RE: [LARTC] 2 NICs Bridge + Router
Grant Didn't work comes up with cannot create bridge as already exists and current bridge br0 stops working. Currently using Debian. Will try the debian forums to see if someone can help. Thanks again for the assistance. # /etc/network/interfaces auto lo iface lo inet loopback # public ip auto br0 iface br0 inet static address xxx.xxx.xxx.xxx netmask 255.255.255.128 network xxx.xxx.xxx.xxx broadcast xxx.xxx.xxx.xxx gateway xxx.xxx.xxx.xxx # private ip auto br0:1 iface br0:1 inet static address 10.10.10.254 netmask 255.255.255.0 network 10.10.10.0 broadcast 10.10.10.255 pre-up /sbin/ip link set eth0 up pre-up /sbin/ip link set eth1 up pre-up /usr/sbin/brctl addbr br0 pre-up /usr/sbin/brctl addif br0 eth0 pre-up /usr/sbin/brctl addif br0 eth1 Kind Regards William Bohannan -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Grant Taylor Sent: Thursday, May 31, 2007 2:36 PM To: Mail List - Linux Advanced Routing and Traffic Control Subject: Re: [LARTC] 2 NICs Bridge + Router On 05/31/07 07:22, William Bohannan wrote: Thanks Grant, I am very new to combining NATing and Brigdge. Please can you possibly give an example on how to add the virtual interface. I'll try. I don't recognize the format of the file below, but I'll take a stab at it. Current /etc/networking/interfaces looks like this: --- auto lo iface lo inet loopback auto br0 iface br0 inet static address xxx.xxx.xxx.xxx netmask 255.255.255.128 network xxx.xxx.xxx.xxx broadcast xxx.xxx.xxx.xxx gateway xxx.xxx.xxx.xxx auto br0:1 iface br0:1 inet static address xxx.xxx.xxx.xxx netmask 255.255.255.128 network xxx.xxx.xxx.xxx broadcast xxx.xxx.xxx.xxx gateway xxx.xxx.xxx.xxx pre-up /sbin/ip link set eth0 up pre-up /sbin/ip link set eth1 up pre-up /usr/sbin/brctl addbr br0 pre-up /usr/sbin/brctl addif br0 eth0 pre-up /usr/sbin/brctl addif br0 eth1 - Again this is just a guess and where I would start. You may have better luck seeking support through your distribution. Grant. . . . ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
RE: [LARTC] 2 NICs Bridge + Router
Grant Works well except I cannot for the life of me get NAT working. I have the following setup: ### Network Interface script # /etc/init.d/network/interfaces auto lo iface lo inet loopback auto br0 iface br0 inet static address 193.xxx.xxx.77 netmask 255.255.255.128 network 193.xxx.xxx.0 broadcast 193.xxx.xxx.127 gateway 193.xxx.xxx.126 pre-up /sbin/ip link set eth0 up pre-up /sbin/ip link set eth1 up pre-up /usr/sbin/brctl addbr br0 pre-up /usr/sbin/brctl addif br0 eth0 pre-up /usr/sbin/brctl addif br0 eth1 ### Simple script to start at boot # /etc/init.d/brouter.init echo Bringing up NAT ip addr add 10.10.1.254/24 dev br0 iptables -t nat -A POSTROUTING -o br0 -j MASQUERADE route add -net -n 0.0.0.0 dev br0 #enable forwarding echo 1 /proc/sys/net/ipv4/ip_forward Please advise. Kind Regards William Bohannan -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Grant Taylor Sent: Thursday, May 31, 2007 2:36 PM To: Mail List - Linux Advanced Routing and Traffic Control Subject: Re: [LARTC] 2 NICs Bridge + Router On 05/31/07 07:22, William Bohannan wrote: Thanks Grant, I am very new to combining NATing and Brigdge. Please can you possibly give an example on how to add the virtual interface. I'll try. I don't recognize the format of the file below, but I'll take a stab at it. Current /etc/networking/interfaces looks like this: --- auto lo iface lo inet loopback auto br0 iface br0 inet static address xxx.xxx.xxx.xxx netmask 255.255.255.128 network xxx.xxx.xxx.xxx broadcast xxx.xxx.xxx.xxx gateway xxx.xxx.xxx.xxx auto br0:1 iface br0:1 inet static address xxx.xxx.xxx.xxx netmask 255.255.255.128 network xxx.xxx.xxx.xxx broadcast xxx.xxx.xxx.xxx gateway xxx.xxx.xxx.xxx pre-up /sbin/ip link set eth0 up pre-up /sbin/ip link set eth1 up pre-up /usr/sbin/brctl addbr br0 pre-up /usr/sbin/brctl addif br0 eth0 pre-up /usr/sbin/brctl addif br0 eth1 - Again this is just a guess and where I would start. You may have better luck seeking support through your distribution. Grant. . . . ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] 2 NICs Bridge + Router
