Let’s assume you have a server with two Ethernet network interface. You wish to bridge traffic between the interfaces. Here are the commands to setup the bridge:
1. Take eth0 off line
1 |
ifconfig eth0 down |
2. Take eth1 off line
1 |
ifconfig eth1 down |
3. Define a bridge named “bridge01”
1 |
brctl addbr bridge01 |
4. Add eth0 to the bridge named “bridge01”
1 |
brctl addif bridge01 eth0 |
5. Add eth1 to the bridge named “bridge01”
1 |
brctl addif bridge01 eth1 |
6. Bring up the Ethernet interfaces with no IP addresses:
1 2 |
ifconfig eth0 0.0.0.0 up ifconfig eth1 0.0.0.0 up |
7. Bring the bridge online with a single ip address
1 |
ifconfig bridge01 192.168.100.101 up |
Try to test by ping from one side of the bridge to the other. It may take up to 30 seconds for the ping to start running due to the learning phase on the bridge.
If it fails then double check the above setup. Take a look at the MAC addresse that the bridge sees with:
1 |
brctl showmacs br1 |
Verify that there is no bridge filtering is turned on:
1 2 |
# cd /proc/sys/net/bridge # for f in bridge-nf-*; do echo 0 > $f; done |
Also might need to enable IP forwarding in /etc/sysctl or with:
1 |
echo "1" > /proc/sys/net/ipv4/ip_forward |
If you actually want to be able to filter via iptables, the bridged traffic then turn on bridge-nf for iptables:
1 |
echo 1 > /proc/sys/net/bridge/bridge-nf-call-iptables |
Now bridged packets will be passed through the FORWARD chain. So for example to log all packets one could do:
1 |
iptables -I FORWARD -j LOG |
or to block all UDP traffic:
1 |
/sbin/iptables -A FORWARD --protocol udp -j DROP |
Additional resources: