[Bridge] Bridge blocking network traffic

ratheesh k ratheesh.ksz at gmail.com
Thu Jul 1 10:05:53 PDT 2010


On Thu, Jul 1, 2010 at 12:45 AM, Grant Taylor <gtaylor at riverviewtech.net> wrote:
> On 06/30/10 02:50, ratheesh k wrote:
>>
>> Why is it so ?
>
> Independent of your scenario, I'd say that binding the IP to the interface
> will make it more resilient to the individual interfaces going down.  At
> least in such as all the interfaces would have to go down before the IP
> would go down.
>
>> I have a linux   machine with interfaces eth0 (192.168.1.100 ) and eth1 (
>> 192.168.2.100 )  .   . I can connect  both eth0 an eth1  to a hardware  HUB
>> . How could i do this in linux machine itself using brctl ?
>
> What netmask are your two IPs using, a /24?  If they are, then you are
> actually using two different subnets, and possibly doing something like a
> bridging router.
>
> Either way, you could bind both IPs to the bridge interface (classic IP
> alias or "ip add").
>
> With in the Xen context it may be because different things manage various
> parts of the Xen network differently and having the IP bound in the wrong
> place might cause a problem if the Xen hypervisor takes something down.
>
> There is also the fact that if a cable gets unplugged from an interface
> (that is a member of a bridge with at least one other member interface) said
> interface will go down but the bridge will stay up.  In doing so, the IP
> will go down b/c the interface that it was bound to would go down.
>  Conversely if the IP was bound to the bridge interface, the IP would stay
> up and usable.
>
> There is also the possibility that if the IP is bound directly to the
> interface that filtering (EBTables / IPTables w/ Bridged Netfilter option)
> will not see the traffic.
>
> In some ways, it really depends on the specific use scenario.
>
>
>
> Grant. . . .
> --
> To unsubscribe from this list: send the line "unsubscribe netfilter" in
> the body of a message to majordomo at vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
>



                 br0      0.0.0.0
                    |
                    |
  -----------------------------------------
  |                                        |
  |                                        |
eth0                                    eth1
192.168.1.100/24               192.168.2.100/24


brctl addbr br0
brctl  addif eth0
brctl  addif eth1
ifconfig br0  0.0.0.0 up

The problem was "default brouter policy is accept " . So packets are
coming to layer2  only .I applied the below command and every thing
seemed to work exactly like connecting eth0 and eth1 to hardware hub .

ebtables -t broute  -P BROUTING -j DROP


Thanks,
Ratheesh


More information about the Bridge mailing list