LinuxQuestions.org
Latest LQ Deal: Latest LQ Deals
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 05-12-2009, 05:33 PM   #1
GeorgeS069
LQ Newbie
 
Registered: Jun 2004
Distribution: Debian Lenny
Posts: 8

Rep: Reputation: 0
Question How to route IP packets between ethernet bridges?


Hello everyone,
I currently have a DSL connection with Speakeasy that I use to run a few http servers and e-mail for a few domains and I am now, in addition to the DSL line, adding a Verizon FiOS connection that I would like to run through the same system that I have setup now as an ethernet bridge/firewall for my Speakeasy connection so here is the big Question.
Would I be able to route packets that would normally go out to the FiOS connection and then come back through the Speakeasy connection and have them hop over to the other Ethernet bridge?
In other words I would have two bridging devices consisting of 2 NIC's each and I don't want the packets destined for my "other" LAN to go out on the net but, instead just jump to the the other bridge device.

If this is really confusing I will see if I can draw some sort of diagram.

Thank you to anyone who can help!!!

George
 
Old 05-13-2009, 04:14 AM   #2
bhaslinux
Member
 
Registered: Oct 2003
Location: UnitedKingdom
Distribution: Debian Bullseye
Posts: 357

Rep: Reputation: 49
yes! it is confusing.
But all I can say is that having proper routing table entries will solve your problem at the router side.
Also, bridging is at layer2 and you are talking of packets at layer 3.
Can you please explain more ?
 
Old 05-13-2009, 12:17 PM   #3
GeorgeS069
LQ Newbie
 
Registered: Jun 2004
Distribution: Debian Lenny
Posts: 8

Original Poster
Rep: Reputation: 0
I am working on a diagram and I will post that when I'm done later today but, for now, I will try to explain better:

I have a Debian Lenny system with an ethernet bridge(br0) that carries my Speakeasy DSL line and runs iptables for the firewall.
What I would like to do is add another ethernet bridge(br1) to that machine that will carry my new Verizon FiOS line and also be firewalled by iptables. Now here is where it gets complicated... I want the packets from the PC's on the new FiOS line to jump from the new bridge(br1) to the original bridge(br0) instead of routing out to the internet and coming back in through the DSL line and of course I want the same for the PC's on the DSL line(br0) to jump to the PC's on the FiOS line(br1).

On a side note, are there any suggestions on what NIC's I should use for the router/bridges?
Attached Thumbnails
Click image for larger version

Name:	NewNetworkDiagram.JPG
Views:	1070
Size:	69.3 KB
ID:	595  

Last edited by GeorgeS069; 05-13-2009 at 04:07 PM. Reason: Update with more questions and added image of network
 
Old 05-14-2009, 04:30 AM   #4
bhaslinux
Member
 
Registered: Oct 2003
Location: UnitedKingdom
Distribution: Debian Bullseye
Posts: 357

Rep: Reputation: 49
If i am understanding this right:
You want the incoming packets to still come into the eth2 of br1 but you want outgoint packets to go to
eth1 or br0 only.

1. The routing from 192.168.1.0 to 192.168.2.0 is automatically done if you enable
ip forwarding. Just make sure that for the 1.0 network you specify gateway as the br0 ip and for 2.0 it is br1 ip
echo 1 > /proc/sys/net/ipv4/ip_forward (as root)
[ I think this is all what you wanted. ]

2. if you want 2.0 network to reach the internet via br0 instead of br1 you can just add the default route
as br0 ip in the debian machine and enable napt
iptables -t nat -A POSTROUTING -o br0 -j MASQUERADE (as root)
This will take care of always sending packets via br0
 
Old 05-14-2009, 08:39 AM   #5
GeorgeS069
LQ Newbie
 
Registered: Jun 2004
Distribution: Debian Lenny
Posts: 8

Original Poster
Rep: Reputation: 0
No, unfortunately that is not what I want and I do apologize for this being so confusing.

What I want is to have packets that originate at the WinXP machines and are destined for the Debian servers to go directly to the Debian servers across the bridges instead of routing out through the Verizon line and back in through the Speakeasy line.
And of course I want that to work in reverse also. Packets originating at the Debian servers and destined for the WinXP machines should go directly to the WinXP machines across the bridges instead of out through the Speakeasy line and back in through the Verizon line.

I guess the best way to explain it is this: I want my LOCAL packets to stay LOCAL. I don't want to use up bandwidth on both of my lines to get an email from a server 2 feet away from me.

I'm fairly certain this can be done with IPtables and I do have a small amount of experience with IPtables so it shouldn't be too difficult once someone sets me on the right course.
 
Old 05-21-2009, 04:52 AM   #6
baldy3105
Member
 
Registered: Jan 2003
Location: Cambridgeshire, UK
Distribution: Mint (Desktop), Debian (Server)
Posts: 891

Rep: Reputation: 184Reputation: 184
You can configure a bridge interface with an IP address i.e. "ifconfig br0 10.0.3.129 up". If you give each bridge interface an IP address and your Linux box has forwarding enabled, then LAN 1 should route to LAN 2.

You can consider a bridge interface as a virtual interface that bridges between two nics. Once created it is just another interface and can be assigned an IP and routes in the same way as say eth0.

You need to consider how you want the routing to work. The easiest method would be to keep the local router as default-gateway for your hosts, and configure a specific 192.168.x.0 route on the DSL router pointing back to the approriate bridge interface IP.

Otherwise you either need each host on LAN 1 and 2 to have a default-route via the local DSL connection and a specific route to the other LAN via the associated bridge interface IP, or you could point the LAN hosts to the bridge interface IP as default-gateway and a default route on your linux host via the DSL.