On 06/04/07 11:28, William Bohannan wrote: Works well except I cannot for the life of me get NAT working. I have the following setup: Good. ### Network Interface script # /etc/init.d/network/interfaces auto lo iface lo inet loopback auto br0 iface br0 inet static address 193.xxx.xxx.77 netmask 255.255.255.128 network 193.xxx.xxx.0 broadcast 193.xxx.xxx.127 gateway 193.xxx.xxx.126 pre-up /sbin/ip link set eth0 up pre-up /sbin/ip link set eth1 up pre-up /usr/sbin/brctl addbr br0 pre-up /usr/sbin/brctl addif br0 eth0 pre-up /usr/sbin/brctl addif br0 eth1 What would happen if you added additional address, netmask, network, broadcast, and gateway lines? Would that allow you to have aliases defined in this manner, or would it simply over ride the existing settings? ### Simple script to start at boot # /etc/init.d/brouter.init echo Bringing up NAT ip addr add 10.10.1.254/24 dev br0 iptables -t nat -A POSTROUTING -o br0 -j MASQUERADE route add -net -n 0.0.0.0 dev br0 #enable forwarding echo 1 /proc/sys/net/ipv4/ip_forward Hum, this looks like you will be MASQUERADEing any and all traffic that leaves br0. I'm betting that you are MASQUERADEing some traffic that you do not want to MASQUERADE. Please advise. You need to selectively MASQUERADE traffic that is leaving your br0 interface. I.e. MASQUERADE any traffic that is leaving your network headed to the world. You can accomplish this a couple of different ways (possibly more). 1) MASQUERADE any traffic that is not destined to your internal network. In other words MASQUERADE any traffic that is leaving your network. I.e. iptables -t nat -A POSTROUTING -o br0 -d ! 10.10.1.0/24 -j MASQUERADE (If I have that IPTables syntax correct. You get the idea.) 2) MASQUERADE any traffic that is leaving the physical interface that is facing the internet via the physdev IPTables match extension. (Sorry, I have no experience with this option.) Personally, I would try to do it based on destination IP address rather than physical interface for various reasons that are not really pertinent here. Grant. . . . ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
RE: [LARTC] 2 NICs Bridge + Router
Grant Thanks for the quick reply. On the test machine (10.10.1.20) can ping 193.xxx.xxx.77 10.10.1.254 (the brouter), however still cannot ping the internet gateway 193.xxx.xxx.126. Below is my routing table: [root:~]$ route Kernel IP routing table Destination Gateway Genmask Flags Metric RefUse Iface localnet* 255.255.255.128 U 0 00 br0 10.10.1.0 * 255.255.255.0 U 0 00 br0 default * 0.0.0.0 U 0 00 br0 default 193.xxx.xxx.126 0.0.0.0 UG0 00 br0 ## Start up script # echo Bringing up NAT ip addr add 10.10.1.254/24 dev br0 iptables -t nat -A POSTROUTING -o br0 -d ! 10.10.1.0/24 -j MASQUERADE route add -net -n 0.0.0.0 dev br0 #enable forwarding echo 1 /proc/sys/net/ipv4/ip_forward route add default gw 193.220.59.126 ## Network interfaces file # /etc/network/interfaces auto lo iface lo inet loopback auto br0 iface br0 inet static address 193.xxx.xxx.77 netmask 255.255.255.128 network 193.xxx.xxx.0 broadcast 193.xxx.xxx.127 gateway 193.xxx.xxx.126 pre-up /sbin/ip link set eth0 up pre-up /sbin/ip link set eth1 up pre-up /usr/sbin/brctl addbr br0 pre-up /usr/sbin/brctl addif br0 eth0 pre-up /usr/sbin/brctl addif br0 eth1 Thanks again for all the help so far. Kind Regards William Bohannan -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Grant Taylor Sent: Monday, June 04, 2007 4:53 PM To: Mail List - Linux Advanced Routing and Traffic Control Subject: Re: [LARTC] 2 NICs Bridge + Router On 06/04/07 11:28, William Bohannan wrote: Works well except I cannot for the life of me get NAT working. I have the following setup: Good. ### Network Interface script # /etc/init.d/network/interfaces auto lo iface lo inet loopback auto br0 iface br0 inet static address 193.xxx.xxx.77 netmask 255.255.255.128 network 193.xxx.xxx.0 broadcast 193.xxx.xxx.127 gateway 193.xxx.xxx.126 pre-up /sbin/ip link set eth0 up pre-up /sbin/ip link set eth1 up pre-up /usr/sbin/brctl addbr br0 pre-up /usr/sbin/brctl addif br0 eth0 pre-up /usr/sbin/brctl addif br0 eth1 What would happen if you added additional address, netmask, network, broadcast, and gateway lines? Would that allow you to have aliases defined in this manner, or would it simply over ride the existing settings? ### Simple script to start at boot # /etc/init.d/brouter.init echo Bringing up NAT ip addr add 10.10.1.254/24 dev br0 iptables -t nat -A POSTROUTING -o br0 -j MASQUERADE route add -net -n 0.0.0.0 dev br0 #enable forwarding echo 1 /proc/sys/net/ipv4/ip_forward Hum, this looks like you will be MASQUERADEing any and all traffic that leaves br0. I'm betting that you are MASQUERADEing some traffic that you do not want to MASQUERADE. Please advise. You need to selectively MASQUERADE traffic that is leaving your br0 interface. I.e. MASQUERADE any traffic that is leaving your network headed to the world. You can accomplish this a couple of different ways (possibly more). 