Debian – Linking Ethernet interfaces

debianethernetlinuxnetworking

I'm quite new to Linux networking.

I have a Debian PC with two Ethernet interfaces, one embedded on the motherboard and another on a PCI card. The first one, let say eth0 is connected to my router (which is connected to Inet). I want to "link" eth1 to eth0, in order to access my router (and Inet) when I plug a cable in eth1. The same way the eth0 cable is connected to one of my router's Ethernet ports.

The Debian PC should also be able to access Inet and LAN, and thus not simply behave as a "virtual link" between the cable plugged in eth0 (coming from my router) and the cable plugged in eth1 (going to another PC).

Is this achievable? How?

Best Answer

You can use a bridge interface. You can use brctl from bridge-utils to create a bridge interface. For example,

$ brctl addbr br0
$ brctl addif br0 eth0 eth1
$ brctl show
bridge name     bridge id               STP enabled     interfaces
br0             8000.00004c9f0bd2       no              eth0
                                                        eth1

So after adding interfaces eth0 & eth1 into the bridge device br0 you're left with the following setup. You can use ifconfig to see it:

$ ifconfig eth0
eth0      Link encap:Ethernet  HWaddr BC:AE:AA:34:22:11  
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
...

$ ifconfig eth1
eth1      Link encap:Ethernet  HWaddr BC:AE:AA:34:11:22  
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
...

And the bridge device with the IP address:

$ ifconfig br0
br0       Link encap:Ethernet  HWaddr BC:AE:C5:11:22:33  
          inet addr:192.168.1.20  Bcast:192.168.1.255  Mask:255.255.255.0
...

Related Solutions

2 IPs on 1 ethernet adapter

There is a Linux-feature which makes your machine reply for every IP address assigned, on every interface, when they share the same IP subnet, regardless of the particular IP-interface assignments. This may or may not be desirable for you.

This feature is switched on by default, and you can configure it through sysctl.

For the output traffic, your machine works like this: for every interface configured as UP, a route entry will be inserted into the routing table, regardless of whether there is link or not, and regardless of whether any other nodes are reachable through that interface or not. Since you have two interfaces for the same IP subnet, you'll have two identical routes in the routing table. The OS will only use one of them, and you have no control over which one will be used! Also, which one will get used is independent from the incoming address of the packet in reply to which the output packet will be sent. This means, that failover in general does not work as you'd expect.

arp_filter - BOOLEAN

1 - Allows you to have multiple network interfaces on the same subnet, and have the ARPs for each interface be answered based on whether or not the kernel would route a packet from the ARP'd IP out that interface (therefore you must use source based routing for this to work). In other words it allows control of which cards (usually 1) will respond to an arp request.

0 - (default) The kernel can respond to arp requests with addresses from other interfaces. This may seem wrong but it usually makes sense, because it increases the chance of successful communication. IP addresses are owned by the complete host on Linux, not by particular interfaces. Only for more complex setups like load-balancing, does this behaviour cause problems.

arp_filter for the interface will be enabled if at least one of conf/{all,interface}/arp_filter is set to TRUE, it will be disabled otherwise

arp_announce - INTEGER

Define different restriction levels for announcing the local source IP address from IP packets in ARP requests sent on interface:

0 - (default) Use any local address, configured on any interface

1 - Try to avoid local addresses that are not in the target's subnet for this interface. This mode is useful when target hosts reachable via this interface require the source IP address in ARP requests to be part of their logical network configured on the receiving interface. When we generate the request we will check all our subnets that include the target IP and will preserve the source address if it is from such subnet. If there is no such subnet we select source address according to the rules for level 2.

2 - Always use the best local address for this target. In this mode we ignore the source address in the IP packet and try to select local address that we prefer for talks with the target host. Such local address is selected by looking for primary IP addresses on all our subnets on the outgoing interface that include the target IP address. If no suitable local address is found we select the first local address we have on the outgoing interface or on all other interfaces, with the hope we will receive reply for our request and even sometimes no matter the source IP address we announce.

The max value from conf/{all,interface}/arp_announce is used. Increasing the restriction level gives more chance for receiving answer from the resolved target while decreasing the level announces more valid sender's information.

Debian – Packets not moving through linux ethernet bridge

This is a quite old question, but it might be helpful for others.

Linux bridge might drop packages, if not configured correctly. I had a likewise problem and could solve it with the following information:

In short, there are options to configure the bridge: e.g.

# do not query iptables for package routing
echo 0 > /proc/sys/net/bridge/bridge-nf-call-iptables

# no additional processing for multicast packages
echo 0 > /sys/devices/virtual/net/br0/bridge/multicast_querier
echo 0 > /sys/devices/virtual/net/br0/bridge/multicast_snooping

Best Answer

Related Solutions

2 IPs on 1 ethernet adapter

arp_filter - BOOLEAN

arp_announce - INTEGER

Debian – Packets not moving through linux ethernet bridge

Related Question