Re: Bridge blocking network traffic
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] 
On Thu, Jul 1, 2010 at 12:45 AM, Grant Taylor <gtaylor@xxxxxxxxxxxxxxxxx> wrote:
> On 06/30/10 02:50, ratheesh k wrote:
>>
>> Why is it so ?
>
> Independent of your scenario, I'd say that binding the IP to the interface
> will make it more resilient to the individual interfaces going down.  At
> least in such as all the interfaces would have to go down before the IP
> would go down.
>
>> I have a linux   machine with interfaces eth0 (192.168.1.100 ) and eth1 (
>> 192.168.2.100 )  .   . I can connect  both eth0 an eth1  to a hardware  HUB
>> . How could i do this in linux machine itself using brctl ?
>
> What netmask are your two IPs using, a /24?  If they are, then you are
> actually using two different subnets, and possibly doing something like a
> bridging router.
>
> Either way, you could bind both IPs to the bridge interface (classic IP
> alias or "ip add").
>
> With in the Xen context it may be because different things manage various
> parts of the Xen network differently and having the IP bound in the wrong
> place might cause a problem if the Xen hypervisor takes something down.
>
> There is also the fact that if a cable gets unplugged from an interface
> (that is a member of a bridge with at least one other member interface) said
> interface will go down but the bridge will stay up.  In doing so, the IP
> will go down b/c the interface that it was bound to would go down.
>  Conversely if the IP was bound to the bridge interface, the IP would stay
> up and usable.
>
> There is also the possibility that if the IP is bound directly to the
> interface that filtering (EBTables / IPTables w/ Bridged Netfilter option)
> will not see the traffic.
>
> In some ways, it really depends on the specific use scenario.
>
>
>
> Grant. . . .
> --
> To unsubscribe from this list: send the line "unsubscribe netfilter" in
> the body of a message to majordomo@xxxxxxxxxxxxxxx
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
>



                 br0      0.0.0.0
                    |
                    |
  -----------------------------------------
  |                                        |
  |                                        |
eth0                                    eth1
192.168.1.100/24               192.168.2.100/24


brctl addbr br0
brctl  addif eth0
brctl  addif eth1
ifconfig br0  0.0.0.0 up

The problem was "default brouter policy is accept " . So packets are
coming to layer2  only .I applied the below command and every thing
seemed to work exactly like connecting eth0 and eth1 to hardware hub .

ebtables -t broute  -P BROUTING -j DROP


Thanks,
Ratheesh
_______________________________________________
Bridge mailing list
Bridge@xxxxxxxxxxxxxxxxxxxxxxxxxx
https://lists.linux-foundation.org/mailman/listinfo/bridge

[Netdev]     [AoE Tools]     [Linux Wireless]     [Kernel Newbies]     [Security]     [Linux for Hams]     [Netfilter]     [Bugtraq]     [Photo]     [Yosemite]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux RAID]     [Linux Admin]     [Samba]     [Video 4 Linux]     [Linux Resources]

Add to Google Powered by Linux