Antonio Pinizzotto
2005-Jul-01 09:59 UTC
linux bridging problem: how to emulate 2 separate interfaces on a single one?
Hi all.
I would need to use a single physical interface on a Linux box to manage
two different IP addresses (belonging to two separate logical subnets)
with two different MAC address. (I need to emulate te presence of two
separate physical interfaceses for a PC on the same LAN, at layer 2 and
layer 3).
Is it possible to use the linux ethernet bridging code and two tap
interfaces for this purpose?
Here is a picture of what I need to do.
LAN__________________________________
|
| eth0 (no IP)
________|________
| |
| br0 |
| (no IP) |
|_________________|
tap0 | | tap1
192.168.40.1/24 | | 192.168.30.1/24
MAC_0 | | MAC_1
__|________|__
| |
| PC |
| |
|______________|
I would need this picture to be equivalent to this one:
LAN__________________________________
eth0 | | eth1
192.168.40.1/24 | | 192.168.30.1/24
MAC_0 | | MAC_1
__|________|__
| |
| PC |
| |
|______________|
I tried but it doens''t work. I don''t know if it''s not
contemplate or if
I did a wrong configuration.
For example, on tap0, using tcpdump, I see all the L2 broadcast frames
going on the LAN; but on the counters of "ifconfig tap0" all of them
are
considered dropped. No packet is counted as transmitted or received,
also if I try to ping from or to tap0.
The tap interface starts to transmit/receive pachets only if it is
connected to some process like qemu or openvpn.
Maybe, it is not possibile for tap interface to be used directly by the
linux os?
Thanks!
Antonio
Stephen Hemminger
2005-Jul-01 17:12 UTC
Re: linux bridging problem: how to emulate 2 separate interfaces on a single one?
On Fri, 01 Jul 2005 11:59:08 +0200 Antonio Pinizzotto <antonio.pinizzotto@iit.cnr.it> wrote:> > Hi all. > > I would need to use a single physical interface on a Linux box to manage > two different IP addresses (belonging to two separate logical subnets) > with two different MAC address. (I need to emulate te presence of two > separate physical interfaceses for a PC on the same LAN, at layer 2 and > layer 3). > > Is it possible to use the linux ethernet bridging code and two tap > interfaces for this purpose? > > > Here is a picture of what I need to do. > > > LAN__________________________________ > | > | eth0 (no IP) > ________|________ > | | > | br0 | > | (no IP) | > |_________________| > tap0 | | tap1 > 192.168.40.1/24 | | 192.168.30.1/24 > MAC_0 | | MAC_1 > __|________|__ > | | > | PC | > | | > |______________| > > > I would need this picture to be equivalent to this one: > > > LAN__________________________________ > eth0 | | eth1 > 192.168.40.1/24 | | 192.168.30.1/24 > MAC_0 | | MAC_1 > __|________|__ > | | > | PC | > | | > |______________| > > > I tried but it doens''t work. I don''t know if it''s not contemplate or if > I did a wrong configuration. > For example, on tap0, using tcpdump, I see all the L2 broadcast frames > going on the LAN; but on the counters of "ifconfig tap0" all of them are > considered dropped. No packet is counted as transmitted or received, > also if I try to ping from or to tap0. > The tap interface starts to transmit/receive pachets only if it is > connected to some process like qemu or openvpn. > Maybe, it is not possibile for tap interface to be used directly by the > linux os? >Stop abusing bridging. People keep trying these wacky multiple network things and they won''t work. Bridging really can''t handle anything with multiple interfaces that could possibly create a forwarding loop.
Antonio Pinizzotto
2005-Jul-01 18:37 UTC
Re: linux bridging problem: how to emulate 2 separate interfaces on a single one?
Stephen Hemminger wrote:> On Fri, 01 Jul 2005 11:59:08 +0200 > Antonio Pinizzotto <antonio.pinizzotto@iit.cnr.it> wrote: > > >>Hi all. >> >>I would need to use a single physical interface on a Linux box to manage >>two different IP addresses (belonging to two separate logical subnets) >>with two different MAC address. (I need to emulate te presence of two >>separate physical interfaceses for a PC on the same LAN, at layer 2 and >>layer 3). >> >>Is it possible to use the linux ethernet bridging code and two tap >>interfaces for this purpose? >> >> >>Here is a picture of what I need to do. >> >> >> LAN__________________________________ >> | >> | eth0 (no IP) >> ________|________ >> | | >> | br0 | >> | (no IP) | >> |_________________| >> tap0 | | tap1 >>192.168.40.1/24 | | 192.168.30.1/24 >> MAC_0 | | MAC_1 >> __|________|__ >> | | >> | PC | >> | | >> |______________| >> >> >>I would need this picture to be equivalent to this one: >> >> >> LAN__________________________________ >> eth0 | | eth1 >>192.168.40.1/24 | | 192.168.30.1/24 >> MAC_0 | | MAC_1 >> __|________|__ >> | | >> | PC | >> | | >> |______________| >> >> >>I tried but it doens''t work. I don''t know if it''s not contemplate or if >>I did a wrong configuration. >>For example, on tap0, using tcpdump, I see all the L2 broadcast frames >>going on the LAN; but on the counters of "ifconfig tap0" all of them are >>considered dropped. No packet is counted as transmitted or received, >>also if I try to ping from or to tap0. >>The tap interface starts to transmit/receive pachets only if it is >>connected to some process like qemu or openvpn. >>Maybe, it is not possibile for tap interface to be used directly by the >>linux os? >> > > > > Stop abusing bridging. People keep trying these wacky multiple > network things and they won''t work. Bridging really can''t handle anything > with multiple interfaces that could possibly create a forwarding loop. > > >Dear Stephen, probably my pictures or descriptions were not so clear. I don''t want abuse bridging. As you can see in the second picture (of the previous e-mail) I just would like to replicate the real topology (in which there are not loops because each physical interface has its own subnet) using software interfaces, taps. Moreover in the second picture no bridging is enabled on the PC. It is just an experiment to understand how the various software pieces works togheter. Below I tried to draw a clearer picture. The first one is what I would like to get. The second one is what I have. LAN______________________________________________ | | eth0 (no IP) _____________________|________________________ | | Linux Box (PC)| | ________|________ | | | | | | | br0 | | | | (no IP) | | | |_________________| | | tap0 | | tap1 | | 192.168.40.1/24 | | 192.168.30.1/24 | | MAC_0 | | MAC_1 | | ___|________|____ | | | | | | | OS TCP-IP stack | | | | | | | |_________________| | | | | | | | | | | | | | | Processes | | | | | |______________________________________________| I would need the first picture to be equivalent to the next one: LAN_____________________________________________ eth0 | | eth1 192.168.40.1/24 | | 192.168.30.1/24 MAC_0 | | MAC_1 _________________|________|___________________ | | | Linux Box (PC)| | ___|________|____ | | | | | | | OS TCP-IP stack | | | | | | | |_________________| | | | | | | | | | | | | | | Processes | | | | | |______________________________________________| Bye Antonio
Stephen Hemminger
2005-Jul-01 19:28 UTC
Re: linux bridging problem: how to emulate 2 separate interfaces on a single one?
On Fri, 01 Jul 2005 20:37:44 +0200 Antonio Pinizzotto <antonio.pinizzotto@iit.cnr.it> wrote:> Stephen Hemminger wrote: > > On Fri, 01 Jul 2005 11:59:08 +0200 > > Antonio Pinizzotto <antonio.pinizzotto@iit.cnr.it> wrote: > > > > > >>Hi all. > >> > >>I would need to use a single physical interface on a Linux box to manage > >>two different IP addresses (belonging to two separate logical subnets) > >>with two different MAC address. (I need to emulate te presence of two > >>separate physical interfaceses for a PC on the same LAN, at layer 2 and > >>layer 3). > >> > >>Is it possible to use the linux ethernet bridging code and two tap > >>interfaces for this purpose? > >>...> Below I tried to draw a clearer picture. > The first one is what I would like to get. > The second one is what I have. > > > LAN______________________________________________ > | > | eth0 (no IP) > _____________________|________________________ > | | Linux Box (PC)| > | ________|________ | > | | | | > | | br0 | | > | | (no IP) | | > | |_________________| | > | tap0 | | tap1 | > | 192.168.40.1/24 | | 192.168.30.1/24 | > | MAC_0 | | MAC_1 | > | ___|________|____ | > | | | | > | | OS TCP-IP stack | | > | | | | > | |_________________| | > | | | | | | > | | | | | | > | Processes | > | | > | | > |______________________________________________| > > > I would need the first picture to be equivalent to the next one: > > > LAN_____________________________________________ > eth0 | | eth1 > 192.168.40.1/24 | | 192.168.30.1/24 > MAC_0 | | MAC_1 > _________________|________|___________________ > | | | Linux Box (PC)| > | ___|________|____ | > | | | | > | | OS TCP-IP stack | | > | | | | > | |_________________| | > | | | | | | > | | | | | | > | Processes | > | | > | | > |______________________________________________|It should work if the tap interface looks sufficiently like Ethernet. You probably need filter rules to make sure and drop packets intended for the other network get dropped and to prevent broadcast leakage. Wouldn''t a cheap ethernet hub and two ethernet interfaces do the same thing?
Alexey Toptygin
2005-Jul-01 19:52 UTC
Re: linux bridging problem: how to emulate 2 separate interfaces on a single one?
On Fri, 1 Jul 2005, Stephen Hemminger wrote:>> LAN______________________________________________ >> | >> | eth0 (no IP) >> _____________________|________________________ >> | | Linux Box (PC)| >> | ________|________ | >> | | | | >> | | br0 | | >> | | (no IP) | | >> | |_________________| | >> | tap0 | | tap1 | >> | 192.168.40.1/24 | | 192.168.30.1/24 | >> | MAC_0 | | MAC_1 | >> | ___|________|____ | >> | | | | >> | | OS TCP-IP stack | | >> | | | | >> | |_________________| | >> | | | | | | >> | | | | | | >> | Processes | >> | | >> | | >> |______________________________________________|[snip]> It should work if the tap interface looks sufficiently like Ethernet. > You probably need filter rules to make sure and drop packets intended for > the other network get dropped and to prevent broadcast leakage.The way I interpret the drawing, ISTM that Antonio has the bridge a layer below the tap devices (even though it''s drawn a layer above). I don''t think that''s a very sane idea... The crux of the problem seems to be that Antonio wants a single physical ethernet card to use two different MAC adresses, which I don''t think briding is ever going to solve. This is, perhaps, possible by putting the card into promiscuous mode, and using some clever ebtables mangling. Alexey
Robb Bossley
2005-Jul-02 03:20 UTC
Fwd: linux bridging problem: how to emulate 2 separate interfaces on a single one?
Sorry Alexey, I meant to send that to the list, not just you. ---------- Forwarded message ---------- From: Robb Bossley <robb.bossley@gmail.com> Date: Jul 1, 2005 11:15 PM Subject: Re: [LARTC] linux bridging problem: how to emulate 2 separate interfaces on a single one? To: Alexey Toptygin <alexeyt@freeshell.org> Yes, it can be done. I know because I''ve done it before. (The only issue is what you want to do with it.) First, if you are using DHCP to set up the interface ip, eth0 will take the first address assigned by DHCP. Then you need to create the bridge after bringing eth0 up with no ip. Then add eth0 to the bridge. Then you can create and add the tun devices that the taps will come from. When you add the taps, you must specify different MAC addresses, or I believe they may default to the same one - perhaps even the same as the MAC on your NIC. When I did this, I had problems because although I had three different MAC addresses, the address for eth0 was still in force (even though I had freed the address, the DHCP server had a very long time before it would reset the ip). This was a problem because my ISP only would give me a maximum of three ip''s at once. (I needed all three for my little experiment to work) Why do this? Because I can! That''s the beauty of Linux - freedom to do whatever you want, even if it doesn''t make sense. If you would like, I can attach a little script that I wrote that sets up the bridge. Robb On 7/1/05, Alexey Toptygin <alexeyt@freeshell.org> wrote:> On Fri, 1 Jul 2005, Stephen Hemminger wrote: > > >> LAN______________________________________________ > >> | > >> | eth0 (no IP) > >> _____________________|________________________ > >> | | Linux Box (PC)| > >> | ________|________ | > >> | | | | > >> | | br0 | | > >> | | (no IP) | | > >> | |_________________| | > >> | tap0 | | tap1 | > >> | 192.168.40.1/24 | | 192.168.30.1/24 | > >> | MAC_0 | | MAC_1 | > >> | ___|________|____ | > >> | | | | > >> | | OS TCP-IP stack | | > >> | | | | > >> | |_________________| | > >> | | | | | | > >> | | | | | | > >> | Processes | > >> | | > >> | | > >> |______________________________________________| > > [snip] > > > It should work if the tap interface looks sufficiently like Ethernet. > > You probably need filter rules to make sure and drop packets intended for > > the other network get dropped and to prevent broadcast leakage. > > The way I interpret the drawing, ISTM that Antonio has the bridge a layer > below the tap devices (even though it''s drawn a layer above). I don''t > think that''s a very sane idea... > > The crux of the problem seems to be that Antonio wants a single physical > ethernet card to use two different MAC adresses, which I don''t think > briding is ever going to solve. This is, perhaps, possible by putting the > card into promiscuous mode, and using some clever ebtables mangling. > > Alexey > _______________________________________________ > LARTC mailing list > LARTC@mailman.ds9a.nl > http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc >-- As if you could kill time without injuring eternity. The mass of men live lives of quiet desperation. - Henry David Thoreau -- As if you could kill time without injuring eternity. The mass of men live lives of quiet desperation. - Henry David Thoreau