[SOLVED] bridging configured but not working

Skaperen · 01-17-2011, 01:55 PM

I have configured bridging based on information from a few web pages Google found. Traffic is being seen (using tcpdump) on both interfaces that are configured. However, the traffic is not going between them. What could be missing?

The bridging machine has 3 NICS: eth0, eth1, eth2. eth0 is configured normally with an IP address (I can login via ssh to it just fine). The bridge is named br0 and uses eth1 and eth2 (a dual NIC card for convenience identifying which NICs are the bridge).

A script executes these commands:

Code:

bash-4.1# /etc/rc.d/rc.bridge-up br0 eth1 eth2
EXECUTING brctl addbr br0
EXECUTING brctl stp br0 off
EXECUTING brctl setageing br0 100
EXECUTING ifconfig eth1 down
EXECUTING ifconfig eth2 down
EXECUTING brctl addif br0 eth1
EXECUTING brctl addif br0 eth2
EXECUTING ifconfig eth1 up 0.0.0.0
EXECUTING ifconfig eth2 up 0.0.0.0
EXECUTING brctl show br0
bridge name     bridge id               STP enabled     interfaces
br0             8000.0025900f20e2       no              eth1
                                                        eth2
bash-4.1#

Then I run tcpdump on eth1 and boot up the netbook connected to it (wireless disabled):

Code:

bash-4.1# tcpdump -lnn -i eth1 
tcpdump: WARNING: eth1: no IPv4 address assigned
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth1, link-type EN10MB (Ethernet), capture size 96 bytes
14:38:26.736677 IP6 :: > ff02::16: HBH ICMP6, multicast listener report v2, 1 group record(s), length 28
14:38:27.047509 IP6 :: > ff02::1:ff92:5a5e: ICMP6, neighbor solicitation, who has fe80::223:54ff:fe92:5a5e, length 24
14:38:27.395549 IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 00:23:54:92:5a:5e, length 300
14:38:28.046422 IP6 fe80::223:54ff:fe92:5a5e > ff02::2: ICMP6, router solicitation, length 16
14:38:28.086393 IP6 fe80::223:54ff:fe92:5a5e > ff02::16: HBH ICMP6, multicast listener report v2, 2 group record(s), length 48
14:38:28.280995 IP6 fe80::223:54ff:fe92:5a5e.5353 > ff02::fb.5353: 0 [3q] [5n][|domain]
14:38:28.310847 IP6 fe80::223:54ff:fe92:5a5e.5353 > ff02::fb.5353: 0*- [0q] 2/0/0[|domain]
14:38:28.530814 IP6 fe80::223:54ff:fe92:5a5e.5353 > ff02::fb.5353: 0 [3q] [5n][|domain]
14:38:28.781051 IP6 fe80::223:54ff:fe92:5a5e.5353 > ff02::fb.5353: 0 [3q] [5n][|domain]
14:38:28.981779 IP6 fe80::223:54ff:fe92:5a5e.5353 > ff02::fb.5353: 0*- [0q] 5/0/0[|domain]
14:38:29.462955 IP6 fe80::223:54ff:fe92:5a5e.5353 > ff02::fb.5353: 0*- [0q] 2/0/0[|domain]
14:38:29.798637 IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 00:23:54:92:5a:5e, length 300
14:38:30.132680 IP6 fe80::223:54ff:fe92:5a5e.5353 > ff02::fb.5353: 0*- [0q] 5/0/0[|domain]
14:38:31.614228 IP6 fe80::223:54ff:fe92:5a5e.5353 > ff02::fb.5353: 0*- [0q] 5/0/0[|domain]
14:38:32.049718 IP6 fe80::223:54ff:fe92:5a5e > ff02::2: ICMP6, router solicitation, length 16
14:38:32.283160 IP6 fe80::223:54ff:fe92:5a5e.5353 > ff02::fb.5353: 0*- [0q] 5/0/0[|domain]
14:38:33.798645 IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 00:23:54:92:5a:5e, length 300
14:38:35.873135 IP6 fe80::223:54ff:fe92:5a5e > ff02::16: HBH ICMP6, multicast listener report v2, 1 group record(s), length 28
14:38:36.057080 IP6 fe80::223:54ff:fe92:5a5e > ff02::2: ICMP6, router solicitation, length 16
14:38:44.804977 IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 00:23:54:92:5a:5e, length 300
14:38:56.803969 IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 00:23:54:92:5a:5e, length 300
14:39:09.802759 IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 00:23:54:92:5a:5e, length 300

Since the netbook never sees the DHCP answers, I manually configure an IP address on the netbook's eth0 and try 5 pings to a server on the LAN:

Code:

14:42:46.591808 IP 172.30.72.6 > 224.0.0.22: igmp v3 report, 1 group record(s)
14:42:46.789346 IP 172.30.72.6.5353 > 224.0.0.251.5353: 0 [4q] [7n][|domain]
14:42:46.819364 IP 172.30.72.6.5353 > 224.0.0.251.5353: 0*- [0q] 2/0/0[|domain]
14:42:47.039733 IP 172.30.72.6.5353 > 224.0.0.251.5353: 0 [4q] [7n][|domain]
14:42:47.290619 IP 172.30.72.6.5353 > 224.0.0.251.5353: 0 [4q] [7n][|domain]
14:42:47.422706 IP 172.30.72.6 > 224.0.0.22: igmp v3 report, 1 group record(s)
14:42:47.491743 IP 172.30.72.6.5353 > 224.0.0.251.5353: 0*- [0q] 7/0/0[|domain]
14:42:47.972715 IP 172.30.72.6.5353 > 224.0.0.251.5353: 0*- [0q] 2/0/0[|domain]
14:42:48.644408 IP 172.30.72.6.5353 > 224.0.0.251.5353: 0*- [0q] 7/0/0[|domain]
14:42:50.125857 IP 172.30.72.6.5353 > 224.0.0.251.5353: 0*- [0q] 6/0/0[|domain]
14:42:50.796501 IP 172.30.72.6.5353 > 224.0.0.251.5353: 0*- [0q] 7/0/0[|domain]
14:43:44.588936 ARP, Request who-has 172.30.16.4 tell 172.30.72.6, length 46
14:43:45.588893 ARP, Request who-has 172.30.16.4 tell 172.30.72.6, length 46
14:43:46.588745 ARP, Request who-has 172.30.16.4 tell 172.30.72.6, length 46
14:43:47.608454 ARP, Request who-has 172.30.16.4 tell 172.30.72.6, length 46
14:43:48.608387 ARP, Request who-has 172.30.16.4 tell 172.30.72.6, length 46
14:43:49.608124 ARP, Request who-has 172.30.16.4 tell 172.30.72.6, length 46

When I do tcpdump for eth2, I see lots of traffic of all kinds since eth2 is connected to the LAN.

The tcpdump commands show me both ethernet ports work, and I see traffic coming in from each. But I see nothing being forwarded over to the other interface within that bridge.

Here is some other info:

Code:

bash-4.1# head /proc/sys/net/bridge/*
==> /proc/sys/net/bridge/bridge-nf-call-arptables <==
1

==> /proc/sys/net/bridge/bridge-nf-call-ip6tables <==
1

==> /proc/sys/net/bridge/bridge-nf-call-iptables <==
1

==> /proc/sys/net/bridge/bridge-nf-filter-pppoe-tagged <==
0

==> /proc/sys/net/bridge/bridge-nf-filter-vlan-tagged <==
0
bash-4.1# grep brid /proc/modules
bridge 49287 0 - Live 0xffffffffa023e000
stp 1600 1 bridge, Live 0xffffffffa0238000
llc 3801 2 bridge,stp, Live 0xffffffffa0232000
bash-4.1# uname -a
Linux nano 2.6.33.4 #3 SMP Wed May 12 23:13:09 CDT 2010 x86_64 AMD Athlon(tm) II X2 220 Processor AuthenticAMD GNU/Linux
bash-4.1# cat /etc/slackware-version
Slackware 13.1.0
bash-4.1#

What more is needed to make the bridging work?

edit: Oh, and I did this with stp on, too ... no difference.

