Network Bridge Setup Issue

PsychoGTI · 07-20-2007, 11:08 AM

Hello Everyone!

I'm running Suse 10.0, and am trying to setup a VPN and need to bridge my eth0 interface on my local LAN to a tap0 interface for the VPN. I have installed the bridge-utils package in order to do this, and am running the following script in order to setup the bridge:

Code:

# Define Bridge Interface
br="br0"

# Define list of TAP interfaces to be bridged,
# for example tap="tap0 tap1 tap2".
tap="tap0"

# Define physical ethernet interface to be bridged
# with TAP interface(s) above.
eth="eth0"
eth_ip="192.168.1.110"
eth_netmask="255.255.255.128"
eth_broadcast="192.168.1.127"

for t in $tap; do
	openvpn --mktun --dev $t
done

brctl addbr $br
brctl addif $br $eth

for t in $tap; do
	brctl addif $br $t
done

for t in $tap; do
	ifconfig $t 0.0.0.0 promisc up
done

ifconfig $eth 0.0.0.0 promisc up

ifconfig $br $eth_ip netmask $eth_netmask broadcast $eth_broadcast

Here's a before and after shot of my ifconfig:

Code:

Before:
eth0	  Link encap:Ethernet  HWaddr 00:13:D4:6C:F7:9A  
		  inet addr:192.168.1.110  Bcast:192.168.1.127  Mask:255.255.255.128
		  inet6 addr: fe80::213:d4ff:fe6c:f79a/64 Scope:Link
		  UP BROADCAST NOTRAILERS RUNNING PROMISC MULTICAST  MTU:1500  Metric:1
		  RX packets:141228 errors:0 dropped:0 overruns:0 frame:0
		  TX packets:256980 errors:0 dropped:0 overruns:0 carrier:0
		  collisions:0 txqueuelen:1000 
		  RX bytes:15545992 (14.8 Mb)  TX bytes:31405601 (29.9 Mb)
		  Interrupt:193 

lo		Link encap:Local Loopback  
		  inet addr:127.0.0.1  Mask:255.0.0.0
		  inet6 addr: ::1/128 Scope:Host
		  UP LOOPBACK RUNNING  MTU:16436  Metric:1
		  RX packets:397614 errors:0 dropped:0 overruns:0 frame:0
		  TX packets:397614 errors:0 dropped:0 overruns:0 carrier:0
		  collisions:0 txqueuelen:0 
		  RX bytes:31398802 (29.9 Mb)  TX bytes:31398802 (29.9 Mb)

After:
br0	   Link encap:Ethernet  HWaddr 00:13:D4:6C:F7:9A  
		  inet addr:192.168.1.110  Bcast:192.168.1.127  Mask:255.255.255.128
		  inet6 addr: fe80::213:d4ff:fe6c:f79a/64 Scope:Link
		  UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
		  RX packets:224 errors:0 dropped:0 overruns:0 frame:0
		  TX packets:428 errors:0 dropped:0 overruns:0 carrier:0
		  collisions:0 txqueuelen:0 
		  RX bytes:21254 (20.7 Kb)  TX bytes:69896 (68.2 Kb)

eth0	  Link encap:Ethernet  HWaddr 00:13:D4:6C:F7:9A  
		  inet6 addr: fe80::213:d4ff:fe6c:f79a/64 Scope:Link
		  UP BROADCAST NOTRAILERS RUNNING PROMISC MULTICAST  MTU:1500  Metric:1
		  RX packets:142462 errors:0 dropped:0 overruns:0 frame:0
		  TX packets:259029 errors:0 dropped:0 overruns:0 carrier:0
		  collisions:0 txqueuelen:1000 
		  RX bytes:15677159 (14.9 Mb)  TX bytes:31676506 (30.2 Mb)
		  Interrupt:193 

lo		Link encap:Local Loopback  
		  inet addr:127.0.0.1  Mask:255.0.0.0
		  inet6 addr: ::1/128 Scope:Host
		  UP LOOPBACK RUNNING  MTU:16436  Metric:1
		  RX packets:400928 errors:0 dropped:0 overruns:0 frame:0
		  TX packets:400928 errors:0 dropped:0 overruns:0 carrier:0
		  collisions:0 txqueuelen:0 
		  RX bytes:31687345 (30.2 Mb)  TX bytes:31687345 (30.2 Mb)

tap0	  Link encap:Ethernet  HWaddr 16:DE:9C:29:45:72  
		  inet6 addr: fe80::14de:9cff:fe29:4572/64 Scope:Link
		  UP BROADCAST RUNNING PROMISC MULTICAST  MTU:1500  Metric:1
		  RX packets:0 errors:0 dropped:0 overruns:0 frame:0
		  TX packets:0 errors:0 dropped:8 overruns:0 carrier:0
		  collisions:0 txqueuelen:0 
		  RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)

For some reason, I can easily access other PC's on my internal 192.168.1.1 network and on the internet before the bridge, but then after I can only reach internal LAN PC's, and not resolve ANY external addresses. My new routing table looks like this:

Code:

Kernel IP routing table
Destination	 Gateway		 Genmask		 Flags Metric Ref	Use Iface
192.168.1.0	 *			   255.255.255.128 U	 0	  0		0 br0
192.168.1.0	 *			   255.255.255.128 U	 0	  0		0 eth0
link-local	  *			   255.255.0.0	 U	 0	  0		0 eth0
loopback		*			   255.0.0.0	   U	 0	  0		0 lo
default		 192.168.1.1	 0.0.0.0		 UG	0	  0		0 eth0

Or sometimes like this (seems kinda hokey):

Code:

Kernel IP routing table
Destination	 Gateway		 Genmask		 Flags Metric Ref	Use Iface
192.168.1.0	 *			   255.255.255.128 U	 0	  0		0 br0
loopback		*			   255.0.0.0	   U	 0	  0		0 lo

Is there some known bug for this? Am I doing anything blatantly wrong and just can't see it? I think I've got the commands in the correct order, but have no idea why I see the two different route tables from time to time. I've tried disabling my firewall completely, and messing around with the router setting as well.

Any help would be greatly appreciated. Thanks!

PsychoGTI · 07-24-2007, 08:28 PM

Any help would be appreciated.... I'm still fighting this problem. Does the script/command structure look right at least? Am I leaving anything out?

Thanks in advance!