LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 02-09-2018, 04:02 PM   #1
wrobayo
LQ Newbie
 
Registered: Feb 2018
Posts: 5

Rep: Reputation: Disabled
Wink Many linux bridges in one lan


I follow this tutorial to set up some linux bridge's..., everyone with two nic's:

https://wiki.linuxfoundation.org/networking/bridge

When I connect the first bridge to lan every works fine...but when i connect the second bridge to lan: lan performance is poor, and its ping command not response.

Question:

Linux support only one Bridge in the same lan?? or what i made bad?

Thank's,...and sorry for my english
 
Old 02-10-2018, 12:45 AM   #2
Ser Olmy
Senior Member
 
Registered: Jan 2012
Distribution: Slackware
Posts: 3,333

Rep: Reputation: Disabled
What do you mean when you say you "connect the bridge to the LAN"?

A bridge is supposed to connect two different LAN segments, like the ports of a switch. In fact, a switch is a multiport bridge. Connecting several bridges (or switches) to the same LAN will create a loop which, unless the bridges/switches are running Spanning Tree (STP/RSTP), will saturate the network with ever-circulating broadcast packets in an instant.
 
Old 02-10-2018, 03:58 PM   #3
wrobayo
LQ Newbie
 
Registered: Feb 2018
Posts: 5

Original Poster
Rep: Reputation: Disabled
Thanks for reply,

I need connect one lan printer to ubuntu workstation with 2 nics: first to printer and second to lan in the one class room, need different IP address for the printer an workstation in the same lan

I have 20 classroom and only one network point in every classroom, need to see all devices (20 printers and 20 workstations) in the same lan

Please see the follow diagram:


https://www.draw.io/?lightbox=1&high...Kkw8fY%2BOE%2F


Thanks.
 
Old 02-12-2018, 11:40 AM   #4
geppy
LQ Newbie
 
Registered: Dec 2017
Posts: 15

Rep: Reputation: Disabled
On a side note:
stay away from bridges as they are highly hackable

Rules #1: have a router with DDoS (or firewall on SEPARATE compute with DDoS) that blocks 10.x.x.x and 239.x.x.x
Rule #2: mess with arptables or ebtables. Arptables can block sooner. One of blocking setting contradicts with established RFC and requires arptables and not ebtables.

And last but not least: firejail with --net option creates a bridge!

I am learing myself this stuff. (I used to have 10MBit incoming traffic targeting 10.x.x.x addrs - that was max incoming bandwith my connection allowed at that time)

Last edited by geppy; 02-12-2018 at 11:43 AM.
 
Old 02-12-2018, 03:10 PM   #5
Ser Olmy
Senior Member
 
Registered: Jan 2012
Distribution: Slackware
Posts: 3,333

Rep: Reputation: Disabled
Quote:
Originally Posted by wrobayo View Post
I have 20 classroom and only one network point in every classroom, need to see all devices (20 printers and 20 workstations) in the same lan

Please see the follow diagram:
I'd have to say:

a) Yes, your setup ought to work.

b) Why on earth would you want do it this way?

You've added a second NIC to several computers in order to use them as primitive bridges. Surely you could have acquired some 5-port workgroup switches for about the same price as those NICs, and placed one in each classroom? It would have worked better, and you would have had ports to spare.

Regarding the bridge setup, did you move the IP configuration on the workstation from the physical NIC (say, eth0) to the bridge interface (br0 or somesuch)? Failing to do that would explain the loss of IP connectivity.

If the entire LAN slows down to a crawl when you connect new or reconfigured equipment, the most likely explanation is a loop somewhere. Check the activity lights on the main switch; a loop will make them flash like crazy.
 
1 members found this post helpful.
Old 02-12-2018, 03:15 PM   #6
Ser Olmy
Senior Member
 
Registered: Jan 2012
Distribution: Slackware
Posts: 3,333

Rep: Reputation: Disabled
Quote:
Originally Posted by geppy View Post
stay away from bridges as they are highly hackable
That's certainly news to me. Would you care to elaborate?

Quote:
Originally Posted by geppy View Post
Rules #1: have a router with DDoS (or firewall on SEPARATE compute with DDoS) that blocks 10.x.x.x and 239.x.x.x
Rule #2: mess with arptables or ebtables. Arptables can block sooner. One of blocking setting contradicts with established RFC and requires arptables and not ebtables.

And last but not least: firejail with --net option creates a bridge!

I am learing myself this stuff.
I'm sorry, but it seems you have a fair bit of journey ahead of you.

The above "rules" make no sense at all. Perhaps you should refrain from handing out such advice until you've got a better grasp of the basics?
 
Old 02-12-2018, 03:50 PM   #7
wrobayo
LQ Newbie
 
Registered: Feb 2018
Posts: 5

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by Ser Olmy View Post
I'd have to say:

a) Yes, your setup ought to work.

b) Why on earth would you want do it this way?

You've added a second NIC to several computers in order to use them as primitive bridges. Surely you could have acquired some 5-port workgroup switches for about the same price as those NICs, and placed one in each classroom? It would have worked better, and you would have had ports to spare.

Regarding the bridge setup, did you move the IP configuration on the workstation from the physical NIC (say, eth0) to the bridge interface (br0 or somesuch)? Failing to do that would explain the loss of IP connectivity.

If the entire LAN slows down to a crawl when you connect new or reconfigured equipment, the most likely explanation is a loop somewhere. Check the activity lights on the main switch; a loop will make them flash like crazy.