HasC · 01-17-2011, 02:51 PM

yeah... how's exactly configured your bridge and its ports? can you post rc.bridge content? your ifconfig output?

Skaperen · 01-17-2011, 03:01 PM

/etc/rc.d/rc.bridge-up

Code:

#!/bin/sh
#
# /etc/rc.d/rc.bridge-up: Enable a bridge
#

cmd() {
        echo EXECUTING "$@" 1>&2
        "$@"
        return $?
}

enable_bridge() {
        local bname
        local iname
        bname="${1}"
        shift
        cmd brctl addbr "${bname}" || return 1
        cmd brctl stp "${bname}" off
        cmd brctl setageing "${bname}" 100
        for iname in "$@" ; do
                cmd ifconfig "${iname}" down || return 1
        done
        for iname in "$@" ; do
                cmd brctl addif "${bname}" "${iname}" || return 1
        done
        for iname in "$@" ; do
                cmd ifconfig "${iname}" up 0.0.0.0 || return 1
        done
        cmd brctl show "${bname}"
        return 0
}

enable_bridge "$@"

Then this command is done in /etc/rc.d/rc.local (currently commented out so I can do it manually for testing):

Code:

/etc/rc.d/rc.bridge-up br0 eth1 eth2

Here is what ifconfig output looks like:

Code:

bash-4.1# ifconfig -a
br0       Link encap:Ethernet  HWaddr 00:25:90:0f:20:e2  
          BROADCAST MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

eth0      Link encap:Ethernet  HWaddr 00:26:2d:4c:19:7b  
          inet addr:172.30.78.10  Bcast:172.30.255.255  Mask:255.255.0.0
          inet6 addr: fcca::4e0a/128 Scope:Global
          inet6 addr: fe80::226:2dff:fe4c:197b/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:10410 errors:1 dropped:0 overruns:0 frame:1
          TX packets:1046 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:1007828 (984.2 KiB)  TX bytes:188159 (183.7 KiB)
          Interrupt:37 Base address:0xa000 

eth1      Link encap:Ethernet  HWaddr 00:25:90:0f:20:e2  
          inet6 addr: fe80::225:90ff:fe0f:20e2/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:39 errors:0 dropped:0 overruns:0 frame:0
          TX packets:6 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100 
          RX bytes:8170 (7.9 KiB)  TX bytes:468 (468.0 B)
          Memory:febe0000-fec00000 

eth2      Link encap:Ethernet  HWaddr 00:25:90:0f:20:e3  
          inet6 addr: fe80::225:90ff:fe0f:20e3/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:18644 errors:0 dropped:0 overruns:0 frame:0
          TX packets:6 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:2570008 (2.4 MiB)  TX bytes:468 (468.0 B)
          Memory:feba0000-febc0000 

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

bash-4.1#

Skaperen · 01-17-2011, 03:28 PM

Found the answer. What was documented as "optional" to configure an IP address onto the bridge, which made sense on a machine with only 2 NICs (so you can ssh into that machine itself), is really NOT OPTIONAL, because it is needed to bring the bridge itself into a running state (something that "brctl" has no provision to do, even though it might make sense to do it there). What's optional is the IP address. My machine has 3 NICs, 1 dedicated to TCP/IP, 2 dedicated to the bridge.

Documented as optional:

Code:

root@bridge:~> ifconfig br0 10.0.3.129 up

Minimally needed:

Code:

ifconfig br0 up