On Tue, Feb 12, 2013 at 12:30:32PM +0000, Stuart Henderson wrote: > On 2013/02/12 12:49, Jeremie Le Hen wrote: > > Thanks. Can you have a glance at the attached patch please? > > > > I am not aware of OpenBSD documentation rules, so excuse me if I broke > > any of them. Also, feel free to propose any better wording, English is > > not my primary language. > > > > If you want to look at the rendering: > > http://people.chchile.org/~jlh/tmp/faq6.html > > The attachment is probably stripped in the copy to the mailing list > so I will include it in full below however I will respond to points > inline with the quoted text first. > > > +Let's say we have a Soekris net5501, which has four > > +<a > > href="http://www.openbsd.org/cgi-bin/man.cgi?query=vr&sektion=4";>vr(4)</a> > > +interfaces, vr0 through vr3. We want to bridge all of them so the > > +Soekris box actually acts as a switch. > > hmm..I'd prefer not to give people the impression that bridging the ports > on a soekris is really equivalent to using a switch if possible.. > > It might also be better to leave one interface out of the bridge > (e.g. to use as an uplink to a router), of course people shouldn't > blindly follow FAQ examples, but in the event they do, we probably > don't want them to end up doing something like bridging their > internal lan to a cable modem network segment.. > > > But we also want to serve IP > > +addresses through DHCP from it, which requires to have an IP address > > +assigned to the bridge. > > No need to talk about the mechanism of assigning IP addresses in this > paragraph, and this sentence talks about assigning an IP to the bridge, > then the next paragraph says that you can't assign an IP to the bridge. > So maybe just: > > We want to use dhcpd to serve IP addresses over the bridged interfaces. > > > +<p> > > +It is not possible to assign an IP address to a > > maybe "It is not possible to assign an IP address directly to a" > > > +<a > > href="http://www.openbsd.org/cgi-bin/man.cgi?query=bridge&sektion=4";>bridge(4)</a> > > +interface. The IP address should be added to one of the underlying > > s/underlying/member/, it's simpler and more consistent with ifconfig(8) > wording. > > > +interfaces, but we cannot use them as we are not guaranteed to have an > > +up link on them. With some Ethernet drivers indeed, dhcpd(8) will not > > +work unless there is a plugged cable. > > ..."but we cannot use a physical interface as the link > might be down, in which case the address would not be reachable." > Probably skip the "With some Ethernet drivers.."? > > > Fortunately, starting with > > +OpenBSD 4.7, there is a vitual Ethernet interface driver > > s/vitual/virtual/ > > [...] > > Rest looks good to me.
Thanks for the quick review. Ok, I've updated the patch with your comments. Can you have another look please? http://people.chchile.org/~jlh/tmp/faq6.html http://people.chchile.org/~jlh/tmp/faq6.diff Thanks. Index: faq6.html =================================================================== RCS file: /cvs/www/faq/faq6.html,v retrieving revision 1.304 diff -u -p -r1.304 faq6.html --- faq6.html 2 Nov 2012 11:25:12 -0000 1.304 +++ faq6.html 12 Feb 2013 14:03:46 -0000 @@ -1295,7 +1295,7 @@ address, the bridge will pass network da maintainable (which can be a feature). <p> -<h3>An example of a bridge application</h3> +<h3>A simple example of a bridge application</h3> <p> One of my computer racks has a number of older systems, none of which @@ -1367,6 +1367,87 @@ directions. <p> That's it! Reboot, and you now have a functioning bridge. + +<p> +<h3>A bridge acting as a DHCP server</h3> + +<p> +Let's say we have a Soekris net5501, which has four +<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=vr&sektion=4";>vr(4)</a> +interfaces, vr0 through vr3. We want to bridge vr1, vr2 and vr3 +together, leaving out vr0 for an uplink (a cable modem for instance). +We also want to serve IP addresses through DHCP over the bridged +interfaces. Being a DHCP server and an uplink router, the box needs to +have an IP address on the bridged network (contrary to the previous +example in which the bridging box was not visible on the network). + +<p> +It is not possible to assign an IP address directly to a +<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bridge&sektion=4";>bridge(4)</a> +interface. The IP address should be added to one of the member +interfaces, but we cannot use a physical interface as the link might be +down, in which case the address would not be reachable. Fortunately, +starting with OpenBSD 4.7, there is a virtual Ethernet interface driver +<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=vether&sektion=4";>vether(4)</a> +that can be used for that purpose. We will add it to the bridge, assign +the IP address to it and make dhcpd(8) listen there. + +<p> +Notes: + +<ul> +<li>The <a href="#DHCPserver">DHCP server configuration</a> is not +described yet again in this section but the addressing scheme used here is +the same. +<li>The will also be the uplink router for your bridged network, so we +will use IP address 192.168.1.1 to match the DHCP server configuration. +<li>We will not cover the uplink, routing or firewalling configuration +here.</li> +</ul> + +<p>First mark vr1, vr2 and vr3 as up: + +<blockquote><pre> +$ <b>cat /etc/hostname.vr1</b> +up +$ <b>cat /etc/hostname.vr2</b> +up +$ <b>cat /etc/hostname.vr3</b> +up +</pre></blockquote> + +<p> +Then create the vether0 configuration: + +<blockquote><pre> +$ <b>cat /etc/hostname.vether0</b> +inet 192.168.1.2 255.255.255.0 192.168.1.255 +up +</pre></blockquote> + +<p> +We configure the bridge interface to contain all the above +interfaces: + +<blockquote><pre> +$ <b>cat /etc/hostname.bridge0</b> +add vether0 +add vr1 +add vr2 +add vr3 +up +</pre></blockquote> + +<p> +And finally we make dhcpd(8) listen on the vether0 interface: + +<blockquote><pre> +$ <b>grep ^dhcpd_flags= /etc/rc.conf.local</b> +dhcpd_flags="vether0" +</pre></blockquote> + +<p> +Reboot and voilà! <p> <h3>Filtering on a bridge</h3> -- Jeremie Le Hen Scientists say the world is made up of Protons, Neutrons and Electrons. They forgot to mention Morons.
