Solved

"Bridge" eth0 to eth1

Posted on 1998-09-01
10
1,951 Views
Last Modified: 2011-09-20
The problem is as follows:
I have two computers. In the first computer there are two ethernet-cards (A:eth0 and A:eth1). In the second computer ther is one ethernet-card (B:eth0). Interface A:eth1 is connected two a LAN, A:eth0 is connected to B:eth0. Each of these interfaces have different IP-numbers (10.10.5.15,10.10.5.16,10.10.5.17). The problem is that I want computer A two "bridge" eth0 to eth1 so computer B can talk to the LAN.
It might be possible to use the bridging utilities but I don't want that. The problem seems to be that my IP-numbers are in the same segment. Note that I'm not allowed two use IP-numbers other than thos given above.
0
Comment
Question by:koffe
10 Comments
 
LVL 4

Expert Comment

by:jlms
ID: 1637922
Why don't you just simply connect B:eth0 to your LAN? If B is close enough to A, then is close enough to the infraestructure of the LAN, so to me (unless you explain why do you need this arrangement) what you are trying to do looks silly.

   Nevertheless, when you ping from B to A:eth0 or A:eth1, What messages do you get???
0
 

Author Comment

by:koffe
ID: 1637923
The reason for this arrangement is that I'm using TP-cables for connection between the cards and the LAN. Another reason is that I don't want to buy a HUB.

When "pinging" from B to A:eth0 I get a response but not when "pinging" from B to A:eth1, of course "pinging" from A to B works OK. The trouble seems to be to configure the routing table correctly.
0
 
LVL 4

Expert Comment

by:jlms
ID: 1637924
Usually the only thing you have to do is define the default router (in this case A:eth0). Did you try it already? Do you know how to do it?

  There is also the posibility that masquerading could help. I used it to use our only modem to access the Internet from any machine, but I guess can be used also in this case.

   Your B machine could have any IP number and trough masquerading in A (and defining in B machine A as a router) it could communicate with the rest of the network.
0
 
LVL 2

Expert Comment

by:richrussell
ID: 1637925
Assuming A has access to the LAN, and can ping B, and B can ping A, all you should have to do is set B's default gateway to be A's IP address.

Make sure that B's IP address is valid for the LAN, otherwise you'll have to use masquerading, which is a tad more complicated to set up.


0
 
LVL 1

Expert Comment

by:tim_lbi
ID: 1637926
Try this:
On A:
ifconfig eth1   -> an write down the MAC address.
arp -s b_eth0_ip_addr a_eth1_mac_addr pub
       ^^^^^^^^^^^^^^ ^^^^^^^^^^^^^^^ replace those with
B:eth0 ip addr, and A:eth1 MAC addr.

On B:
DELETE ANY ROUTE TO NETWORK 10.10.xx.xx
(ifconfig eth0 down, ifconfig eth1 up for quick erase)
route add -host a_eth0_ip_add dev eth0
route add default gw a_eth0_ip_addr


0
What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

 
LVL 1

Expert Comment

by:c4lv1n
ID: 1637927
This is not a trivial problem if you do not know about routing and gatewaying.
But I will try to give you a short answer which might help you get access from one LAN connected to one interface to a second one in the same system.
This is not bridging, this is routing. A bridge is something different.
First of all you need to compile a new kernel with the "IP-forwarding and gatewaying" enabled. This will make the kernel able to route packets coming in from one interface straight forward to the other connected interfaces and vice versa.
After this is done you must configure your interfaces (I think you have already done this). You can do this automatically at startup or manualy like this:
ifconfig ethX down  ( shut down interface ethX)
ifconfig ethX up       ( setup interface ethX)
this assumes your environment variables which carry your IP-No and the interface parameters are correctly set up via /etc/rc.config .
But you must know something important:
If you want to connect a simple class b/c network together or to the internet the you should take the correct IP-Numbers which are reserved especially for purposes like this:
192.168.xxx.yyy
Assume that the xxx portion is called subnet number, then the yyy portion is the host number (or call it identifier). Each of your network adapters (interfaces) in your machine is connected to a different network, so the network portion (xxx) MUST NOT be the same. Also it MUST MOT be 255 (same as the host portion) because this is reserved for broadcast only (all bits set means all interfaces in the reachable area).
Example:
first adapter/interface : 192.168.1.100
second  ad / iface       : 192.168.2.100
This machine connects two networks to each other, so to reach the other subnet, machines connected to subnet 1 must use 192.168.1.100 as gateway. Machines connected to subnet 2 must use 192.168.2.100 as gayteway to reach subnet 1.
Understand ?
But this is only the hardware connection. On the routing and gatewaying machine the kernel need to be told in which direction the received packets should be sent. So set up the routing table (via /etc/route.conf or manual "route") correctly like this:
192.168.1.0   ...........................     eth0    (means that all packets to subnet 1 are sent over eth0)
192.168.2.0   ...........................     eth1
Check routing table by typing "route -n".
This is very important. It tells the kernel where to route the packets which are received from all available interfaces in the machine.

One word to your IP-Numbers:
192.168.xxx.yyy are reserved for any kind of subnet not connected directly to the internet. But this does not mean that you cannot try your own numbers. But it means that if you should ever be connected to the web, the numberes of your choice may be given to a internet host which then will conflict with your machine. Please use the 192.168...

Look at the linux IP-Subnetworking-HowTo. It will help you.

Ok, I do not know if something is missing. Ask me again if you want to get further help.
0
 
LVL 4

Expert Comment

by:jlms
ID: 1637928
About c4lv1n's answer, I thing he/she is overlooking the fact that the IP addresses are already fixed and can't be changed.
Another issue is that even if it is possible to use masquerading, how are machines in the LAN going to identify the B machine? Masquerading works for B to see the LAN but I don't thing it does work the other way around!.

  Nevertheless if the LAN is isolated then the easiest thing is to change B's IP address and use noermal routing procedures.
0
 

Author Comment

by:koffe
ID: 1637929
The configuration that you suggest do work, but that ain't the solution to my problem. The bottom line is that my IP-numbers are from the same network-segment and therefore the automatic routing procedures don't seem to work.

Apossible solution would be if there was a way of telling the kernel to swithc the incoming packets from eth0 to eth1. Like a bridge!!!!
0
 
LVL 3

Accepted Solution

by:
marcelofr earned 200 total points
ID: 1637930
There is one: configure linux kernel as bridge. Move to your kernel source directory and run:

make menuconfig

in "Code maturity level options" enable "Prompt for develop..." and go to "Networking options" and enable "Bridging...", compile, install and your done... But your choice is bridging XOR routing..

Good Luck
0
 
LVL 2

Expert Comment

by:JYoungman
ID: 1637931
koffee, you should be able to do this with routing even if the addresses appear to be o the same subnet by adding a special host route:-

route add -host B dev eth0

(you may need to use this instead:-

route add -host B gw A-eth0-address dev eth0

where A-eth0-address is the IP address of the eth0 interface on A)

0

Featured Post

Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

Join & Write a Comment

Daily system administration tasks often require administrators to connect remote systems. But allowing these remote systems to accept passwords makes these systems vulnerable to the risk of brute-force password guessing attacks. Furthermore there ar…
I am a long time windows user and for me it is normal to have spaces in directory and file names. Changing to Linux I found myself frustrated when I moved my windows data over to my new Linux computer. The problem occurs when at the command line.…
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now