config linux as a network switch

Hi,
Is it possible to configure a linux box with several network card as a
switch? If yes, what about port mirroring? Is it possible?

Regards,
Mohsen A. Momeni

Yes, google the term "network bridging with linux".

Basically you need to compile in network bridging support in the kernel, get the
program needed to bridge connections, install the NICs and set up the bridging
with tools like ip-chains or net-filter.

It is more involved than this but that should get you started.

(E-Mail Removed) wrote:
> Hi,
> Is it possible to configure a linux box with several network card as a
> switch? If yes, what about port mirroring? Is it possible?
>
> Regards,
> Mohsen A. Momeni
>

m.alimomeni wrote:
> Is it possible to configure a linux box with several network card as a
> switch? If yes, what about port mirroring? Is it possible?

$ cat /usr/src/linux/net/bridge/Kconfig
#
# 802.1d Ethernet Bridging
#

config BRIDGE
tristate "802.1d Ethernet Bridging"
---help---
If you say Y here, then your Linux box will be able to act as an
Ethernet bridge, which means that the different Ethernet segments it
is connected to will appear as one Ethernet to the participants.
Several such bridges can work together to create even larger
networks of Ethernets using the IEEE 802.1 spanning tree algorithm.
As this is a standard, Linux bridges will cooperate properly with
other third party bridge products.

In order to use the Ethernet bridge, you'll need the bridge
configuration tools; see <fileocumentation/networking/bridge.txt>
for location. Please read the Bridge mini-HOWTO for more
information.

If you enable iptables support along with the bridge support then you
turn your bridge into a bridging IP firewall.
iptables will then see the IP packets being bridged, so you need to
take this into account when setting up your firewall rules.
Enabling arptables support when bridging will let arptables see
bridged ARP traffic in the arptables FORWARD chain.


http://www.mjmwired.net/kernel/Docum...ing/bridge.txt

http://linux-net.osdl.org/index.php/Bridge

http://sourceforge.net/projects/ebtables

http://www.tldp.org/HOWTO/Bridge/

With slackware it's fairly easy. Make shure your Kernel has bridging
compiled in. Then try this Note: Everything in *s is commands - type
without the *s:

*ifconfig eth0 0.0.0.0*
*ifconfig eth1 0.0.0.0*
*ifconfig eth2 0.0.0.0*

The above will null all the network cards on your PC - if they are present
with the correct drivers.

ifconfig -> the ifconfig command, a linux standard
eth0-2 -> The NICs
0.0.0.0 -> To Zero the IP and submask

Then:

*brctl addbr br0*

brctl is a bridge config tool. The addbr br0 says to the kernel to add a
bridge called br0. If you run

*ifconfig | more *

after this step you will be able to see your bridge as a NIC.

Then:

*brctl addif br0 eth0 eth1 eth2*

This tells the kernel to add eth0 eth1 and eth2 network interfaces (the
addif) to br0.

Then:

*ifconfig br0 192.168.0.254*

Change the above IP address to whatever your bridge's IP should be.

You should now be able to connect the your PC's to your linux box and use it
as a bridge - but remember the cables have to be CROSSOVER cables,
otherwise it won't work.

You can put all this into a nice script aswell:
Copy and paste the following (without the -----s) into a file, make it
executable (chmod +x the-file-name) and put it in your system startup. In
slackware add a entry to /etc/rc.d/rc.local to point to your script.

-------------------------------------------------------

#!/bin/sh
#Script to create Bridge
#Quickly written by Constant Meiring

#Config Part
###################################
ETHS="eth0 eth1 eth2 eth3"
BRIDGE_NAME="br0"
BRIDGE_IP="192.168.0.254"
###################################

#Null the NICs

echo Nulling NICs

for ETH_NR in `echo $ETHS`; do
echo " -> " "`echo $ETHNR`"
ifconfig $ETH_NR 0.0.0.0
done

echo Creating Bridge
brctl addbr $BRIDGE_NAME

echo Adding NICs to Bridge
brctl addif $BRIDGE_NAME $ETHS

echo Adding IP to Bridge
ifconfig $BRIDGE_NAME $BRIDGE_IP

echo Done
#EOF

---------------------------------------------------------

Hope this helped.

Constant Meiring

--
----------------------------
Slackware - bcoz we can
----------------------------