Last edited by baldy3105; 05-21-2009 at 04:54 AM.
 
Old 05-22-2009, 03:30 PM   #7
GeorgeS069
LQ Newbie
 
Registered: Jun 2004
Distribution: Debian Lenny
Posts: 8

Original Poster
Rep: Reputation: 0
Thank you Very Much Baldy!!

I'm going to try set this up tomorrow if I can get my wife to logoff DDO for a few hours

The box does have forwarding enabled and it's bridging the DSL line now with IPtables for a firewall for the whole LAN so now I just need to add another bridge for the FiOS and get the routes set.

I've got real IP's for the DSL and that bridge interface does have a real IP so I am thinking that I just need another bridge setup for the FiOS with a 192.168.*.* IP(my FiOS doesn't have real addresses yet) for that bridge and then just use route for the crossovers and then setup IPtables for the new addresses.
 
Old 06-03-2009, 02:58 PM   #8
GeorgeS069
LQ Newbie
 
Registered: Jun 2004
Distribution: Debian Lenny
Posts: 8

Original Poster
Rep: Reputation: 0
Well, I managed to get both bridges up and working and now I have this for my routing table:

Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 br1
66.92.xxx.0 0.0.0.0 255.255.255.0 U 0 0 0 br0
0.0.0.0 192.168.1.1 0.0.0.0 UG 0 0 0 br1
0.0.0.0 66.92.xxx.1 0.0.0.0 UG 0 0 0 br0

So what would I need now to get them routing between the bridges?
Something like route add -net 66.92.xxx.0 netmask 255.255.255.0 dev br0 ?

Thanks again for all your help with this!!
 
Old 06-04-2009, 05:05 PM   #9
baldy3105
Member
 
Registered: Jan 2003
Location: Cambridgeshire, UK
Distribution: Mint (Desktop), Debian (Server)
Posts: 891

Rep: Reputation: 184Reputation: 184
You need to enable ip forwarding, 'echo 1 > /proc/sys/net/ipv4/ip_forward'.
How you enable it permanently depends on your distro.
You need to make sure that you have no firewall blocking your intended traffic
You need your hosts in each ip network to be configured with a default gateway of the respective br ip address
You don't need to add a route for two networks on the same router to talk to each other, they are both "connected" routes.
You need a route to get to any network that is not directly connected to your router
You need a default route 0.0.0.0 to define where traffic to any network not specified explicitly should be sent
You should not have a default route pointing in two directions. The router will either only use the first one configured, or it will try to load balance, sending the first packet one way and the next packet the other way
 
Old 06-06-2009, 10:10 AM   #10
GeorgeS069
LQ Newbie
 
Registered: Jun 2004
Distribution: Debian Lenny
Posts: 8

Original Poster
Rep: Reputation: 0
Hi Baldy and thank you again for your help!

I think I've made some progress on this.Here is my current bridge configuration....

bridge name bridge id STP enabled interfaces
br0 8000.001320a14e34 yes eth0
eth1
br1 8000.0018e708b5fd yes eth2
eth3
and the current routing table is.....

Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 br1
66.92.xxx.0 0.0.0.0 255.255.255.0 U 0 0 0 br0
0.0.0.0 66.92.xxx.1 0.0.0.0 UG 0 0 0 br0

Does this all look sensible to you? Would a copy/paste of the output from an "ifconfig" be helpful also?

When I have this finished should I be able to do a "tracert" from a host on the FiOS connection and only have 1 or 2 hops to a host on the Speakeasy connection?
 
Old 06-06-2009, 02:48 PM   #11
baldy3105
Member
 
Registered: Jan 2003
Location: Cambridgeshire, UK
Distribution: Mint (Desktop), Debian (Server)
Posts: 891

Rep: Reputation: 184Reputation: 184
Correct they should talk directly. Only its not quite right, because a router can only have one default route. (Well you can use policy routing but that gets messy)

If your hosts all use the br interfaces Linux Box as their ip default gateway, then LAN 1 will talk to LAN2 directly via the linux box as you wanted, but LAN 1 and LAN2 internet traffic will all follow the same path out, which is the Linux box's default-route.

Re-reading your post, I think you want LAN 1 hosts to use the Speakeasy DSL and the LAN2 hosts to use the Verizon DSL, but also have them talk to each other, and you may need to rejig things slightly.

The other way to arrange it is that the DSL routers are the default gateway for their respective lans, you then add a static route to LAN2 on the Speakeasy DSL router with the br0 inteface as next-hop.

You then add a static route to LAN1 onto the Verizon DSL router that with the br1 ip as next-hop.

So step by step -

1. Lan 1 hosts use Speakeasy DSL router as DG.
2. On speakeasy DSL router you need

0.0.0.0 mask 0.0.0.0 gw <dsl interface>
and
192.168.2.0 mask 255.255.255.0 gw 192.168.1.<br0 ip>

3. Lan 2 uses Verizon router as DG,

4. On Verizon DSL router you need

0.0.0.0 mask 0.0.0.0 gw <dsl interface>
and
192.168.1.0 mask 255.255.255.0 gw 192.168.2.<br1 ip>

That will do what you're after.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Re-route packets between 2 application servers immortaltechnique Linux - Networking 1 09-22-2008 01:49 PM
not able to route packets through wireless card geek1234 Linux - Wireless Networking 7 12-12-2007 11:08 AM
LXer: Ethernet bridges under Linux LXer Syndicated Linux News 0 05-16-2006 02:21 PM
route packets by their remote port spastikman Linux - Networking 3 08-20-2005 12:23 PM
Route dialup modem packets back through dialup instead of default route cable modem jogress Linux - Networking 1 10-21-2003 03:48 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 04:06 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration