Need help with Bridge installation

Home Page Forums Network Management Networking Need help with Bridge installation

This topic contains 10 replies, has 0 voices, and was last updated by  myself 8 years, 5 months ago.

Viewing 12 posts - 1 through 12 (of 12 total)
  • Author
    Posts
  • #42720

    myself
    Member

    I discovered ZeroShell about 2 weeks ago and loved it from the beginning 🙂
    I managed to get all services running for our network, but one thing.
    ZS is supposed to run as our Bridge, between our house and the university.
    At the moment our old bridge is still installed, but I put ZS in front of it, so traffic from the house goes through ZS and after that through our old Bridge which I want to get rid of. Unfortunately I can’t get the bridge to work, so all the traffic is entering and leaving ZS on the same network card and you could just skip ZS by entering the old Bridge as gateway (which isn’t what I want)
    Do you have any idea what I could have done wrong? The only thing I did was to add both network devices to a bridge and assign the bridge an IP address and the traffic somehow doesn’t get forwarded to the other network device 🙁
    FYI: ZS, the old bridge and the destination after the old bridge (outside our house) is in the same subnet

    #51314

    ppalias
    Member

    Could you send us the output of the following commands?

    ifconfig -a
    arp -a
    brctl show
    brctl showmacs BRIDGE00
    iptables -L -v
    #51315

    myself
    Member

    sure I can 😉
    Here are the desired outputs, I shortened the FORWARD table, since we do access control with IP/MAC combination in the Firewall and the rules are pretty much the same

    https://gist.github.com/672201

    #51316

    ppalias
    Member

    You have assigned 2 IP addresses in the BRIDGE00 that are in the same subnet. Either remove one or change one to be in another subnet.

    #51317

    myself
    Member

    unfortunately didn’t solve the problem 🙁

    #51318

    ppalias
    Member

    It also looks like you are not learning anything in the ARP table from the ETH00 interface. Maybe your university is blocking the MAC address of the ZS, or they are applying some kind of security, such as 802.1x .
    Apart from that your configuration looks fine to me. You can try it by connecting two workstations on the two interfaces (in the same subnet) and see if they can ping each other.

    #51319

    myself
    Member

    currently the ETH00 interface is connected to the network and the traffic is “bridged” over this network, I tried hooking up my laptop to ETH01… DHCP is giving me the right IP, I can ping ZS, but nothing else and nothing on the other side can ping me 🙁 (in the local network with the same subnet)
    So there should be no problem with port security
    On the other hand, if I connect a PC to one interface with the old bridge and put ZS as Gateway in the PC and in ZS I put the old Bridge in as Gateway everything works… the traffic is going through ZS to the old Bridge to the university

    #51320

    ppalias
    Member

    That proves what I am saying about security. I suppose that the university requires you to acquire IP address via dhcp. Are you acquiring IP from their DHCP on your ZS? Maybe if you don’t get IP from their dhcp no traffic is allowed to your ZS.

    #51321

    myself
    Member

    The DHCP I was talking about is running on ZS, the university don’t have a DHCP Servers

    #51322

    ppalias
    Member

    Then you had better not run DHCP server on ZS directly connected on the university network.
    Are you sure the old bridge is just bridging the two network interfaces, rather than doing something else? The whole setup is pretty straight and the fact that it is not working makes me wonder if you are missing something. If you omit both the old bridge and the ZS and connect the laptop directly on the university network, does it work?

    #51323

    myself
    Member

    I finally figured out what the problem was:
    Somehow there were network filters activated on the bridge like mentioned in this FAQ
    http://www.linuxfoundation.org/collaborate/workgroups/networking/bridge#No_traffic_gets_trough_.28except_ARP_and_STP.29
    After disabling this, everything worked… but it seems like this also disabled QoS…
    Currently I am happy that I found a way to make the Bridge work, I will continue to activate and deactivate some netfilters and watch what triggers the right thing 🙂

    #51324

    myself
    Member

    It looks like I was wrong QoS seems to work and iptables was also untouched by the netfilters I disabled… Does anybody know what they are for? Why does it seems like I am the only one having problems with those netfilters?

Viewing 12 posts - 1 through 12 (of 12 total)

You must be logged in to reply to this topic.