Source From Here
Preface
Ever wanted to setup your desktop computer as a network bridge? A bridge differs from a router in that it only looks at layer 2 traffic (MAC addresses)whereas a router inspects at layer 3 of the OSI model (IP addresses). An interesting advantage of running a bridge on your Linux machine is that you can configure it as a transparent bridge with firewall filtering, you could even run something like SNORT, an intrusion detection system for monitoring traffic on the wire. But these are discussions for another day. I would like to cover the functionality of the brctl command in Linux.
The brctl command allows the user to interface with the kernel to actually configure the bridge. The brctl binary is from the bridge-utils package that can be found in the Debian or Ubuntu repositories. To utilize the brctl function you must be running as root or under sudo privileges:
Display All Bridge Interfaces
To see all current bridge interfaces, execute the command:
Create A Bridge
To create a bridge interface simply run the command:
Most people create their initial bridge as ‘br0′, you will see that on most OpenWRT or DD-WRT routers. Now if we output our interfaces using ifconfig we can see our interface. I will also bring the interface up.
Our bridge is just like any other interface, it can even have an IP address assigned to it if you wanted (using ifconfig). Lets display our current bridges now:
You will notice that we do not have STP enabled. STP is the spanning tree protocol that is used to avoid bridging loops. We can enable STP using a brctl command I will outline later. As you can also see here, our bridge has no interfaces in it. Lets add an interface.
Add Interfaces To A Bridge
To add an interface to your bridge is simple:
Notice how the bridge id changed once I added the interface. The bridge will also take on the MAC address of the first interface added to your bridge.
To make it a true bridge, we should probably have two interfaces within that bridge, executing the same command:
Remove Interface From A Bridge
To remove interfaces from the bridge we utilize the delif flag of the brctl command.
Those are the basic features of creating, adding, removing a bridge and its interfaces. There are a few more commands I would like to outline, including STP.
Turning STP On For Your Bridge
To configure your bridge to participate in a spanning tree, you can enter the command:
Display Learned MAC Address On Your Bridge
For the bridge to properly send traffic out the correct interface it keeps a table of all MAC addresses that it has seen and the interface it arrived on. To display this enter the command:
Notice there is an ageing timer. This is the amount of time (in seconds) since this mac address has been seen on the bridge. A ‘garbage’ collector will check every interval if the age is passed the acceptable limit and remove it from the table.
From the brctl manual page:
* brctl setageingtime <brname> <time>
* brctl setgcint <brname> <time>
The areas I have covered include the most used features of the brctl command. There are however, other features as shown by my first output of the brctl command. Refer to the manual page for more information (man brctl).
Supplement
* Linux BRIDGE-STP-HOWTO: About The Linux Modular Bridge And STP
* Wiki - Bridging (networking)
Preface
Ever wanted to setup your desktop computer as a network bridge? A bridge differs from a router in that it only looks at layer 2 traffic (MAC addresses)whereas a router inspects at layer 3 of the OSI model (IP addresses). An interesting advantage of running a bridge on your Linux machine is that you can configure it as a transparent bridge with firewall filtering, you could even run something like SNORT, an intrusion detection system for monitoring traffic on the wire. But these are discussions for another day. I would like to cover the functionality of the brctl command in Linux.
The brctl command allows the user to interface with the kernel to actually configure the bridge. The brctl binary is from the bridge-utils package that can be found in the Debian or Ubuntu repositories. To utilize the brctl function you must be running as root or under sudo privileges:
Display All Bridge Interfaces
To see all current bridge interfaces, execute the command:
Create A Bridge
To create a bridge interface simply run the command:
Most people create their initial bridge as ‘br0′, you will see that on most OpenWRT or DD-WRT routers. Now if we output our interfaces using ifconfig we can see our interface. I will also bring the interface up.
Our bridge is just like any other interface, it can even have an IP address assigned to it if you wanted (using ifconfig). Lets display our current bridges now:
You will notice that we do not have STP enabled. STP is the spanning tree protocol that is used to avoid bridging loops. We can enable STP using a brctl command I will outline later. As you can also see here, our bridge has no interfaces in it. Lets add an interface.
Add Interfaces To A Bridge
To add an interface to your bridge is simple:
Notice how the bridge id changed once I added the interface. The bridge will also take on the MAC address of the first interface added to your bridge.
To make it a true bridge, we should probably have two interfaces within that bridge, executing the same command:
Remove Interface From A Bridge
To remove interfaces from the bridge we utilize the delif flag of the brctl command.
Those are the basic features of creating, adding, removing a bridge and its interfaces. There are a few more commands I would like to outline, including STP.
Turning STP On For Your Bridge
To configure your bridge to participate in a spanning tree, you can enter the command:
Display Learned MAC Address On Your Bridge
For the bridge to properly send traffic out the correct interface it keeps a table of all MAC addresses that it has seen and the interface it arrived on. To display this enter the command:
Notice there is an ageing timer. This is the amount of time (in seconds) since this mac address has been seen on the bridge. A ‘garbage’ collector will check every interval if the age is passed the acceptable limit and remove it from the table.
From the brctl manual page:
* brctl setageingtime <brname> <time>
* brctl setgcint <brname> <time>
The areas I have covered include the most used features of the brctl command. There are however, other features as shown by my first output of the brctl command. Refer to the manual page for more information (man brctl).
Supplement
* Linux BRIDGE-STP-HOWTO: About The Linux Modular Bridge And STP
* Wiki - Bridging (networking)
沒有留言:
張貼留言