I am running RH8.0

The problem is that I have created a bridge to connect my wireless clients to my cat 5 clients(eth0 & eth2). I can reach the internet (eth1 DSL) from both sides of the bridge and both internal networks also see the server where the bridge is located. But I can not get the wireless clients (eth2) to see a clients(eth0) on the Cat5 side or vice versa.

I would like for clients on eth0 side to talk to clients on eth2 side and vice versa. Clients from either side can access the internet (eth1) . However, clients on eth0 can not even ping clients on eth2 and vice versa.

here is my script in rc.local

I think I am missing a route or something.

I have three network devices:
eth0 (Cat5 ethernet - internal network)
eth2 (wireless orinoco card- internal network)
eth1 (Cat5 ethernet - link to internet DSL)

Here is my rc.local init portion:

#Bridge Initialization
ifconfig eth0 down
ifconfig eth2 down

brctl addbr br0
brctl addif br0 eth0
brctl addif br0 eth2

ifconfig eth0 0.0.0.0
ifconfig eth2 0.0.0.0

route add -host 255.255.255.255 dev br0

#Firewall rules
ifconfig br0 192.168.0.1 netmask 255.255.255.0 up

echo 1 > /proc/sys/net/ipv4/conf/br0/proxy_arp

echo 1 > /proc/sys/net/ipv4/ip_forward

iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE

#DHCPD server for internal network
/usr/sbin/dhcpd br0

Thanks in advance.

I've never tried to use a Linux box as a bridge so I can't comment on whether your init script is Ok or not.
However, a mistake I've seen people make with bridges in general is in regards to IP subnets. To be able to bridge the traffic between eth0 and eth2, they both have to be on the same IP subnet. If they are different, they'll never communicate through a bridge.

You didn't show what subnets are on those 2 networks so I figured I'd mention this just in case.

Hmmm,

Are you suggesting something like

route add -host 255.255.255.0 dev eth0
route add -host 255.255.255.0 dev eth2

?

I am not at my home PC is why I am asking?

rodger

cowanrl means that the IPs on the networks that both NICs are connected to (eth0 and eth2, that is) have to be in the same subnet. If on interface is on the 192.168.0.0/24 subnet, and the other is on the 192.168.1.0/24 subnet, then they're on different subnets and I believe bridging won't work.

The /24 in the preceding is 24 bits, that is, a 255.255.255.0 subnet mask.

Sorry about that, i was in a hurry when I responded...



But according to the bridging-stp howto, this is what I did...

www.ibiblio.org/pub/Linux/docs/howto/BRIDGE-STP-HOWTO

6.2. Basic Setup

The standard configuration should consist of:

1. Create the bridge interface.
root@mbb-1:~ # brctl addbr mybridge


2. Add interfaces to the bridge.
root@mbb-1:~ # brctl addif mybridge eth0
root@mbb-1:~ # brctl addif mybridge eth1


3. Zero IP the interfaces.
root@mbb-1:~ # ifconfig eth0 0.0.0.0
root@mbb-1:~ # ifconfig eth1 0.0.0.0


4. Put up the bridge.
root@mbb-1:~ # ifconfig mybridge up


5. Optionally you can configure the virtual interface mybridge to take part
in your network. It behaves like one interface (like a normal network
card). Exactly that way you configure it, replacing the previous command
with something like:
root@mbb-1:~ # ifconfig mybridge 192.168.100.5 netmask 255.255.255.0 up

I-------------------------------------------------------

When I ifconfig a address (so that device eth0 and eth2 have a subnet) it does not work at all.

Am I wrong in my assumption that according to the howto listed. eth0 and eth1 (in the howto) should be able to allow pings from clients on either side to the other?

Is there a way to set up a subnet with out an ip address?

Thanks,

When I ifconfig a address (so that device eth0 and eth2 have a subnet) it does not work at all.

According to the HOWTO, that is correct. You can assign an IP address to the bridging interface but not to the Ethernet interfaces. They must be zeroed out as you did with

ifconfig eth0 0.0.0.0
ifconfig eth2 0.0.0.0

Am I wrong in my assumption that according to the howto listed. eth0 and eth1 (in the howto) should be able to allow pings from clients on either side to the other?

As long as the computers are on the same IP subnet, the pings will pass through the bridge.

If machine A on the eth0 network has an IP address of 192.168.1.1/24, it would be able to ping machine B on the eth2 network that had an IP address of 192.168.1.2/24. When you initiated the ping on machine A, it would realize the machine B is on the same subnet as it and broadcast an arp request for the MAC address of machine b. The bridge would pass the arp broadcast to the eth2 network and machine b would receive it and respond. The pings would then flow back and forth between the machines accross the bridge.

However, if machine A on the eth0 network has an IP address of 192.168.1.1/24, it would not be able to ping machine B on the eth2 network that has an IP address of 192.168.2.2/24. When the ping was initiated on machine A, it would recognize that machine B is on a different subnet and it would try to send the packet to it's default gateway to be routed, not directly to machine B. The arp request sent out by machine A would be for it's default gateway, not for machcine B.

If you have no routing set up between the networks on eth0 and eth2, the machines will never ping each other. As long as they are both on the same subnet, they can ping each other and communicate.


Is there a way to set up a subnet with out an ip address?

No.
Of course, if they are Windows machines, you could set up NetBEUI on them as well as TCP/IP. The NetBEUI traffic would flow between the eth0 and eth2 networks through the bridge and the machines could communicate.
When the machines wanted to access the Internet, the TCP/IP stack would be used.

Thanks,

I believe that both eth0 and eth2 are on the same subnet.

The DHCPD server issues a lease to any requesting client on eth0 or eth2.

The DHCPD server provides a lease according to the dhcpd.conf file here:

ddns-update-style ad-hoc;
default-lease-time 1000000;
max-lease-time 1000000;
option subnet-mask 255.255.255.0;
option broadcast-address 192.168.0.255;
option domain-name-servers 137.118.204.9, 137.118.1.32;
option domain-name "patchworkcrazy.com";

subnet 192.168.0.0 netmask 255.255.255.0 {
range 192.168.0.10 192.168.0.100;
}

The DHCPD server listens on br0 (the bridge) and correctly issues a lease to any requesting client on eth0 or eth2. The clients can now access the specified domain names via ip forwarding (eth1) to the internet (DSL).

So, I would say "yes" according to the dhcpd.conf above, the eth0 and eth2 are on the same subnet: 192.168.0.0. I verified this by doing a ifconfig on each dhcp client from eth0 or eth2.

If you have no routing set up between the networks on eth0 and eth2, the machines will never ping each other. As long as they are both on the same subnet, they can ping each other and communicate.

Hmmm,

Perhaps I could route each device to the other?

Thanks again,

It should work but isn't :(

Mech-Man,

Try putting the eth devices in promiscous mode before the bridging (ifconfig ethn promisc up). Usually, ifconfig will show you if the devices are in PROMISC mode, but sometimes not. The HOWTO mentions that it has to be done before the bridging stuff. If the bridging code isn't doing this automatically the eth devices will only report packets destined to their MAC address or a broadcast address (ff:ff:ff:ff:ff:ff).

If it still doesn't work, post again, as there are some more things to figure out. Also try googling the mailing list at http://www.math.leidenuniv.nl/pipermail/bridge/.

Have fun,
chris

Thanks Chris,


DId the promisc ifconfig then checked... they are in promisc mode.

Still did not work...

I will try the archives also...

thanks for the support.

Mech,

I've never done bridging myself, but here are some things I would be doing if the above didn't work. If nothing else it will hopefully give you a better understanding of what is going on.

Google search. I usually do this last, when I stumped, but I'm sometimes a masochist.

grep your logs for br0, see if anything is strange.

Try running tcpdump on all three interfaces (eth0, eth1, br0) to figure out what packets are going where. If you don't have any traffic on the subnets yet I would use these commands.
tcpdump -w eth0.tcp -i eth0 &
tcpdump -w eth2.tcp -i eth2 &
tcpdump -w br0.tcp -i br0
Then test. Stop the tcpdumps. I would use ethereal to read the dumps. It's graphical decoding of the packets is quite nice. Once you have that you can figure out stuff like is ARP working? Does the ARP packet get to the other network (eth0->eth2)? Are the ICMP (ping) packets working? Perhaps only the broadcast packets work.

What do the arp and route tables on the client machines say (using the output 'arp' and 'route' respectively)? Do they see anything of the other network?

What does the output of 'brctl showbridges' and 'brctl showmacs' say?

Does it work if you don't configure eth0 (and no ip_forwarding or iptables)

Once you've read the mailing list a little, you can figure out what kind of posts are responded to. Whether you try the above or not, you can probably post your question there. Make sure to add what kernel version you have, and what version of the bridge utils you are using.

Have fun,
chris

Thanks Chris,

I will do all the above (just have to install ethereal)

I need ot learn the nitty gritty anyway and this is good stuff to start with.

I will post if I get any results for the fun of it.

As you can tell, I am trying to save from buying a wireless hub :D

Thanks again

Mech-Man,
Apparently you can't bridge 802.11 (wireless) and 802.3 (cabled/cat 5). Look at the "I still don't understand!!" question in the bridging FAQ (http://bridge.sourceforge.net/faq.html). Shucks.

Here are some possible solutions:

Just create two subnets and use linux to route between them. I mean your already doing it for the internet. This is probably the simpliest way. You can have DHCP dole out the proper settings based on the interface the request comes over.

Use proxy ARP, a "psuedo bridge." The HOWTO (http://www.tldp.org/HOWTO/mini/Proxy-ARP-Subnet/) is a little old doesn't work for new kernels (I don't think). But should be pretty trivial to set up. Here is a newer explaintion (http://lartc.org/howto/lartc.bridging.proxy-arp.html). This is from the Linux Advanced Routing & Traffic Control (http://lartc.org/) HOWTO (http://lartc.org/howto/) which explains many of the insane things you can do with networking.

Here are some more links about 802.11 and linux:
Wireless LAN resources for Linux (http://www.hpl.hp.com/personal/Jean_Tourrilhes/Linux/Wireless.html).
linux-wlan (http://www.linux-wlan.org/index.html) from AbsoluteValue Systems (http://www.linux-wlan.com/).
A post (http://www.mail-archive.com/bridge@math.leidenuniv.nl/msg01754.html) on the bridging mailing list pointing to someother resources.
Host AP driver for Intersil Prism2/2.5/3 (http://hostap.epitest.fi/), which means you can become the Access Point for 802.11 for many wireless cards.

There are probably others. Post 'em if you got 'em.

Hope that helps,
chris (who should stop drinking coffee after the sun goes down)

Thank you, Thank you, Thank you...

bastard23

Awesome....

I will get on it and post what works :D

Looks like a nice little mini Howto might be born ;)

Thanks again... I was pulling my hair out!!!!