Bering-uClibc 4.x - User Guide - Advanced Topics - Setting Up a Bridge

From bering-uClibc
Revision as of 16:41, 20 February 2011 by Davidmbrooke (Talk | contribs) (Created from http://leaf.sourceforge.net/doc/bubridge.html using "html2wiki --dialect=MediaWiki")

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search
Advanced Topics - Setting Up a Bridge
Prev Bering-uClibc 4.x - User Guide Next


Objectives

We assume here that you have a network running with connectivity to the Internet. What follows describes the use of Bering as a bandwidth manager without having to reconfigure the network. The first step is therefore to setup a bridge and is described here. The second step is described in another chapter of the user's guide (Managing QoS with Bering).

Your external interface (to the internet) will be eth0, your internal interface (to your internal network) is supposed to be done through an ethernet network card (eth1).

What follows has been tested with Bering v1.0-stable on a VIA 533 machine with 3 LAN interfaces onboard. (Openbrick box).

The ADSL Bandwidth Management Howto is a useful reference for this section.

Note: This procedure configures Bering as a bridge and hence firewalling cannot be done with shorewall. Bridge supports only filtering on the FORWARD Chain. Shorewall defines rules on input, output, forward and its own tables. If the custom built tables get packets redirected from the FORWARD table, filtering would work. If shorewall based firewalling is also needed, then the bridge should be replaced by a ARP Proxy set-up for which a quick and dirty setup document is available from Rick Onanian. This setup is, however, simpler to configure and manage.

Importance of such a configuration: If we were to plug a LEAF box in as a bandwidth manager or a firewall and can do so in a transparent fashion - meaning none of the computers need to be reconfigured in any form for IP gateways or subnets. This makes it easy to plug this in and out of a production network without users realizing except for maybe throttling of bandwidth. This also improves the capability to provide greater uptimes.

Step 1: declare the bridge package

Boot a Bering floppy image. Once the LEAF menu appears get access to the linux shell by (q)uitting the menu. Edit the syslinux.cfg file and declare bridge in the LRP= list of packages to be loaded at boot. Check the Bering installation guide to learn how to do that.

Your syslinux.cfg file could look like (adjust to your tastes): 

display syslinux.dpy
timeout 0
default linux initrd=initrd.lrp init=/linuxrc rw root=/dev/ram0 boot=/dev/fd0u1680:msdos
PKGPATH=/dev/fd0u1680 LRP=root,etc,local,modules,ppp,keyboard,bridge,dnscache,weblet

The last two lines ("default linux ... dnscache,weblet") must be typed as a single one in syslinux.cfg

Step 2: declare the bridge module:

In order to have the bridge working, you need to have bridging support enabled through the appropriate kernel modules. You also need to declare the driver module of the network card assigned to your internal network. In the following example, this card is supposed to be a Realtek 8139 fast Ethernet module onboard.

To configure your modules, go to the LEAF Packages configuration menu and choose modules. Enter 1) to edit the /etc/modules file and enter the following information: 

(...)
 # Those realtek based NICs need mii module
 mii
 #8139cp
 8139too
 # Bridge support
 bridge
 (...)

bridge.lrp is shipped as part of the standard Bering floppy. The bridge.lrp contains only the utilities and not the kernel module. The kernel modules for the network interface module and bridging can be downloaded from Bering module directory

Copy the modules to /lib/modules directory.

Check if they work by giving the commands as follows in the same order (important): 

Bering -root-
 # insmod mii

 Bering -root-
 # insmod 8139too

 Bering -root-
 # insmod bridge

These should load properly as they do not have any other dependencies.

Step 3: Configure the bridge system

Invoke lrcfg and choose 1) Network configuration and then 1) Network Interfaces. In the interface file, comment all lines except those for the bridge. 

(...)
 #Step 4 (optional): configure a bridge
 auto br0
 iface br0 inet static
        address 192.168.1.254
        masklen 24
        broadcast 192.168.1.255
        bridge_ports all

The address is not mandatory for the system to work as a bridge but will be necessary if you want to log into the system and manage /configure /monitor the system.

Note: Please remember that all other auto configuration and address configurations for all other interfaces should be commented as they become slaves to the bridge and do not have an individual identity.

Step 4: Check if the bridge is working properly

Save the configuration to the boot floppy (through the LEAF backup menu entry) and reboot. Connect the bridge into the network between the gateway and the LAN. During reboot, the system should show a message similar to: 

Bridge firewalling enabled
Eth2 (port 3) entering promiscuous mode.
Eth1 (port 2) entering promiscuous mode.
Eth0 (port 1) entering promiscuous mode.

Eth2 (port 3) entering listening mode.
Eth1 (port 2) entering listening mode.
Eth0 (port 1) entering listening mode.
Bridge (MAXWAIT 32 Seconds)
Eth2 (port 3) entering listening mode.
Eth1 (port 2) entering listening mode.
Eth0 (port 1) entering listening mode.
Topology change detected.
Topology change propogated.

Try to ping the gateway from any system. If the ping goes thro' well, the bridge is working properly. If not, check the cables and the type of cable used. If a straight cable is used between the Bering box and the router, switch it for a crossed cable and try the ping.

Try the command ip li sh and a device called br0 should show up with the ip configured.

Note: The bridge to router cable would need to be a straight cat5 cable as switch to router would normally be a crossed cable. It would do good to have a straight and a crossed cable handy so that both can be tried out.

Step 5: Using the utilities:

bridge.lrp, when installed, provides if-up and if-down files for the bridge to enable custom scripts to run - one good example maybe sending mails out to indicate up and down status of the interface.

brctl is the bridge control utility. brctl show shows all bridges with enslaved interfaces. Since this is most likely the only bridge, you can switch the Spanning Tree Protocol off by giving: 

brctl br0 stp off


Prev Up Next
Retrieved from "http://bering-uclibc.zetam.org/index.php?title=Bering-uClibc_4.x_-_User_Guide_-_Advanced_Topics_-_Setting_Up_a_Bridge&oldid=525"