Linux Bridge mode configuration

In Linux gateway mode, the wired LAN and Wireless LAN share network segments are interconnected within the LAN:

The idea is actually very simple: will be virtual out of a bridge port, the corresponding wired LAN and wireless LAN are bound to the virtual bridge port, and to this bridge port assigned an address, other subnets microcomputer configuration gateway for bridge port address can be. Of course, because the device is a gateway mode, Routing and NAT are also required. If the device itself is a bridge mode, then routing and NAT can be omitted.

Brctl ADDBR Bridge

Brctl AddIf Bridge eth0

Brctl AddIf Bridge Ath0

Ifconfig eth0 0.0.0.0

Ifconfig Bridge 10.0.0.1 netmask 255.255.255.0 up

Add iptables-t nat-a postrouting-o eth1-j SNAT--to 192.168.2.173

Set both wired and wireless as 10.0.0.* network segments for access through your network Places

Of course, if Linux can work in bridge mode, you must install the Bridge tool bridge-utils and run the command:

Yum Install Bridge-utils

or download bridge-utils-1.4.tar.gz to install, the steps are as follows:

Compiling and installing Bridge-utils

(1) Go to/usr/src directory, download bridge-utils-1.4.tar.gz:

#cd/USR/SRC

#wget http://launchpad.net/bridgeutils/

main/1.4/+download/bridge-utils-

1.4.tar.gz

(2) Decompression:

#tar ZXVF bridge-utils-1.4.tar.gz

Enter the bridge-utils-1.4 directory:

#cd bridge-utils-1.4

(3) Compile and install:

#autoconf

Generate the Configure file:

#./configure

#make

#make Install

The compilation installation is complete. Finally, copy the command Brctl to/sbin:

#cp/usr/local/sbin/brctl/sbin

=========================================================================

Here is a reference to a piece of article:

There are five hosts. One host is equipped with Linux, a bridge module is installed, and four physical network cards are connected to other hosts on the same network segment. We want it to be a

Network Bridge, which forwards packets between the other four hosts (IP 192.168.1.2, 192.168.1.3,192.168.1.4,192.168.1.5, respectively). At the same time, to facilitate tube

Network Bridge can have an IP (192.168.1.1), so that the administrator can telnet to the bridge on the host in the 192.168.1.0/24 network segment, configure it,

Implement remote management.

As mentioned in the previous section, a network bridge forwards packets in the same logical segment. For the topology above, this logical network segment is the 192.168.1.0/24 network segment. We have a name for this logical network segment, BR0. You first need to configure such a logical network segment.

# Brctl ADDBR Br0 (Establish a logical network segment named BR0)

In fact, we can think of logical segment 192.168.1.0/24 as a VLAN, while Br0 is the name of the VLAN.

After establishing a logical network segment, we also need to assign a specific port to this segment. In Linux, a port is actually a physical network card. And each physical NIC

The names are eth0,eth1,eth2,eth3 respectively. We need to connect each NIC one by one and Br0 as a port in the br0.

# Brctl AddIf br0 eth0 (let Eth0 be a port for br0)

# Brctl AddIf br0 eth1 (let Eth1 be a port for br0)

# Brctl AddIf br0 eth0 (let Eth2 be a port for br0)

# Brctl AddIf br0 eth3 (Let Eth3 be a port for br0)

Each physical NIC of the bridge acts as a port, runs in promiscuous mode, and works at the link layer, so no IP is required.

# ifconfig Eth0 0.0.0.0

# ifconfig eth1 0.0.0.0

# ifconfig Eth2 0.0.0.0

# ifconfig Eth3 0.0.0.0

Then configure the ip:192.168.1.1 for the BR0 virtual network card. That way, you can manage your network bridge remotely.

# ifconfig Br0 192.168.1.1

Once the IP is configured for the BR0, the Network Bridge will be able to work. Hosts within the 192.168.1.0/24 network segment can telnet to the bridge to configure them.

