Hi!
> Hmm, promiscous mode is definetely working, otherwise tcpdump on my
> routers wouldn't get any packages. Why you need to set excplicetely
> the promiscous mode? Normally the application, like tcpdump, kismet
> and brctl are doing the right thing for you.
I am not really sure, but normally you have to set the interfaces to
promisc mode after building a bridge. I haven't seen that brctl is
setting this itself.
See here (Ubuntu Edgy):
[EMAIL PROTECTED]:~$ sudo brctl addbr br0
[EMAIL PROTECTED]:~$ sudo brctl addif br0 eth1
[EMAIL PROTECTED]:~$ sudo ip link show dev eth1
3: eth1: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast
qlen 1000
link/ether 00:11:d8:26:6e:2b brd ff:ff:ff:ff:ff:ff
Bridging works without promisc mode, but arp packets are not passed
through the bridge without a promisc flag set on both interfaces.
I also checked the bridge-utils source package (Ubuntu Egdy) whether
there is a ioctl for setting the PROMISC flag, but as I can see there is
none using SIOCSIFFLAGS or setting IFF_PROMISC.
> Can you show us brctl show on a FreeWRT device configured like you
> want?
No sorry. I have not saved any screen output.
> Are you sure you have installed brctl? It is not installed by
> default.
Yes. I installed brctl on the device.
I didn't use the bridging syntax in /etc/network/interfaces, since I
build up a openvpn tunnel and then bridge the tap0 and ethernet device.
My OpenVPN Startup script has the following parts:
[...]
BRCTL=/usr/sbin/brctl
DAEMON=/usr/sbin/openvpn
[...]
/sbin/insmod tun
$DAEMON --mktun --dev tap0
$BRCTL addbr br0
$BRCTL addif br0 vlan0
$BRCTL addif br0 tap0
$DAEMON --writepid /var/run/openvpn.$NAME.pid \
--config $CONFIG_DIR/$NAME.conf --daemon $NAME \
--cd $CONFIG_DIR || echo -n " FAILED->"
echo -n " $NAME"
ifconfig tap0 0.0.0.0 promisc up
ifconfig vlan0 0.0.0.0 promisc up
ifconfig br0 $INT_IP netmask 255.255.255.0 up
[...]
This works fine using openwrt. The ifconfig statements with promisc are
really needed, to get the bridge working. I replaced the ifconfig lines
on FreeWRT by the IP Syntax /usr/sbin/ip link set dev tap0 promisc on.
/usr/sbin/ip link show
showed that the promisc flag was set under FreeWRT. But ARP Pakets where
only passed in one direction.
OpenVPN Tunnel
Linux VPN Server br0(*) <----------------> br0(**) FreeWRT
(*) is a bridged interface between tapx and ethx on the Linux VPN Server
(**) is a bridged interface using the config above
On the FreeWRT Box after pinging the IP of the Linux VPN Server (ping
didn't get through) I could see the ARP entry of the Linux VPN-Server.
On the other side I couldn't see any arp entry, even if i tried to ping
the FreeWRT Box. After flashing back to openwrt everything worked fine.
Since the arp broadcasts are received in one direction, but not the
other I guess that one of the two drivers (tap or eth0.1) is causing the
problem not going to promisc mode, since otherwise this assymetric
behaviour could not be explained.
I hadn't much time on that day to further analyze the situation and I
have not saved any output. I will setup a new FreeWRT box the next days
and try to reproduce the problem.
> How you configure the bridge?
> Can you please give us your scripts to verify?
See above
Greetings Torge
_______________________________________________
freewrt-users mailing list
[email protected]
https://www.freewrt.org/lists/listinfo/freewrt-users
