[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: bridging eth1 to eth0

Matt Price wrote:

On 12/29/06, Andrew Sackville-West <andrew@farwestbilliards.com> wrote:

On Fri, Dec 29, 2006 at 04:42:49PM -0500, Matt Price wrote:
> From:         Matt Price <matt.price@utoronto.ca>
> To:   TLUG <tlug@ss.org>
> Subject:      bridge eth1 to eth0?
> Date:         Fri, 29 Dec 2006 15:51:31 -0500
>
>
> hi,
>
> for stupid reasons I need to install via netboot on a compaq tablet
> (hoping this will work, it's my last shot!).  I have an ubuntu desktop
> with two ethernet cards, eth0 & eth1, and have set up dhcp & tftp on
> eth1 as documented in various places on the web, e.g. here:
>
> http://www.debian-administration.org/articles/478
>
>
> this works fine to a point.  I have the ubuntu edgy netboot images
> in /var/lib/tftpboot, my tablet starts up with pxe, finding the images,
> and is ready to install but cannot find the broader internet 0-- it
> doesn't seem to see past the eth1 subnet.  So, probably a simple
> question:  how  do I enable the eth1 traffic to bridge across to eth0
> and thus access the whole internet?  I guess it has something to do with
> ip forwarding or ip masquarading or one of those very scary and arcane
> pieces of dark magic.


yes its ip_forward. not scary or arcane. since you're behind a
firewall, you may not have to do anything more than turn it on. not
sure if it'll pass through back to you -- that may require ip
masquerade. simple easy test:

as root

echo 1 > /proc/sys/net/ipv4/ip_forward

and see what happens. that should immediately turn on ip forwarding.


Thanks Andrew.  I tried this to no effect (even rebooting to make sure
I wasn't missing a step somewhere).   in a small network like this:

WAN
 |
 |
 |
--------------------------------
| cheap linksys router |    192.168.2.1
--------------------------------
|                             |
|                             |
|   (DHCP CLIENT)   |(192.168.2.210, 192.168.0.1)              (DHCP client)
-----------                 -------------------
-----------------
laptop  |                | Desktop   | ------------------------|    Tablet    |
-----------                 -----------------
-----------------


From the Desktop I can ping 192.168.2.1, www.google.com, or the

tablet's dhcp-assigned IP address.  From the laptop I can ping
192.168.2.1, www.google.com, but not 192.168.0.1 (I suppose that's not
really surprising).  From the tablet I can ping 192.168.0.1 but
nothing else.  It's the third part I care about obviously -- do I
really not need any more complex set up than turning on ip_forward?
If not, then I guessthere's something messed up in the set up for the
desktop's networking.  Howm ight I diagnose that?
Anyway thanks again,

Matt
You need several networking kernel drivers as modules or compiled into the kernel, including drivers for iptables, packet routing, and bridging. You can run the command lsmod (if using modules) or if using compiled-in drivers, "zcat /proc/config.gz |grep NET|grep -v \#" to see what drivers you are currently running, as well as read up on driver options in the kernel docs. If you are unfamiliar with the kernel, then you could try posting of the results of these commands so other list members can tell if you have the necessary drivers.
In addition to the /proc filesystem configuration command that others have mentioned, you also need runtime modifications to iptables. These are often done using a firewall script run by init, or manually scripted. There is a dedicated Debian package called guarddog which produces such a script. You might want to take a look at its docs to get an idea of what's required.
Reply to: