Linux ETH bridging

Turn your Linux server into a humble switch… Not so humble though.
Not recommended for desktop distro’s as you will have to turn off the desktop NetworkManager.

What you need:
Kernel Version 2.4 or higher.
Kernel Configuration ‘802.1d Ethernet Bridging’ build in or module.
A working network configuration with atleast 2 Eth’s (nic’s)
Package ‘bridge-utils’ installed.

What you get:
A network switch with a working IP connection for the server it self to use.

Configuration:

# /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE="eth0"
TYPE="Ethernet"
BRIDGE="br0"
HWADDR="00:XX:XX:XX:XX:B0"
ONBOOT="yes"
BOOTPROTO="static"
NM_CONTROLLED="no"
NOZEROCONF="yes"
# /etc/sysconfig/network-scripts/ifcfg-eth1
DEVICE="eth1"
TYPE="Ethernet"
BRIDGE="br0"
HWADDR="00:XX:XX:XX:XX:B1"
ONBOOT="yes"
BOOTPROTO="static"
NM_CONTROLLED="no"
NOZEROCONF="yes"
# /etc/sysconfig/network-scripts/ifcfg-ethX
DEVICE="ethX"
TYPE="Ethernet"
BRIDGE="br0"

etc. etc. for all network cards you want to participate in the bridge.

Then setup a virtual device so that the server as an IP address of it’s own.
Like below.

# /etc/sysconfig/network-scripts/ifcfg-br0
DEVICE="br0"
TYPE="Bridge"
IPADDR="192.168.1.1"
NETMASK="255.255.255.0"
BROADCAST="192.168.1.255"
GATEWAY="192.168.1.254"
ONBOOT="yes"
BOOTPROTO="static"
NM_CONTROLLED="no"
NOZEROCONF="yes"

But I needed 2 nic’s in my server for 2 IP addresses you say ??
No worries… Just alias the br0 device like below.

# /etc/sysconfig/network-scripts/ifcfg-br0:1
DEVICE="br0:1"
TYPE="Bridge"
IPADDR="192.168.2.1"
NETMASK="255.255.255.0"
BROADCAST="192.168.2.255"
GATEWAY="192.168.2.254"
ONBOOT="yes"
BOOTPROTO="static"
NM_CONTROLLED="no"
NOZEROCONF="yes"

Note*
You can’t write iptable rules for eth0 eth1 ethX. You’ll have to write them for br0 instead.
Because all network traffic will pass trough the nic’s transparent at level 2 from the OSI model and iptables packet filtering works at level 3 and 4 from the OSI model.

Note**
The drawback to aliasing is that iptables can’t handle aliased devices.
You’ll have to write iptable rules bound to the ip addresses and not to the devices.

Note***
I read some where that you can not use dhcp client on aliased devices….
I can not confirm or deny that as i don’t use dhcp client on my server.

Note****
Configuring applications and services that (can) bind to hardware devices. The eth0 eth1 ethX are not available to applications and services anymore as they operate now at level 2 data layer (OSI model). You’ll have to modify the configurations to use the bridge devices ‘br0’. Again some applications or services can’t bind to aliases or even virtual devices like the br0. Then you’ll have to bind them to IP address instead.

Note*****
On heavy traffic lan’s cheap ethernet cards won’t cut it.
Low end ethernet devices have a very limited threads capability.
They will start dropping packets… And the whole bridge is as strong as the cheapest card.
because all level 2 traffic from one eth is broadcasted to all other eth devices and that for all eth’s

Note*****
Make sure all eth’s work at the same speed. 1 card at 10Mb half duplex and another at 100Mb full duplex is very very bad. As the slow card now have to buffer traffic from the fast card which it can’t do for long it just don’t have that kind of capabilities. I recon it won’t hold long on even very low traffic lan’s. It’s just bad practice, very bad.

Leave a Reply

Your email address will not be published.

66 − = 56