Many linux bridges in one lan
 

I follow this tutorial to set up some linux bridge's..., everyone with two nic's:

https://wiki.linuxfoundation.org/networking/bridge

When I connect the first bridge to lan every works fine...but when i connect the second bridge to lan: lan performance is poor, and its ping command not response.

Question:

Linux support only one Bridge in the same lan?? or what i made bad?

Thank's,...and sorry for my english

What do you mean when you say you "connect the bridge to the LAN"?

A bridge is supposed to connect two different LAN segments, like the ports of a switch. In fact, a switch is a multiport bridge. Connecting several bridges (or switches) to the same LAN will create a loop which, unless the bridges/switches are running Spanning Tree (STP/RSTP), will saturate the network with ever-circulating broadcast packets in an instant.

Thanks for reply,

I need connect one lan printer to ubuntu workstation with 2 nics: first to printer and second to lan in the one class room, need different IP address for the printer an workstation in the same lan

I have 20 classroom and only one network point in every classroom, need to see all devices (20 printers and 20 workstations) in the same lan

Please see the follow diagram:


https://www.draw.io/?lightbox=1&high...Kkw8fY%2BOE%2F


Thanks.

On a side note:
stay away from bridges as they are highly hackable

Rules #1: have a router with DDoS (or firewall on SEPARATE compute with DDoS) that blocks 10.x.x.x and 239.x.x.x
Rule #2: mess with arptables or ebtables. Arptables can block sooner. One of blocking setting contradicts with established RFC and requires arptables and not ebtables.

And last but not least: firejail with --net option creates a bridge!

I am learing myself this stuff. (I used to have 10MBit incoming traffic targeting 10.x.x.x addrs - that was max incoming bandwith my connection allowed at that time)

I'd have to say:

a) Yes, your setup ought to work.

b) Why on earth would you want do it this way?

You've added a second NIC to several computers in order to use them as primitive bridges. Surely you could have acquired some 5-port workgroup switches for about the same price as those NICs, and placed one in each classroom? It would have worked better, and you would have had ports to spare.

Regarding the bridge setup, did you move the IP configuration on the workstation from the physical NIC (say, eth0) to the bridge interface (br0 or somesuch)? Failing to do that would explain the loss of IP connectivity.

If the entire LAN slows down to a crawl when you connect new or reconfigured equipment, the most likely explanation is a loop somewhere. Check the activity lights on the main switch; a loop will make them flash like crazy.

That's certainly news to me. Would you care to elaborate?

I'm sorry, but it seems you have a fair bit of journey ahead of you.

The above "rules" make no sense at all. Perhaps you should refrain from handing out such advice until you've got a better grasp of the basics?

This work is for one .org, that haven't resources for buy the switch, etc.

Printers and ubuntu workstations were donated including the 2 nic's... and I try to connect all to lan.

This is the /etc/network/interfaces file for every "Brigde-workstation":

# Bridge
auto br0
iface br0 inet static
address 192.168.0.6 #change in each workstation
netmask 255.255.255.0
gateway 192.168.0.1
broadcast 192.168.0.255
network 192.168.0.0
dns-nameserver 8.8.8.8 8.8.4.4
bridge_ports eth1 eth0
bridge_stp on
bridge_fd 0
bridge_waitport 0


I reiterate:

If connect only one "Brigde-workstation" to lan every works fine...But when connect second or more "Brigde-workstation" lan performance is poor.

- If bridge is the correct solution: what am I doing wrong?
- What other configurations are the solution?

Thanks again for your help!

You do not want to bridge the interfaces on each workstation. Rather, you want to install each printer locally with printer sharing enabled, so that each workstation can see all other workstations and the associated shared resource.

thanks for the answer, but it's necessary by lan because need to see all devices way tcp/ip for the print server, that have an app to control the jobs

What is this 'app' on the print server that you want to handle printing, but that can only direct printing to IP addresses and not print queues?
What purpose does it serve?

When the "Bridge-workstation" send a print job, the Print server App take the printer counter under snmp protocol

Perhaps you could use firewall rules on the workstation to forward SNMP traffic to the printer.

You can buy a suitable network appliance for about $30 USD, or maybe less, and it would be considerably easier than programming Linux boxes to do the same work.

When you use a switch, the presence of the switch is not evident in the network topology: all of the computers are simply interconnected. You can't play games with IP-addresses. Although there's only one cable connecting one room to the next, all of the computers are on just one subnet.

Far more typical is the use of routers, which do allow more flexible IP-assignment (multiple subnets) and which also provide useful things like firewalls. (If you don't want students in one room to be able to print on the next room's printer, for instance.) Again, these are off-the-shelf appliances that probably cost less than that extra network-interface card.