Hi all, I'm trying to do the following (ASCII art diagram viewable in
fixed-width font at end of message):
Take 2 private LANs, seperated by the internet, and bridge them by
creating a bridge from 2 ethernet devices and a ppp interface tunneled
over ssh between the two linux boxes concerned.
The setup on each of the two networks is nearly identical, and is as follows:
The network has it's own router (cable modem) that serves as the local
gateway for the network to the internet. We dont care about this
except that it provides us a path to the internet through which to
tunnel ppp.
The internet connection is distributed by NAT forwarding, facilitated by
a hub/switch in between the router and the end users. There are 2
types of end users; "regular" which are not part of the bridged
network, and "bridged" whose ethernet frames are to be forwarded back
and forth over the ssh tunneled ppp connection. The "regular" users
are connected directly to the same hub as the router. The "bridged"
users are connected to the Linux box.
Each linux box has 2 ethernet interfaces, eth0 and eth1; eth0 is the
"bridged" users side, and anything connected to this side will have
it's packets bridged through the ppp connection, over the internet,
and to the other bridged users, and vice versa. eth1 connects the
linux box to the rest of the local network. Note: it is important for
the "bridged" users on each local network to see the
"regular" users
on their same network, but NOT the "regular" users of the OTHER
network. Therefore, the solution that occurred to me was the
following:
Create a 3-way bridge with filtering.
Merge eth0, eth1, and ppp0 into a bridge that simply blocks traffic
between eth0 and ppp0, but allows eth0 and eth1 to talk freely (do
filtering w/ etables).
I have at least a 2.6.8 kernel installed on each linux box (Debian
Sarge), and I have the bridgectl package installed on each. I have
the ppp over ssh connection working, using the information gleaned
from: tldp.org/HOWTO/ppp-ssh
Now, here's my questions:
Can I bridge ppp and ethernet ? If so how? I've been desperately
looking for a howto, or any information on doing so. Several "in
passing" comments suggest it can be done, but I've found nothing that
tells me how. Specifically, do I need to bring up the ppp link
without assigning IP addresses on both sides of the link to bridge it
? If so, how do I do that? (when I try adding the noip option to the
pppd script from the tutorial above, the ppp link refuses to stay up,
saying there's no protocols in place)
Also, is the order of the bridge creation important ? I.e. for a
simple 2 interface ppp0/eth0 bridge (ignore the third interface for
the moment) with ppp over ssh tunneling, one needs an active internet
connection to establish the ppp connection, but in order to create the
bridge between ppp0 and eth0, eth0 must be DOWN (right?) meaning I
have no internet connection, meaning ppp dies. How do I solve this
problem? In the case of my 2 ethernet interfaces, could I merge the
two interfaces
ASCII ART:
+-------(PPP link over ssh, ppp0 interface on both sides)--------+
| |
| |
| +--------------+ //-------\\ +-----------------+ |
| | Router1 | | | |Router2 | |
| |(192.168.1.1) +---+- Internet -+-----+ (192.168.1.101) | |
| +--------+-----+ | | +--+--------------+ |
| | \\-------// | |
| | | |
| | | |
| | | |
+-|-----------+------------------+ +------------+-----------------|-+
| | +----+-------+ | | +-----+-------+ | |
| | |Hub/Switch | | | | Hub/Switch | | |
| | +-+---+-+-+--+ | | +-+----+-+-+--+ | |
| | | | | | | | | | | | | |
| | | | | +--- Regular | | | | | +--- Regular | |
| | (eth1) | +----- internet | | (eth1) | +----- internet| |
| | | +------- users | | | +------- users | |
| | | | | | | |
| | +-+----------+ | | +---+--------+ | |
| | | Linyx box1 | | | | Linux box2 +------------+ |
| +------+ "speedy" | | | | "rig" |
|
| +--+---------+ | | +---+--------+ |
| | | | | |
| (eth0) | | (eth0) |
| | | | | |
| +----+-------+ | | +----+-------+ |
| |Hub/Switch | | | |Hub/Switch | |
| +-------+-+--+ | | +-------+-+--+ |
| | | | | | | |
| | +--- Bridged | | | +--- Bridged |
| +----- users | | +----- users |
| Net1 | | Net2 |
| IP addresses: 192.168.1.1-100| | IP addresses: 192.168.1.101-254|
+--------------------------------+ +--------------------------------+