simple Network Bridge?

I'm trying to setup a simple network (aka MAC?) bridge, like you can do
in Windows XP. My RH 7.3 box has 2 nics, eth0 being the main connection
to the lan using 10mbps BNC, and eth1 being a 100mbps cat5 going to a
hub to allow mobile computers to quickly plugin to our lan. (I realize
BNC is rather old, and in the distant future we migth upgrade, but as it
stands we can do so for a long time.)

I have also come across a "mini" how-to, downloaded brcfg and ran
../brcfg -ena but
that doesn't seem to do anything.

Is ther any simple way to get this owrking. The how-to mentioned
something about recompiling the kernel with a CONFIG BRIDGING=y, but
I've never had to recompile it before, and am really not sure how to, so
if this has to be done, could someone please tell me how.

All help much abliged.

Redhat 7.3
Linux 2.4.20-20.7 #1 Mon Aug 18 14:56:30 EDT 2003 i686

On Tue, 6 Jul 2004 23:14:15 -0700, 187 scribbled:

> I'm trying to setup a simple network (aka MAC?) bridge, like you can do
> in Windows XP. My RH 7.3 box has 2 nics, eth0 being the main connection
> to the lan using 10mbps BNC, and eth1 being a 100mbps cat5 going to a
> hub to allow mobile computers to quickly plugin to our lan. (I realize
> BNC is rather old, and in the distant future we migth upgrade, but as it
> stands we can do so for a long time.)
>
> I have also come across a "mini" how-to, downloaded brcfg and ran
> ./brcfg -ena but
> that doesn't seem to do anything.
>
> Is ther any simple way to get this owrking. The how-to mentioned
> something about recompiling the kernel with a CONFIG BRIDGING=y, but
> I've never had to recompile it before, and am really not sure how to, so
> if this has to be done, could someone please tell me how.
>
> All help much abliged.
>
> Redhat 7.3
> Linux 2.4.20-20.7 #1 Mon Aug 18 14:56:30 EDT 2003 i686

You almost never *have* to re-compile your kernel. This can be done without
recompiling.

It's simply a matter of configuring the ethernet cards properly by using
modprobe to load the right driver-modules, configuring them using ifconfig
to give them the right ip-addresses and then concentrating on the bridging,
AFAIK also called ip-forwarding.

When one of the networks (or maybe both) needs to be protected, from each
other or from the outside world, you might want to consider using a
dedicated ip-forwarding firewall. In that case I would recommend the use of
SmoothWall, see http://www.smoothwall.org/ for more info. You can run this
on any old-school pentium that's layin' around collecting dust. It's a
freeware solution for a dedicated ip-forwarding firewall, including the
possibility to have a red, orange and green network (red being the
internet, orange the DMZ and green your firewalled network).

HTH

--
GerardLinux ay tee filternet dee oo tee ann el

|
\ /
.---.
'-. | | .-'
___| |___
-= [ ] =-
`---. .---'
__||__ | | __||__
'-..-' | | '-..-'
|| | | ||
||_.-| |-,_||
.-"` `"`'` `"-.
.' '.

Jesus is alive, I spoke with Him this morning!

To enable bridging, you have to enable it in the kernel. so you *HAVE TO*
recompile the kernel. I suggest you first read:

http://www.digitalhermit.com/linux/K...ild-HOWTO.html

Building the kernel isn't that bad, albeit can be daunting. As long as you
take precautions, such as keeping a copy of a booting kernel, then you
shouldn't have too much a problem.

Any problems then please feel free to ask

Yas

On Tue, 06 Jul 2004 23:14:15 -0700, 187 wrote:

> I'm trying to setup a simple network (aka MAC?) bridge, like you can do
> in Windows XP. My RH 7.3 box has 2 nics, eth0 being the main connection
> to the lan using 10mbps BNC, and eth1 being a 100mbps cat5 going to a
> hub to allow mobile computers to quickly plugin to our lan. (I realize
> BNC is rather old, and in the distant future we migth upgrade, but as it
> stands we can do so for a long time.)
>
> I have also come across a "mini" how-to, downloaded brcfg and ran
> ./brcfg -ena but
> that doesn't seem to do anything.
>
> Is ther any simple way to get this owrking. The how-to mentioned
> something about recompiling the kernel with a CONFIG BRIDGING=y, but
> I've never had to recompile it before, and am really not sure how to, so
> if this has to be done, could someone please tell me how.
>
> All help much abliged.
>
> Redhat 7.3
> Linux 2.4.20-20.7 #1 Mon Aug 18 14:56:30 EDT 2003 i686

