Hello,
I know this is not the best list for this but since the plan of this bridge
is to use shorewall maybe some one can help me on this issue
I have set up a bridge with the following script that starts after the
network interfaces are started
BRIDGENAME="BRQ"
GATEWAY="192.168.0.1"
BRIDGE_IP="192.168.0.122"
BRIDGE_NETMASK="255.255.255.0"
STP_ON="yes"
STP_PRIO="1"
RETVAL=0
start() {
echo "Starting service bridge"
ifconfig eth2 promisc up
ifconfig eth3 promisc up
brctl addbr $BRIDGENAME || return=$rc_failed
brctl addif $BRIDGENAME eth2 || return=$rc_failed
brctl addif $BRIDGENAME eth3 || return=$rc_failed
ifconfig eth2 0.0.0.0 || return=$rc_failed
ifconfig eth3 0.0.0.0 || return=$rc_failed
brctl sethello $BRIDGENAME 1 || return=$rc_failed
brctl setmaxage $BRIDGENAME 4 || return=$rc_failed
brctl setfd $BRIDGENAME 4 || return=$rc_failed
brctl stp $BRIDGENAME $STP_ON
brctl setbridgeprio $BRIDGENAME $STP_PRIO
ifconfig $BRIDGENAME $BRIDGE_IP netmask $BRIDGE_NETMASK up
ip route flush cache
ip route add default via $GATEWAY
But the problem i have is that i am not able to contact the bridge on its IP
192.168.0.122 i am running Centos 4.4 on a 2.6.18 kernel, i have tested this
setup on 3 different sets of network cards tg3, b44, via-rhine and in all of
them i have the same results no connection, i know the bridge is working
otherwise packets couldnt flow on the network, im using bridge utils 1.0.4-4
Shorewall is still not running.
If any one knows what could be wrong??
Thanks
-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net''s Techsay panel and you''ll get the chance
to share your
opinions on IT & business topics through brief surveys-and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
On Sat, Feb 24, 2007 at 11:16:36AM -0600, Fernando Rodriguez wrote:> > Shorewall is still not running. > > If any one knows what could be wrong?? >Have you considered reading the documentation for shorewall? http://shorewall.net/Xen.html http://shorewall.net/XenMyWay.html I know that they are Xen-specific, but they will certainly give you insight into how shorewall handles bridging. Regards, -Roberto -- Roberto C. Sanchez http://people.connexer.com/~roberto http://www.connexer.com ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net''s Techsay panel and you''ll get the chance to share your opinions on IT & business topics through brief surveys-and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
Fernando Rodriguez wrote:> Hello, > > I know this is not the best list for this but since the plan of this bridge > is to use shorewall maybe some one can help me on this issue > > I have set up a bridge with the following script that starts after the > network interfaces are startedWithout the output of "brctl show" and "ip addr ls", there is little chance that anyone can help you. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net''s Techsay panel and you''ll get the chance to share your opinions on IT & business topics through brief surveys-and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
This is the output of brctl show.
bridge name bridge id STP enabled interfaces
BRQ 0001.0002b64103b1 yes eth2
eth3
And the output of ip addr ls
1: lo: <LOOPBACK,UP,10000> mtu 16436 qdisc noqueue
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
2: eth0: <BROADCAST,MULTICAST,UP,10000> mtu 1500 qdisc pfifo_fast qlen
1000
link/ether 00:02:b6:34:6b:60 brd ff:ff:ff:ff:ff:ff
inet 192.168.3.10/24 brd 192.168.3.255 scope global eth0
inet 10.254.10.10/24 brd 10.254.10.255 scope global eth0:0
3: eth1: <BROADCAST,MULTICAST,UP,10000> mtu 1500 qdisc pfifo_fast qlen
1000
link/ether 00:00:11:11:22:22 brd ff:ff:ff:ff:ff:ff
inet 10.1.0.1/29 brd 10.1.0.7 scope global eth1
4: eth2: <BROADCAST,MULTICAST,PROMISC,UP,10000> mtu 1500 qdisc htb qlen
1000
link/ether 00:02:b6:41:03:b1 brd ff:ff:ff:ff:ff:ff
5: eth3: <BROADCAST,MULTICAST,PROMISC,UP,10000> mtu 1500 qdisc htb qlen
1000
link/ether 00:02:b6:41:03:b2 brd ff:ff:ff:ff:ff:ff
6: BRQ: <BROADCAST,MULTICAST,UP,10000> mtu 1500 qdisc noqueue
link/ether 00:02:b6:41:03:b1 brd ff:ff:ff:ff:ff:ff
inet 192.168.0.122/24 brd 192.168.0.255 scope global BRQ
Thanks
-----Mensaje original-----
De: shorewall-users-bounces@lists.sourceforge.net
[mailto:shorewall-users-bounces@lists.sourceforge.net] En nombre de Tom
Eastep
Enviado el: Sábado, 24 de Febrero de 2007 11:31 a.m.
Para: Shorewall Users
Asunto: Re: [Shorewall-users] Bridge Issue
Fernando Rodriguez wrote:> Hello,
>
> I know this is not the best list for this but since the plan of this
> bridge is to use shorewall maybe some one can help me on this issue
>
> I have set up a bridge with the following script that starts after the
> network interfaces are started
Without the output of "brctl show" and "ip addr ls", there
is little chance
that anyone can help you.