This work is for one .org, that haven't resources for buy the switch, etc.

Printers and ubuntu workstations were donated including the 2 nic's... and I try to connect all to lan.

This is the /etc/network/interfaces file for every "Brigde-workstation":

# Bridge
auto br0
iface br0 inet static
address 192.168.0.6 #change in each workstation
netmask 255.255.255.0
gateway 192.168.0.1
broadcast 192.168.0.255
network 192.168.0.0
dns-nameserver 8.8.8.8 8.8.4.4
bridge_ports eth1 eth0
bridge_stp on
bridge_fd 0
bridge_waitport 0


I reiterate:

If connect only one "Brigde-workstation" to lan every works fine...But when connect second or more "Brigde-workstation" lan performance is poor.

- If bridge is the correct solution: what am I doing wrong?
- What other configurations are the solution?

Thanks again for your help!

Last edited by wrobayo; 02-12-2018 at 03:54 PM.
 
Old 02-12-2018, 05:32 PM   #8
allend
LQ 5k Club
 
Registered: Oct 2003
Location: Melbourne
Distribution: Slackware64-15.0
Posts: 6,357

Rep: Reputation: 2739Reputation: 2739Reputation: 2739Reputation: 2739Reputation: 2739Reputation: 2739Reputation: 2739Reputation: 2739Reputation: 2739Reputation: 2739Reputation: 2739
Quote:
I need connect one lan printer to ubuntu workstation with 2 nics: first to printer and second to lan in the one class room, need different IP address for the printer an workstation in the same lan
You do not want to bridge the interfaces on each workstation. Rather, you want to install each printer locally with printer sharing enabled, so that each workstation can see all other workstations and the associated shared resource.
 
Old 02-17-2018, 09:55 AM   #9
wrobayo
LQ Newbie
 
Registered: Feb 2018
Posts: 5

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by allend View Post
You do not want to bridge the interfaces on each workstation. Rather, you want to install each printer locally with printer sharing enabled, so that each workstation can see all other workstations and the associated shared resource.
thanks for the answer, but it's necessary by lan because need to see all devices way tcp/ip for the print server, that have an app to control the jobs
 
Old 02-19-2018, 05:02 AM   #10
allend
LQ 5k Club
 
Registered: Oct 2003
Location: Melbourne
Distribution: Slackware64-15.0
Posts: 6,357

Rep: Reputation: 2739Reputation: 2739Reputation: 2739Reputation: 2739Reputation: 2739Reputation: 2739Reputation: 2739Reputation: 2739Reputation: 2739Reputation: 2739Reputation: 2739
What is this 'app' on the print server that you want to handle printing, but that can only direct printing to IP addresses and not print queues?
What purpose does it serve?
 
Old 02-19-2018, 10:10 AM   #11
wrobayo
LQ Newbie
 
Registered: Feb 2018
Posts: 5

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by allend View Post
What is this 'app' on the print server that you want to handle printing, but that can only direct printing to IP addresses and not print queues?
What purpose does it serve?
When the "Bridge-workstation" send a print job, the Print server App take the printer counter under snmp protocol
 
Old 02-19-2018, 06:11 PM   #12
allend
LQ 5k Club
 
Registered: Oct 2003
Location: Melbourne
Distribution: Slackware64-15.0
Posts: 6,357

Rep: Reputation: 2739Reputation: 2739Reputation: 2739Reputation: 2739Reputation: 2739Reputation: 2739Reputation: 2739Reputation: 2739Reputation: 2739Reputation: 2739Reputation: 2739
Perhaps you could use firewall rules on the workstation to forward SNMP traffic to the printer.
 
Old 02-21-2018, 09:38 AM   #13
sundialsvcs
LQ Guru
 
Registered: Feb 2004
Location: SE Tennessee, USA
Distribution: Gentoo, LFS
Posts: 10,610
Blog Entries: 4

Rep: Reputation: 3905Reputation: 3905Reputation: 3905Reputation: 3905Reputation: 3905Reputation: 3905Reputation: 3905Reputation: 3905Reputation: 3905Reputation: 3905Reputation: 3905
You can buy a suitable network appliance for about $30 USD, or maybe less, and it would be considerably easier than programming Linux boxes to do the same work.

When you use a switch, the presence of the switch is not evident in the network topology: all of the computers are simply interconnected. You can't play games with IP-addresses. Although there's only one cable connecting one room to the next, all of the computers are on just one subnet.

Far more typical is the use of routers, which do allow more flexible IP-assignment (multiple subnets) and which also provide useful things like firewalls. (If you don't want students in one room to be able to print on the next room's printer, for instance.) Again, these are off-the-shelf appliances that probably cost less than that extra network-interface card.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: Ethernet bridges under Linux LXer Syndicated Linux News 0 05-16-2006 02:21 PM
India Bridges Diggital Gap With Linux. rvijay Linux - News 14 02-27-2005 10:04 AM
Firewall WAN eth0 LAN eth1 self-bridges, eth0 does all routeing. Nichole_knc Linux - Networking 5 07-29-2004 02:33 PM
Linux: Bridges and Switches codedv Linux - Networking 4 03-03-2004 05:20 AM
DWL-810+ -or- Wireless Bridges in Linux andrewb758 Linux - Wireless Networking 3 01-28-2004 01:47 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 07:29 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration