* Re: [LARTC] 2 NICs Bridge + Router
2007-05-28 13:12 [LARTC] 2 NICs Bridge + Router William Bohannan
@ 2007-05-28 18:39 ` Grant Taylor
2007-05-31 12:22 ` William Bohannan
` (5 subsequent siblings)
6 siblings, 0 replies; 8+ messages in thread
From: Grant Taylor @ 2007-05-28 18:39 UTC (permalink / raw)
To: lartc
On 5/28/2007 8:12 AM, William Bohannan wrote:
> Hi wondering if anyone can help. I have two NICs on a debian sarge based
> system and current running as a bridge (br0) which consists of eth0 and
> eth1. Is it possible to add a virtual interface to the eth1 so I can
> also do NAT on the box as well? I have tried many times and keep coming
> up with errors.
Why not add virtual aliased interfaces to the br0 interface? Do your
NATing there.
Grant. . . .
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
^ permalink raw reply [flat|nested] 8+ messages in thread* RE: [LARTC] 2 NICs Bridge + Router
2007-05-28 13:12 [LARTC] 2 NICs Bridge + Router William Bohannan
2007-05-28 18:39 ` Grant Taylor
@ 2007-05-31 12:22 ` William Bohannan
2007-05-31 14:36 ` Grant Taylor
` (4 subsequent siblings)
6 siblings, 0 replies; 8+ messages in thread
From: William Bohannan @ 2007-05-31 12:22 UTC (permalink / raw)
To: lartc
Thanks Grant, I am very new to combining NATing and Brigdge. Please can
you possibly give an example on how to add the virtual interface.
Current /etc/networking/interfaces looks like this:
---------------------------------------
auto lo
iface lo inet loopback
auto br0
iface br0 inet static
address xxx.xxx.xxx.xxx
netmask 255.255.255.128
network xxx.xxx.xxx.xxx
broadcast xxx.xxx.xxx.xxx
gateway xxx.xxx.xxx.xxx
pre-up /sbin/ip link set eth0 up
pre-up /sbin/ip link set eth1 up
pre-up /usr/sbin/brctl addbr br0
pre-up /usr/sbin/brctl addif br0 eth0
pre-up /usr/sbin/brctl addif br0 eth1
-----------------------------------------
Kind Regards
William Bohannan
-----Original Message-----
From: lartc-bounces@mailman.ds9a.nl
[mailto:lartc-bounces@mailman.ds9a.nl] On Behalf Of Grant Taylor
Sent: Monday, May 28, 2007 6:39 PM
To: Mail List - Linux Advanced Routing and Traffic Control
Subject: Re: [LARTC] 2 NICs Bridge + Router
On 5/28/2007 8:12 AM, William Bohannan wrote:
> Hi wondering if anyone can help. I have two NICs on a debian sarge
based
> system and current running as a bridge (br0) which consists of eth0
and
> eth1. Is it possible to add a virtual interface to the eth1 so I can
> also do NAT on the box as well? I have tried many times and keep
coming
> up with errors.
Why not add virtual aliased interfaces to the br0 interface? Do your
NATing there.
Grant. . . .
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
^ permalink raw reply [flat|nested] 8+ messages in thread* Re: [LARTC] 2 NICs Bridge + Router
2007-05-28 13:12 [LARTC] 2 NICs Bridge + Router William Bohannan
2007-05-28 18:39 ` Grant Taylor
2007-05-31 12:22 ` William Bohannan
@ 2007-05-31 14:36 ` Grant Taylor
2007-06-04 9:46 ` William Bohannan
` (3 subsequent siblings)
6 siblings, 0 replies; 8+ messages in thread
From: Grant Taylor @ 2007-05-31 14:36 UTC (permalink / raw)
To: lartc
On 05/31/07 07:22, William Bohannan wrote:
> Thanks Grant, I am very new to combining NATing and Brigdge. Please
> can you possibly give an example on how to add the virtual interface.
I'll try. I don't recognize the format of the file below, but I'll take
a stab at it.
> Current /etc/networking/interfaces looks like this:
> ---------------------------------------
> auto lo
> iface lo inet loopback
>
> auto br0
> iface br0 inet static
> address xxx.xxx.xxx.xxx
> netmask 255.255.255.128
> network xxx.xxx.xxx.xxx
> broadcast xxx.xxx.xxx.xxx
> gateway xxx.xxx.xxx.xxx
auto br0:1
iface br0:1 inet static
address xxx.xxx.xxx.xxx
netmask 255.255.255.128
network xxx.xxx.xxx.xxx
broadcast xxx.xxx.xxx.xxx
gateway xxx.xxx.xxx.xxx
> pre-up /sbin/ip link set eth0 up
> pre-up /sbin/ip link set eth1 up
> pre-up /usr/sbin/brctl addbr br0
> pre-up /usr/sbin/brctl addif br0 eth0
> pre-up /usr/sbin/brctl addif br0 eth1
> -----------------------------------------
Again this is just a guess and where I would start. You may have better
luck seeking support through your distribution.
Grant. . . .
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
^ permalink raw reply [flat|nested] 8+ messages in thread* RE: [LARTC] 2 NICs Bridge + Router
2007-05-28 13:12 [LARTC] 2 NICs Bridge + Router William Bohannan
` (2 preceding siblings ...)
2007-05-31 14:36 ` Grant Taylor
@ 2007-06-04 9:46 ` William Bohannan
2007-06-04 16:28 ` William Bohannan
` (2 subsequent siblings)
6 siblings, 0 replies; 8+ messages in thread
From: William Bohannan @ 2007-06-04 9:46 UTC (permalink / raw)
To: lartc
Grant
Didn't work comes up with cannot create bridge as already exists and
current bridge br0 stops working. Currently using Debian. Will try the
debian forums to see if someone can help. Thanks again for the
assistance.
# /etc/network/interfaces
auto lo
iface lo inet loopback
# public ip
auto br0
iface br0 inet static
address xxx.xxx.xxx.xxx
netmask 255.255.255.128
network xxx.xxx.xxx.xxx
broadcast xxx.xxx.xxx.xxx
gateway xxx.xxx.xxx.xxx
# private ip
auto br0:1
iface br0:1 inet static
address 10.10.10.254
netmask 255.255.255.0
network 10.10.10.0
broadcast 10.10.10.255
pre-up /sbin/ip link set eth0 up
pre-up /sbin/ip link set eth1 up
pre-up /usr/sbin/brctl addbr br0
pre-up /usr/sbin/brctl addif br0 eth0
pre-up /usr/sbin/brctl addif br0 eth1
Kind Regards
William Bohannan
-----Original Message-----
From: lartc-bounces@mailman.ds9a.nl
[mailto:lartc-bounces@mailman.ds9a.nl] On Behalf Of Grant Taylor
Sent: Thursday, May 31, 2007 2:36 PM
To: Mail List - Linux Advanced Routing and Traffic Control
Subject: Re: [LARTC] 2 NICs Bridge + Router
On 05/31/07 07:22, William Bohannan wrote:
> Thanks Grant, I am very new to combining NATing and Brigdge. Please
> can you possibly give an example on how to add the virtual interface.
I'll try. I don't recognize the format of the file below, but I'll take
a stab at it.
> Current /etc/networking/interfaces looks like this:
> ---------------------------------------
> auto lo
> iface lo inet loopback
>
> auto br0
> iface br0 inet static
> address xxx.xxx.xxx.xxx
> netmask 255.255.255.128
> network xxx.xxx.xxx.xxx
> broadcast xxx.xxx.xxx.xxx
> gateway xxx.xxx.xxx.xxx
auto br0:1
iface br0:1 inet static
address xxx.xxx.xxx.xxx
netmask 255.255.255.128
network xxx.xxx.xxx.xxx
broadcast xxx.xxx.xxx.xxx
gateway xxx.xxx.xxx.xxx
> pre-up /sbin/ip link set eth0 up
> pre-up /sbin/ip link set eth1 up
> pre-up /usr/sbin/brctl addbr br0
> pre-up /usr/sbin/brctl addif br0 eth0
> pre-up /usr/sbin/brctl addif br0 eth1
> -----------------------------------------
Again this is just a guess and where I would start. You may have better
luck seeking support through your distribution.
Grant. . . .
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
^ permalink raw reply [flat|nested] 8+ messages in thread* RE: [LARTC] 2 NICs Bridge + Router
2007-05-28 13:12 [LARTC] 2 NICs Bridge + Router William Bohannan
` (3 preceding siblings ...)
2007-06-04 9:46 ` William Bohannan
@ 2007-06-04 16:28 ` William Bohannan
2007-06-04 16:53 ` Grant Taylor
2007-06-04 17:25 ` William Bohannan
6 siblings, 0 replies; 8+ messages in thread
From: William Bohannan @ 2007-06-04 16:28 UTC (permalink / raw)
To: lartc
Grant
Works well except I cannot for the life of me get NAT working. I have
the following setup:
### Network Interface script
# /etc/init.d/network/interfaces
auto lo
iface lo inet loopback
auto br0
iface br0 inet static
address 193.xxx.xxx.77
netmask 255.255.255.128
network 193.xxx.xxx.0
broadcast 193.xxx.xxx.127
gateway 193.xxx.xxx.126
pre-up /sbin/ip link set eth0 up
pre-up /sbin/ip link set eth1 up
pre-up /usr/sbin/brctl addbr br0
pre-up /usr/sbin/brctl addif br0 eth0
pre-up /usr/sbin/brctl addif br0 eth1
### Simple script to start at boot
# /etc/init.d/brouter.init
echo "Bringing up NAT"
ip addr add 10.10.1.254/24 dev br0
iptables -t nat -A POSTROUTING -o br0 -j MASQUERADE
route add -net -n 0.0.0.0 dev br0
#enable forwarding
echo 1 > /proc/sys/net/ipv4/ip_forward
Please advise.
Kind Regards
William Bohannan
-----Original Message-----
From: lartc-bounces@mailman.ds9a.nl
[mailto:lartc-bounces@mailman.ds9a.nl] On Behalf Of Grant Taylor
Sent: Thursday, May 31, 2007 2:36 PM
To: Mail List - Linux Advanced Routing and Traffic Control
Subject: Re: [LARTC] 2 NICs Bridge + Router
On 05/31/07 07:22, William Bohannan wrote:
> Thanks Grant, I am very new to combining NATing and Brigdge. Please
> can you possibly give an example on how to add the virtual interface.
I'll try. I don't recognize the format of the file below, but I'll take
a stab at it.
> Current /etc/networking/interfaces looks like this:
> ---------------------------------------
> auto lo
> iface lo inet loopback
>
> auto br0
> iface br0 inet static
> address xxx.xxx.xxx.xxx
> netmask 255.255.255.128
> network xxx.xxx.xxx.xxx
> broadcast xxx.xxx.xxx.xxx
> gateway xxx.xxx.xxx.xxx
auto br0:1
iface br0:1 inet static
address xxx.xxx.xxx.xxx
netmask 255.255.255.128
network xxx.xxx.xxx.xxx
broadcast xxx.xxx.xxx.xxx
gateway xxx.xxx.xxx.xxx
> pre-up /sbin/ip link set eth0 up
> pre-up /sbin/ip link set eth1 up
> pre-up /usr/sbin/brctl addbr br0
> pre-up /usr/sbin/brctl addif br0 eth0
> pre-up /usr/sbin/brctl addif br0 eth1
> -----------------------------------------
Again this is just a guess and where I would start. You may have better
luck seeking support through your distribution.
Grant. . . .
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
^ permalink raw reply [flat|nested] 8+ messages in thread* Re: [LARTC] 2 NICs Bridge + Router
2007-05-28 13:12 [LARTC] 2 NICs Bridge + Router William Bohannan
` (4 preceding siblings ...)
2007-06-04 16:28 ` William Bohannan
@ 2007-06-04 16:53 ` Grant Taylor
2007-06-04 17:25 ` William Bohannan
6 siblings, 0 replies; 8+ messages in thread
From: Grant Taylor @ 2007-06-04 16:53 UTC (permalink / raw)
To: lartc
On 06/04/07 11:28, William Bohannan wrote:
> Works well except I cannot for the life of me get NAT working. I have
> the following setup:
Good.
> ### Network Interface script
> # /etc/init.d/network/interfaces
> auto lo
> iface lo inet loopback
>
> auto br0
> iface br0 inet static
> address 193.xxx.xxx.77
> netmask 255.255.255.128
> network 193.xxx.xxx.0
> broadcast 193.xxx.xxx.127
> gateway 193.xxx.xxx.126
>
> pre-up /sbin/ip link set eth0 up
> pre-up /sbin/ip link set eth1 up
> pre-up /usr/sbin/brctl addbr br0
> pre-up /usr/sbin/brctl addif br0 eth0
> pre-up /usr/sbin/brctl addif br0 eth1
What would happen if you added additional address, netmask, network,
broadcast, and gateway lines? Would that allow you to have aliases
defined in this manner, or would it simply over ride the existing settings?
> ### Simple script to start at boot
> # /etc/init.d/brouter.init
> echo "Bringing up NAT"
> ip addr add 10.10.1.254/24 dev br0
> iptables -t nat -A POSTROUTING -o br0 -j MASQUERADE
> route add -net -n 0.0.0.0 dev br0
> #enable forwarding
> echo 1 > /proc/sys/net/ipv4/ip_forward
Hum, this looks like you will be MASQUERADEing any and all traffic that
leaves br0. I'm betting that you are MASQUERADEing some traffic that
you do not want to MASQUERADE.
> Please advise.
You need to selectively MASQUERADE traffic that is leaving your br0
interface. I.e. MASQUERADE any traffic that is leaving your network
headed to the world.
You can accomplish this a couple of different ways (possibly more).
1) MASQUERADE any traffic that is not destined to your internal
network. In other words MASQUERADE any traffic that is leaving your
network. I.e.
iptables -t nat -A POSTROUTING -o br0 -d ! 10.10.1.0/24 -j MASQUERADE
(If I have that IPTables syntax correct. You get the idea.)
2) MASQUERADE any traffic that is leaving the physical interface that
is facing the internet via the physdev IPTables match extension.
(Sorry, I have no experience with this option.)
Personally, I would try to do it based on destination IP address rather
than physical interface for various reasons that are not really
pertinent here.
Grant. . . .
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
^ permalink raw reply [flat|nested] 8+ messages in thread* RE: [LARTC] 2 NICs Bridge + Router
2007-05-28 13:12 [LARTC] 2 NICs Bridge + Router William Bohannan
` (5 preceding siblings ...)
2007-06-04 16:53 ` Grant Taylor
@ 2007-06-04 17:25 ` William Bohannan
6 siblings, 0 replies; 8+ messages in thread
From: William Bohannan @ 2007-06-04 17:25 UTC (permalink / raw)
To: lartc
Grant
Thanks for the quick reply. On the test machine (10.10.1.20) can ping
193.xxx.xxx.77 & 10.10.1.254 (the brouter), however still cannot ping
the internet gateway 193.xxx.xxx.126. Below is my routing table:
[root:~]$ route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use
Iface
localnet * 255.255.255.128 U 0 0 0
br0
10.10.1.0 * 255.255.255.0 U 0 0 0
br0
default * 0.0.0.0 U 0 0 0
br0
default 193.xxx.xxx.126 0.0.0.0 UG 0 0 0
br0
## Start up script
#
echo "Bringing up NAT"
ip addr add 10.10.1.254/24 dev br0
iptables -t nat -A POSTROUTING -o br0 -d ! 10.10.1.0/24 -j MASQUERADE
route add -net -n 0.0.0.0 dev br0
#enable forwarding
echo 1 > /proc/sys/net/ipv4/ip_forward
route add default gw 193.220.59.126
## Network interfaces file
# /etc/network/interfaces
auto lo
iface lo inet loopback
auto br0
iface br0 inet static
address 193.xxx.xxx.77
netmask 255.255.255.128
network 193.xxx.xxx.0
broadcast 193.xxx.xxx.127
gateway 193.xxx.xxx.126
pre-up /sbin/ip link set eth0 up
pre-up /sbin/ip link set eth1 up
pre-up /usr/sbin/brctl addbr br0
pre-up /usr/sbin/brctl addif br0 eth0
pre-up /usr/sbin/brctl addif br0 eth1
Thanks again for all the help so far.
Kind Regards
William Bohannan
-----Original Message-----
From: lartc-bounces@mailman.ds9a.nl
[mailto:lartc-bounces@mailman.ds9a.nl] On Behalf Of Grant Taylor
Sent: Monday, June 04, 2007 4:53 PM
To: Mail List - Linux Advanced Routing and Traffic Control
Subject: Re: [LARTC] 2 NICs Bridge + Router
On 06/04/07 11:28, William Bohannan wrote:
> Works well except I cannot for the life of me get NAT working. I have
> the following setup:
Good.
> ### Network Interface script
> # /etc/init.d/network/interfaces
> auto lo
> iface lo inet loopback
>
> auto br0
> iface br0 inet static
> address 193.xxx.xxx.77
> netmask 255.255.255.128
> network 193.xxx.xxx.0
> broadcast 193.xxx.xxx.127
> gateway 193.xxx.xxx.126
>
> pre-up /sbin/ip link set eth0 up
> pre-up /sbin/ip link set eth1 up
> pre-up /usr/sbin/brctl addbr br0
> pre-up /usr/sbin/brctl addif br0 eth0
> pre-up /usr/sbin/brctl addif br0 eth1
What would happen if you added additional address, netmask, network,
broadcast, and gateway lines? Would that allow you to have aliases
defined in this manner, or would it simply over ride the existing
settings?
> ### Simple script to start at boot
> # /etc/init.d/brouter.init
> echo "Bringing up NAT"
> ip addr add 10.10.1.254/24 dev br0
> iptables -t nat -A POSTROUTING -o br0 -j MASQUERADE
> route add -net -n 0.0.0.0 dev br0
> #enable forwarding
> echo 1 > /proc/sys/net/ipv4/ip_forward
Hum, this looks like you will be MASQUERADEing any and all traffic that
leaves br0. I'm betting that you are MASQUERADEing some traffic that
you do not want to MASQUERADE.
> Please advise.
You need to selectively MASQUERADE traffic that is leaving your br0
interface. I.e. MASQUERADE any traffic that is leaving your network
headed to the world.
You can accomplish this a couple of different ways (possibly more).
1) MASQUERADE any traffic that is not destined to your internal
network. In other words MASQUERADE any traffic that is leaving your
network. I.e.
iptables -t nat -A POSTROUTING -o br0 -d ! 10.10.1.0/24 -j MASQUERADE
(If I have that IPTables syntax correct. You get the idea.)
2) MASQUERADE any traffic that is leaving the physical interface that
is facing the internet via the physdev IPTables match extension.
(Sorry, I have no experience with this option.)
Personally, I would try to do it based on destination IP address rather
than physical interface for various reasons that are not really
pertinent here.
Grant. . . .
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
^ permalink raw reply [flat|nested] 8+ messages in thread