On Wed, 07 Jul 2004 10:55:43 +0100, Yas scribbled:

> To enable bridging, you have to enable it in the kernel. so you *HAVE TO*
> recompile the kernel. I suggest you first read:
>
> http://www.digitalhermit.com/linux/K...ild-HOWTO.html
>
> Building the kernel isn't that bad, albeit can be daunting. As long as you
> take precautions, such as keeping a copy of a booting kernel, then you
> shouldn't have too much a problem.
>
> Any problems then please feel free to ask
>
> Yas
>
> On Tue, 06 Jul 2004 23:14:15 -0700, 187 wrote:
>
>> I'm trying to setup a simple network (aka MAC?) bridge, like you can do
>> in Windows XP. My RH 7.3 box has 2 nics, eth0 being the main connection
>> to the lan using 10mbps BNC, and eth1 being a 100mbps cat5 going to a
>> hub to allow mobile computers to quickly plugin to our lan. (I realize
>> BNC is rather old, and in the distant future we migth upgrade, but as it
>> stands we can do so for a long time.)
>>
>> I have also come across a "mini" how-to, downloaded brcfg and ran
>> ./brcfg -ena but
>> that doesn't seem to do anything.
>>
>> Is ther any simple way to get this owrking. The how-to mentioned
>> something about recompiling the kernel with a CONFIG BRIDGING=y, but
>> I've never had to recompile it before, and am really not sure how to, so
>> if this has to be done, could someone please tell me how.
>>
>> All help much abliged.
>>
>> Redhat 7.3
>> Linux 2.4.20-20.7 #1 Mon Aug 18 14:56:30 EDT 2003 i686

Yas, I must admit, I was operating at the boudaries of my knowledge...

Isn't it so that we can tell the modern kernels to do forwarding by:

| # Port forwarding
| for FILE in /proc/sys/net/ipv4/conf/*/[some_file_name]; do
| echo 1 > $FILE
| done

and then:

| # Port forwarding
| /sbin/iptables -N portfwf
| /sbin/iptables -A FORWARD -j portfwf
|
| /sbin/iptables -N dmzholes

??

Your's humbly...


--
GerardLinux ay tee filternet dee oo tee ann el

|
\ /
.---.
'-. | | .-'
___| |___
-= [ ] =-
`---. .---'
__||__ | | __||__
'-..-' | | '-..-'
|| | | ||
||_.-| |-,_||
.-"` `"`'` `"-.
.' '.

Jesus is alive, I spoke with Him this morning!

On Tue, 6 Jul 2004 23:14:15 -0700, 187 <(E-Mail Removed)> wrote:
> I'm trying to setup a simple network (aka MAC?) bridge, like you can do
> in Windows XP. My RH 7.3 box has 2 nics, eth0 being the main connection
> to the lan using 10mbps BNC, and eth1 being a 100mbps cat5 going to a
> hub to allow mobile computers to quickly plugin to our lan. (I realize
> BNC is rather old, and in the distant future we migth upgrade, but as it
> stands we can do so for a long time.)
>
> I have also come across a "mini" how-to, downloaded brcfg and ran
> ./brcfg -ena but
> that doesn't seem to do anything.
>
> Is ther any simple way to get this owrking. The how-to mentioned
> something about recompiling the kernel with a CONFIG BRIDGING=y, but
> I've never had to recompile it before, and am really not sure how to, so
> if this has to be done, could someone please tell me how.
>
> All help much abliged.
>
> Redhat 7.3
> Linux 2.4.20-20.7 #1 Mon Aug 18 14:56:30 EDT 2003 i686

I believe all you have to do is set these two sysctl variables to 1:

net.ipv4.conf.all.forwarding
net.ipv4.conf.all.proxy_arp

--
-- Skylar Thompson ((E-Mail Removed))
-- http://www.cs.earlham.edu/~skylar/

Hi,

Port Forwarding, IP Forwarding and Bridging are all very different things.
The original posts suggests that they would like to setup a bridge.

Yes most things can be configured through /proc/sys, but even these need
to be enabled in the kernel... i.e you wont be able to setup networking
parameters if networking has been disabled in the kernel.

So to setup bridging, you have to first enable it in the kernel. Now i may
be mistaken but iam not aware of any major (non system specific) distro's
that have bridging compiled in to their distributed kernel builds. So
therefore to enable bridging requires a recompile of the kernel.