The above configuration is a logical network segment, in fact, the Linux bridge can also be configured as multiple logical network segments (equivalent to dividing multiple VLANs in the switch).

Another article that helps to understand: http://www.2cto.com/os/201202/118320.html

=====================================================================

[Email protected] ~]# Brctl--help

Usage:brctl [Commands]

Commands

ADDBR <bridge> Add Bridge

DELBR <bridge> Delete Bridge

ADDIF <bridge> <device> add interface to bridge

Delif <bridge> <device> Delete interface from bridge

Setageing <bridge> <time> Set ageing time

Setbridgeprio <bridge> <prio> Set Bridge priority

SETFD <bridge> <time> Set Bridge forward delay

Sethello <bridge> <time> Set Hello time

Setmaxage <bridge> <time> set Max message age

Setpathcost <bridge> <port> <cost> set path cost

Setportprio <bridge> <port> <prio> Set Port priority

Show show a list of bridges

Showmacs <bridge> show a list of Mac Addrs

SHOWSTP <bridge> Show Bridge STP info

STP <bridge> {On|off} turn STP on/off

====================================================================

The name of the Addbr bridge #添加bridge;

The name of the Delbr bridge #删除bridge;

ADDIF Bridge name of the device name # Add interface to bridge;

Delif Bridge name Device Name # Remove an interface from bridge

Setageing Bridge name Time #设置老化时间, that is, the life cycle

Setbridgeprio Bridge name Priority # Set Bridge priority

SETFD Bridge Name Time #设置bridge转发延迟时间

Sethello Bridge Name Time #设置hello时间

Setmaxage Bridge Name Time #设置消息的最大生命周期

Setpathcost Bridge Name Port weight # Sets the weight of the path

Setportprio Bridge name Port Priority # Set Port priority

Show #显示bridge列表

Name of the Showmacs bridge #显示MAC地址

Name of the SHOWSTP bridge #显示bridge的stp信息

Name of the STP bridge {On|off} #开/off STP

Set up Linux let the bridge run Configure the bridge

1. We need to let Linux know the bridge, first tell it, we want a virtual Ethernet Bridge interface: (this will be performed on the host bridge, not clearly see the test scenario)

[Email protected]:~> brctl ADDBR br0

2. Second, we do not need STP (spanning Tree Protocol) and so on. Because we have only one router, it is absolutely impossible to form a ring. We can turn this feature off. (This can also reduce packet contamination in the network environment):

[Email protected]:~> brctl STP br0 off

3. After these preparations, we can finally do something immediate. We add two (or more) Ethernet physical interfaces, meaning: we attach them to the newly generated logical (virtual) bridge interface Br0.

[Email protected]:~> brctl addif br0 eth0

[Email protected]:~> brctl addif br0 eth1

4. Now, our two Ethernet physical interfaces have turned into two logical ports on the bridge. The two physical interfaces used to exist and the future will not disappear. If you don't believe me, go check it out. Now they are part of the logical bridge device, so the IP address is no longer required. Now let's release these IP addresses.

[Email protected]:~> ifconfig eth0 down

[Email protected]:~> ifconfig eth1 down

[Email protected]:~> ifconfig eth0 0.0.0.0 up

[Email protected]:~> ifconfig eth1 0.0.0.0 up

All right! We now have a box w/o with no IP address. OK, so if you want to configure your firewall or router with TP, you can only go through the local control port. You're not going to tell me you don't have a serial port on your machine, do you?

Note: The red part above is actually optional, in the experiment, I found that even if the original network card address is released, the bridge can also work! But, to be more prescriptive, or to say

In order to avoid any inexplicable problem, it is best to do as required, to carry out these four steps!

5. Finally, enable the Network Bridge [email protected]:~> ifconfig br0 up

Optional: We assign an IP address to this new bridge interface

[Email protected]:~> ifconfig br0 10.0.3.129

Or take the last two steps to synthesize one step:

[Email protected]:~> ifconfig br0 10.0.3.129 up

Just one more up!.

We're done here.

Close the bridge command

Brctl Delif Ena eth1;

Brctl Delif ena eth0;

Ifconfig ena down;

Brctl DELBR Ena;

Excerpt from ZJL_1026_2001 's column

What is a network bridge

Network Bridge is a link layer to implement the relay, the frame forwarding technology, according to the Mac sub-block, can isolate collisions, the network of networks of multiple network segments connected in the Data Link layer network equipment.

Linux Bridge configuration command: Brctl

Configuring the network in Linux typically uses the BRCTL command, which is used first to install the: Bridge-utils package.

[Email protected]~] #apt-get Install Bridge-utils

[Email protected]~] #modprobe Bridge

[[Email protected]~] #echo "1" >/proc/sys/net/ipv4/ip_forward

#安装bridge the-utils package and load the bridge module and turn on kernel forwarding.

[Email protected]~] #brctl

#直接输入brctl命令将显示帮助信息!

Usage:brctl [Commands]

Commands

Addbr	<bridge>	Add Bridge
Delbr	<bridge>	Delete Bridge
AddIf	<bridge> <device>	Add interface to bridge
Delif	<bridge> <device>	Delete interface from bridge
Setageing	<bridge> <time>	Set ageing time
Setbridgeprio	<bridge> <prio>	Set Bridge priority
Setfd	<bridge> <time>	Set Bridge forward delay
Sethello	<bridge> <time>	Set Hello Time
Setmaxage	<bridge> <time>	Set Max message Age
Setpathcost	<bridge> <port> <cost>	Set path cost
Setportprio	<bridge> <port> <prio>	Set Port Priority
Show		Show a list of bridges
Showmacs	<bridge>	Show a list of Mac Addrs
Showstp	<bridge>	Show Bridge STP Info
Stp	<bridge> {On|off}	Turn STP on/off

Increase the Network Bridge

[Email protected]~] #brctl ADDBR br0

#增加一个网桥

[Email protected]~] #ifconfig eth0 0.0.0.0 promisc

[Email protected]~] #ifconfig eth1 0.0.0.0 promisc

[Email protected]~] #brctl addif br0 eth0 eth1

#将两块已有的网卡添加到网桥, the two NICs work in promiscuous mode, so no IP is needed because the bridge is working at the link layer.

[[Email protected]~] #brctl Show

#查看已有网桥

You can also set an IP for br0 and have access to this machine.

[Email protected]~] #ifconfig br0 10.10.1.1 netmask 255.255.0.0 up

Delete a network bridge

[Email protected]~] #brctl delif br0 eth0 eth1

#增加网桥中的接口

[Email protected]~] #brctl DELBR br0

#删除网桥

Close Spanning Tree

[[Email protected]~] #brctl stp br0 off

#关闭生成树协议, reduce packet pollution, because I have only one router here!

Configure Bridge Boot Activation

[Email protected]~] #echo "Modprobe Bridge" >>/etc/rc.local

#开机加载 Bridge module, or echo "Bridge" >>/etc/modules

[Email protected]~] #cp/etc/network/interfaces/etc/network/interfaces.default

#备份下, easy to use later Ah!

[Email protected]~] #vim/etc/network/interfaces

Auto Lo eth0 eth1 br0

Iface Lo inet Loopback

Iface br0 inet Static

Address 10.10.10.1

Netmask 255.255.0.0

Gateway 10.10.10.254

pre-up IP Link set eth0 promisc on

pre-up IP Link set eth1 promisc on

pre-up echo "1" >/proc/sys/net/ipv4/ip_forward

Bridge_ports eth0 eth1

#配置eth0 eth1 br0 boot up, ETH0,ETH1 does not set the IP information, when the BR0 network card is started, the eth0,eth1 promiscuous mode is turned on, and bridged them.

Linux Bridge mode configuration