1) MASQUERADE any traffic that is not destined to your internal network. In other words MASQUERADE any traffic that is leaving your network. I.e. iptables -t nat -A POSTROUTING -o br0 -d ! 10.10.1.0/24 -j MASQUERADE (If I have that IPTables syntax correct. You get the idea.) 2) MASQUERADE any traffic that is leaving the physical interface that is facing the internet via the physdev IPTables match extension. (Sorry, I have no experience with this option.) Personally, I would try to do it based on destination IP address rather than physical interface for various reasons that are not really pertinent here. Grant. . . . ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
RE: [LARTC] 2 NICs Bridge + Router (working debian)
Thank you so much been wanting to do this for ages, finally got it working (had to remove the gw) :) ### /etc/network/interfaces # auto lo iface lo inet loopback auto br0 iface br0 inet static address 193.xxx.xxx.77 netmask 255.255.255.128 network 193.xxx.xxx.0 broadcast 193.xxx.xxx.127 pre-up /sbin/ip link set eth0 up pre-up /sbin/ip link set eth1 up pre-up /usr/sbin/brctl addbr br0 pre-up /usr/sbin/brctl addif br0 eth0 pre-up /usr/sbin/brctl addif br0 eth1 ### /etc/init.d/brouter.sh # echo Bringing up NAT ip addr add 192.168.2.101/24 dev br0 iptables -t nat -A POSTROUTING -o br0 -d ! 192.168.2.0/24 -j MASQUERADE #enable forwarding echo 1 /proc/sys/net/ipv4/ip_forward route add default gw 193.xxx.xxx.126 Kind Regards William Bohannan -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Grant Taylor Sent: Monday, June 04, 2007 4:53 PM To: Mail List - Linux Advanced Routing and Traffic Control Subject: Re: [LARTC] 2 NICs Bridge + Router On 06/04/07 11:28, William Bohannan wrote: Works well except I cannot for the life of me get NAT working. I have the following setup: Good. ### Network Interface script # /etc/init.d/network/interfaces auto lo iface lo inet loopback auto br0 iface br0 inet static address 193.xxx.xxx.77 netmask 255.255.255.128 network 193.xxx.xxx.0 broadcast 193.xxx.xxx.127 gateway 193.xxx.xxx.126 pre-up /sbin/ip link set eth0 up pre-up /sbin/ip link set eth1 up pre-up /usr/sbin/brctl addbr br0 pre-up /usr/sbin/brctl addif br0 eth0 pre-up /usr/sbin/brctl addif br0 eth1 What would happen if you added additional address, netmask, network, broadcast, and gateway lines? Would that allow you to have aliases defined in this manner, or would it simply over ride the existing settings? ### Simple script to start at boot # /etc/init.d/brouter.init echo Bringing up NAT ip addr add 10.10.1.254/24 dev br0 iptables -t nat -A POSTROUTING -o br0 -j MASQUERADE route add -net -n 0.0.0.0 dev br0 #enable forwarding echo 1 /proc/sys/net/ipv4/ip_forward Hum, this looks like you will be MASQUERADEing any and all traffic that leaves br0. I'm betting that you are MASQUERADEing some traffic that you do not want to MASQUERADE. Please advise. You need to selectively MASQUERADE traffic that is leaving your br0 interface. I.e. MASQUERADE any traffic that is leaving your network headed to the world. You can accomplish this a couple of different ways (possibly more). 1) MASQUERADE any traffic that is not destined to your internal network. In other words MASQUERADE any traffic that is leaving your network. I.e. iptables -t nat -A POSTROUTING -o br0 -d ! 10.10.1.0/24 -j MASQUERADE (If I have that IPTables syntax correct. You get the idea.) 2) MASQUERADE any traffic that is leaving the physical interface that is facing the internet via the physdev IPTables match extension. (Sorry, I have no experience with this option.) Personally, I would try to do it based on destination IP address rather than physical interface for various reasons that are not really pertinent here. Grant. . . . ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] 2 NICs Bridge + Router (working debian)
On 06/04/07 13:26, William Bohannan wrote: Thank you so much been wanting to do this for ages, finally got it working (had to remove the gw) :) *nod* I was in the middle of reading your last message when you replied stating that you had fixed your problem. I was just staring at the fact that you had two defaults and wondering if that was not the problem. You are welcome. I'm glad that I was able to help. :) Grant. . . . ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