Hope that helps

Yas



On Wed, 07 Jul 2004 12:31:12 +0200, Gerard Wassink wrote:

> On Wed, 07 Jul 2004 10:55:43 +0100, Yas scribbled:
>
>> To enable bridging, you have to enable it in the kernel. so you *HAVE TO*
>> recompile the kernel. I suggest you first read:
>>
>> http://www.digitalhermit.com/linux/K...ild-HOWTO.html
>>
>> Building the kernel isn't that bad, albeit can be daunting. As long as you
>> take precautions, such as keeping a copy of a booting kernel, then you
>> shouldn't have too much a problem.
>>
>> Any problems then please feel free to ask
>>
>> Yas
>>
>> On Tue, 06 Jul 2004 23:14:15 -0700, 187 wrote:
>>
>>> I'm trying to setup a simple network (aka MAC?) bridge, like you can do
>>> in Windows XP. My RH 7.3 box has 2 nics, eth0 being the main connection
>>> to the lan using 10mbps BNC, and eth1 being a 100mbps cat5 going to a
>>> hub to allow mobile computers to quickly plugin to our lan. (I realize
>>> BNC is rather old, and in the distant future we migth upgrade, but as it
>>> stands we can do so for a long time.)
>>>
>>> I have also come across a "mini" how-to, downloaded brcfg and ran
>>> ./brcfg -ena but
>>> that doesn't seem to do anything.
>>>
>>> Is ther any simple way to get this owrking. The how-to mentioned
>>> something about recompiling the kernel with a CONFIG BRIDGING=y, but
>>> I've never had to recompile it before, and am really not sure how to, so
>>> if this has to be done, could someone please tell me how.
>>>
>>> All help much abliged.
>>>
>>> Redhat 7.3
>>> Linux 2.4.20-20.7 #1 Mon Aug 18 14:56:30 EDT 2003 i686
>
> Yas, I must admit, I was operating at the boudaries of my knowledge...
>
> Isn't it so that we can tell the modern kernels to do forwarding by:
>
> | # Port forwarding
> | for FILE in /proc/sys/net/ipv4/conf/*/[some_file_name]; do
> | echo 1 > $FILE
> | done
>
> and then:
>
> | # Port forwarding
> | /sbin/iptables -N portfwf
> | /sbin/iptables -A FORWARD -j portfwf
> |
> | /sbin/iptables -N dmzholes
>
> ??
>
> Your's humbly...

On Thu, 08 Jul 2004 15:25:01 +0100, Yas scribbled:

> Hi,
>
> Port Forwarding, IP Forwarding and Bridging are all very different things.
> The original posts suggests that they would like to setup a bridge.

Let me see if I can understand this. I would think that:

1) port forwarding is telling your server which service is being delivered
at what server on the network (AKA "NAT" or Network Address Translation?);

2) IP forwarding is translating my internal ip to the external world and
back again (AKA "masquerading"?)

3) Bridging is regulating traffic between two networks with different
address ranges (like my 192.168.0.0/24 network and the ROTW)

Would you agree with these definitions? (Otherwise, let's fumble a bit back
and forth, so this subject becomes clear for the newbies - and we can
re-post it now and then ;>) ).

> Yes most things can be configured through /proc/sys, but even these need
> to be enabled in the kernel... i.e you wont be able to setup networking
> parameters if networking has been disabled in the kernel.

Ah, okay, so I think that most kernels nowadays come "out of the box" with
the most popular features enabled then... ? (for I don't recall ever having
had to rebuild one for this purpose)

> So to setup bridging, you have to first enable it in the kernel. Now i may
> be mistaken but iam not aware of any major (non system specific) distro's
> that have bridging compiled in to their distributed kernel builds. So
> therefore to enable bridging requires a recompile of the kernel.

I suppose that my previous remark was a bit premature then. Come to think
of it (i.e. if my definition is correct) my bridging firewall machine is
equipped with Smoothwall, that I downloaded specifically for this purpose.
Hence it could well be that the good people at SmoothWall precompiled it to
be able to support these functions.

> Hope that helps

It did, and perhaps we can work on the definitions a bit further?

> Yas

Gerard

--
GerardLinux ay tee filternet dee oo tee ann el

|
\ /
.---.
'-. | | .-'
___| |___
-= [ ] =-
`---. .---'
__||__ | | __||__
'-..-' | | '-..-'
|| | | ||
||_.-| |-,_||
.-"` `"`'` `"-.
.' '.

Jesus is alive, I spoke with Him this morning!

Hmmm, your definitions aren't strictly right.....

<SNIP>

>
> 1) port forwarding is telling your server which service is being delivered
> at what server on the network (AKA "NAT" or Network Address Translation?);
>

Not exactly, i suppose you could say (without getting too complicated)
that port forwarding 'falls within' NAT, although NAT is also something
different. Port Forwarding (or PAT, Port Address Translation) allows a
external computer to connect to a service port on a 'port forwarding
device' i.e a firewall and then is forwarded to an internal service port..
i.e if say you have a internal web server but for some chosen reason you
run the httpd service on port 88. To allow external clients to be able to
use a normal browser without them needing to do anything special you could
have a device that sits in between that accepts connections on port 80 and
then forwards them to your internal server on port 88 (in this scenario it
may not be your firewall that is doing this port forwarding but could be a
proxy server - such as Squid). Whereas NAT works on translating an IP
Address.


> 2) IP forwarding is translating my internal ip to the external world and
> back again (AKA "masquerading"?)
>

IP Forwarding, is routing. What you describe as bridging,is actually IP
Forwarding. Masquearding (AFAIK, i maybe wrong) is mainly used within the
Linux world, everywhere else (I know of) people describe it as NAT. Where
as Netfilter peeps, have have defined further
http://www.netfilter.org/documentati...O-4.html#ss4.1
IP Forwarding is usually compiled in to the kernel but for security
reasons usually disabled.


> 3) Bridging is regulating traffic between two networks with different
> address ranges (like my 192.168.0.0/24 network and the ROTW)
>

Bridging is to connect two Ethernet Segments of the same LAN. So nothing
is done to the Ethernet Packet (unlike all of the above), packets are just
passed from one interface of the bridge to the other. One important point
to note about Linux bridging, is that packets will only pass the bridge if
the MAC address of the packet lives on the other side of the bridge.. i.e.
the destination device is connected to a different port. Bridging is
similar to Switching. Bridging is not usually (AFAIK) compiled in to the
kernel.

> Would you agree with these definitions? (Otherwise, let's fumble a bit back
> and forth, so this subject becomes clear for the newbies - and we can
> re-post it now and then ;>) ).
>
>> Yes most things can be configured through /proc/sys, but even these need
>> to be enabled in the kernel... i.e you wont be able to setup networking
>> parameters if networking has been disabled in the kernel.
>
> Ah, okay, so I think that most kernels nowadays come "out of the box" with
> the most popular features enabled then... ? (for I don't recall ever having
> had to rebuild one for this purpose)
>

As mentioned above IP Forwarding is usually compiled in.

>> So to setup bridging, you have to first enable it in the kernel. Now i may
>> be mistaken but iam not aware of any major (non system specific) distro's
>> that have bridging compiled in to their distributed kernel builds. So
>> therefore to enable bridging requires a recompile of the kernel.
>
> I suppose that my previous remark was a bit premature then. Come to think
> of it (i.e. if my definition is correct) my bridging firewall machine is
> equipped with Smoothwall, that I downloaded specifically for this purpose.
> Hence it could well be that the good people at SmoothWall precompiled it to
> be able to support these functions.
>

Yes Smoothwall does have IP Forwarding enabled and compiled in but iam not
sure about bridging.

>> Hope that helps
>
> It did, and perhaps we can work on the definitions a bit further?
>
>> Yas
>
> Gerard

I hope that clarifies things... i would suggest maybe having a look at:

http://www.tldp.org/HOWTO/Networking...w-HOWTO-8.html

That may help further

Yas

On Fri, 09 Jul 2004 14:15:55 +0100, Yas scribbled:

> Hmmm, your definitions aren't strictly right.....
>
> <SNIP>

[SNIP'ped some more...]

Well, and then sometimes we wonder why the newbies can't graps it at
once...

pffff.

As Socrates once said:

Wisdom starts with the defintion of terms


Thanks so far.

--
GerardLinux ay tee filternet dee oo tee ann el

|
\ /
.---.
'-. | | .-'
___| |___
-= [ ] =-
`---. .---'
__||__ | | __||__
'-..-' | | '-..-'
|| | | ||
||_.-| |-,_||
.-"` `"`'` `"-.
.' '.

Jesus is alive, I spoke with Him this morning!

I know what you mean, people like giving the same thing 100 different
names... me... i blame it mainly on marketing peeps!

I just hope i didn't confuse little old newbies further ;o)

Yas



On Fri, 09 Jul 2004 15:48:03 +0200, Gerard Wassink wrote:

> On Fri, 09 Jul 2004 14:15:55 +0100, Yas scribbled:
>
>> Hmmm, your definitions aren't strictly right.....
>>
>> <SNIP>
>
> [SNIP'ped some more...]
>
> Well, and then sometimes we wonder why the newbies can't graps it at
> once...
>
> pffff.
>
> As Socrates once said:
>
> Wisdom starts with the defintion of terms
>
>
> Thanks so far.