Linux Bridge

원글(이글루): 2009-12-29 20:41:50

Brige란 네트워크 카드(NIC) 2장을 한장처럼 쓰는 거지.
한 카드로 두 구간의 트래픽을 동시에 받고 싶을때 주로쓰지?
왜? 두 개망이 다른 카드에서 온다면, 한쪽 망이 문제가 생겨도 정상적으로 서비스를 할수 있기 때문이지.
아래 자료는 2005년도 자료야. 요즘엔 더 안정화 된게 있겠지.아마도...  왜냐면 난 저거 쓸때 시스템이 좀 불안해짐을 느꼈거든..

3. Set Linux up to serve

3.1 Setting up the bridge
We need Linux to know about the bridge. First tell it that we want one virtual ethernet bridge interface: (this is to be executed on host bridge, of course. See Testing grounds)

root at bridge:~> brctl addbr br0

Second, we do not need the STP (Spanning Tree Protocol). I.e. we do only have one single router, so a loop is highly improbable. We may then deactivate this feature. (Results in less polluted networking environment, too):
root at bridge:~> brctl stp br0 off

After these preparations, we now do finally some effective commands. We add our two (or even more) physical ethernet interfaces. That means, we attach them to the just born logical (virtual) bridge interface br0.
root at bridge:~> brctl addif br0 eth0
root at bridge:~> brctl addif br0 eth1

Now, our two previously physical ethernet interfaces became a logical bridge port each. Erm, ok, there were and will be the physical devices. They are still there, go have a look ;-) But now they became part of the logical bridge device and therefore need no IP configuration any longer. So release the IPs:
root at bridge:~> ifconfig eth0 down
root at bridge:~> ifconfig eth1 down
root at bridge:~> ifconfig eth0 0.0.0.0 up
root at bridge:~> ifconfig eth1 0.0.0.0 up

Great! We now have a box w/o any IP attached. So if you were configuring your future fw/router via TP, go for your local console now ;-)) You have a serial console? Happy one :-)

Optional:
We tell Linux the new (logical) interface and associate one single IP with it:

root at bridge:~> ifconfig br0 10.0.3.129 up

And we're done.
Read the Important Note!

3.2 Setting up the routing
In case we are configuring a gateway we enable the forwarding in the linux kernel.

root at bridge:~> echo "1" > /proc/sys/net/ipv4/ip_forward

Our box already has an IP assigned but no default route. We solve this now:
root at bridge:~> route add default gw 10.0.3.129

Finally, we should have a working net from, to and through the gateway.

발췌:
http://www.icewalkers.com/Linux/Howto/Ethernet-Bridge-netfilter-HOWTO-3.html