-Tom
--
Tom Eastep \ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA \ teastep@shorewall.net
PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net''s Techsay panel and you''ll get the chance
to share your
opinions on IT & business topics through brief surveys-and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
Fernando Rodriguez wrote:> This is the output of brctl show. > > bridge name bridge id STP enabled interfaces > BRQ 0001.0002b64103b1 yes eth2I''ve never seen a bridge ID that started "0001" -- I''ve only seen "8000" but I don''t know if that is significant. Does the routing out of the bridge look correct? -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net''s Techsay panel and you''ll get the chance to share your opinions on IT & business topics through brief surveys-and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
Yes the routing is correct i have put my computer in the 192.168.0.0/24 segment and i dont ping the bridge to its ip -----Mensaje original----- De: shorewall-users-bounces@lists.sourceforge.net [mailto:shorewall-users-bounces@lists.sourceforge.net] En nombre de Tom Eastep Enviado el: Sábado, 24 de Febrero de 2007 11:45 a.m. Para: Shorewall Users Asunto: Re: [Shorewall-users] Bridge Issue Fernando Rodriguez wrote:> This is the output of brctl show. > > bridge name bridge id STP enabled interfaces > BRQ 0001.0002b64103b1 yes eth2I''ve never seen a bridge ID that started "0001" -- I''ve only seen "8000" but I don''t know if that is significant. Does the routing out of the bridge look correct? -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net''s Techsay panel and you''ll get the chance to share your opinions on IT & business topics through brief surveys-and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
It also seems that the lower the number 00001 means that is the root bridge that means that is the master bridge of the network Yes the routing is correct i have put my computer in the 192.168.0.0/24 segment and i dont ping the bridge to its ip -----Mensaje original----- De: shorewall-users-bounces@lists.sourceforge.net [mailto:shorewall-users-bounces@lists.sourceforge.net] En nombre de Tom Eastep Enviado el: Sábado, 24 de Febrero de 2007 11:45 a.m. Para: Shorewall Users Asunto: Re: [Shorewall-users] Bridge Issue Fernando Rodriguez wrote:> This is the output of brctl show. > > bridge name bridge id STP enabled interfaces > BRQ 0001.0002b64103b1 yes eth2I''ve never seen a bridge ID that started "0001" -- I''ve only seen "8000" but I don''t know if that is significant. Does the routing out of the bridge look correct? -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net''s Techsay panel and you''ll get the chance to share your opinions on IT & business topics through brief surveys-and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net''s Techsay panel and you''ll get the chance to share your opinions on IT & business topics through brief surveys-and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
Fernando Rodriguez wrote:> > It also seems that the lower the number 00001 means that is the root bridge > that means that is the master bridge of the network > > Yes the routing is correct i have put my computer in the 192.168.0.0/24 > segment and i dont ping the bridge to its ipI guess my advice would be to try one of the many published *tested* bridge configuration scripts available (there are a number of them on the Shorewall site). For example, I''ve never seen a bridge configuration script that explicitly sets promiscuous mode like yours is doing. Here''s the config info of a working bridge. Notice that eth1 is *not* in promiscuous mode. root@lists:/home/teastep/shorewall/trunk/New# brctl show bridge name bridge id STP enabled interfaces br0 8000.00a0ccd2353a no tap0 eth1 root@lists:/home/teastep/shorewall/trunk/New# man brctl 3: eth1: <BROADCAST,MULTICAST,UP,10000> mtu 1500 qdisc pfifo_fast qlen 1000 link/ether 00:a0:cc:d2:35:3a brd ff:ff:ff:ff:ff:ff inet6 fe80::2a0:ccff:fed2:353a/64 scope link valid_lft forever preferred_lft forever 4: tap0: <BROADCAST,MULTICAST,UP,10000> mtu 1500 qdisc noqueue qlen 100 link/ether 3a:19:0e:23:2c:2a brd ff:ff:ff:ff:ff:ff inet6 fe80::3819:eff:fe23:2c2a/64 scope link valid_lft forever preferred_lft forever 5: br0: <BROADCAST,MULTICAST,UP,10000> mtu 1500 qdisc noqueue link/ether 00:a0:cc:d2:35:3a brd ff:ff:ff:ff:ff:ff inet 192.168.3.254/24 brd 192.168.3.255 scope global br0 inet 192.168.1.254/24 scope global br0 inet6 fe80::2a0:ccff:fed2:353a/64 scope link valid_lft forever preferred_lft forever root@lists:/home/teastep/shorewall/trunk/New# -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net''s Techsay panel and you''ll get the chance to share your opinions on IT & business topics through brief surveys-and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
Fernando Rodriguez wrote: I''m no great expert but I''ll have a go ...>I have set up a bridge with the following script that starts after the >network interfaces are started > >BRIDGENAME="BRQ" >GATEWAY="192.168.0.1" >BRIDGE_IP="192.168.0.122" >BRIDGE_NETMASK="255.255.255.0" >STP_ON="yes" >STP_PRIO="1" >RETVAL=0 > >start() { > echo "Starting service bridge" > ifconfig eth2 promisc up > ifconfig eth3 promisc up > brctl addbr $BRIDGENAME || return=$rc_failed > brctl addif $BRIDGENAME eth2 || return=$rc_failed > brctl addif $BRIDGENAME eth3 || return=$rc_failed > > ifconfig eth2 0.0.0.0 || return=$rc_failed > ifconfig eth3 0.0.0.0 || return=$rc_failedIsn''t this too late - the devices are already added to the bridge. Does it make a difference if you move them earlier in the script ? I''ve only done a couple of bridges, and then I''ve only done the simplest of steps to configure it. ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net''s Techsay panel and you''ll get the chance to share your opinions on IT & business topics through brief surveys-and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV