes:379523905 (361.9 MiB)
> eth1      Link encap:Ethernet  HWaddr 00:24:8C:8C:47:BA
>           inet6 addr: fe80::224:8cff:fe8c:47ba/64 Scope:Link
>           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
>           RX packets:436232 errors:0 dropped:0 overruns:0 frame:0
>           TX packets:504674 errors:0 dropped:0 overruns:0 carrier:0
>           collisions:0 txqueuelen:1000
>           RX bytes:377969294 (360.4 MiB)  TX bytes:382475102 (364.7 MiB)
>           Interrupt:17 Memory:f9de0000-f9e00000
> lo        Link encap:Local Loopback
>           inet addr:127.0.0.1  Mask:255.0.0.0
>           inet6 addr: ::1/128 Scope:Host
>           UP LOOPBACK RUNNING  MTU:16436  Metric:1
>           RX packets:98924 errors:0 dropped:0 overruns:0 frame:0
>           TX packets:98924 errors:0 dropped:0 overruns:0 carrier:0
>           collisions:0 txqueuelen:0
>           RX bytes:61760406 (58.8 MiB)  TX bytes:61760406 (58.8 MiB)
> virbr0    Link encap:Ethernet  HWaddr F6:D1:FD:AB:E5:4C
>           inet addr:192.168.122.1  Bcast:192.168.122.255  Mask:255.255.255.0
>           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
>           RX packets:0 errors:0 dropped:0 overruns:0 frame:0
>           TX packets:169 errors:0 dropped:0 overruns:0 carrier:0
>           collisions:0 txqueuelen:0
>           RX bytes:0 (0.0 b)  TX bytes:13481 (13.1 KiB)
> If you use KVM to manage VMs on your computer, you can assign the VMs to br1
> and they should be able to see other devices on your network too.
> To forward traffic to your VMs on the bridged interface, add this line to
> your iptables script:
> -I FORWARD -m physdev --physdev-is-bridged -j ACCEPT
> and then restart tiptables and libvirtd.
> Hope this all helps someone out.  Let me know if there are any questions.
> Ted

More information about the FredLug mailing list