Configure ethernet bridging on CentOS
An ethernet bridge can be used as a firewall, traffic shaper, etc. To make use of an ethernet bridge on CentOS, there are some prerequisites: Install the 'bridge-utils' package: # yum install bridge-utilsLoaded plugins: fastestmirrorLoading mirror speeds from cached hostfile * addons: ftp.ines.lug.ro * base: ftp.ines.lug.ro * extras: ftp.ines.lug.ro * updates: ftp.ines.lug.roSetting up Install ProcessResolving Dependencies--> Running transaction check---> Package bridge-utils.i386 0:1.1-2 set to be updated--> Finished Dependency ResolutionDependencies Resolved========================================================================================================== Package Arch Version Repository Size==========================================================================================================Installing: bridge-utils i386 1.1-2 base 27 kTransaction Summary==========================================================================================================Install 1 Package(s)Upgrade 0 Package(s)Total download size: 27 kIs this ok [y/N]: yDownloading Packages:bridge-utils-1.1-2.i386.rpm | 27 kB 00:00 Running rpm_check_debugRunning Transaction TestFinished Transaction TestTransaction Test SucceededRunning Transaction Installing : bridge-utils 1/1 Installed: bridge-utils.i386 0:1.1-2 Complete!Afterwards, the ethernet devices which will participate in the bridge need to be identified. These can be real ethernet devices, but can be 802.1q tagged virtual interfaces. I will use one bridge, linking vlan id 10 from eth0 with vlan10 on eth1. The bridges will be identified 'br10' and 'br11'. On my example, eth0 and eth1 will be used as physical devices without an IP address assigned. The following files need adjustment: /etc/sysconfig/network-scripts/ifcfg-eth0 # Intel Corporation 82546EB Gigabit Ethernet Controller (Copper)DEVICE=eth0HWADDR=00:04:xx:xx:xx:xxONBOOT=yesHOTPLUG=noBOOTPROTO=noneTYPE=EthernetAfterwards, the 802.1q tagged VLAN require configuration: VLAN id 10 on eth0: /etc/sysconfig/network-scripts/ifcfg-eth0.10 # Intel Corporation 82546EB Gigabit Ethernet Controller (Copper)DEVICE=eth0.10HWADDR=00:04:xx:xx:xx:xxONBOOT=yesHOTPLUG=noBOOTPROTO=noneTYPE=EthernetVLAN=yesBRIDGE=br10VLAN id 11 on eth0: /etc/sysconfig/network-scripts/ifcfg-eth0.11 # Intel Corporation 82546EB Gigabit Ethernet Controller (Copper)DEVICE=eth0.11HWADDR=00:04:xx:xx:xx:xxONBOOT=yesHOTPLUG=noBOOTPROTO=noneTYPE=EthernetVLAN=yesBRIDGE=br11A similar configuration is required for the secondary ethernet interface: /etc/sysconfig/network-scripts/ifcfg-eth1 # Intel Corporation 82546EB Gigabit Ethernet Controller (Copper)DEVICE=eth1HWADDR=00:04:xx:xx:xx:xxONBOOT=yesHOTPLUG=noBOOTPROTO=noneTYPE=EthernetVLAN id 10 on eth1:/etc/sysconfig/network-scripts/ifcfg-eth1.10 # Intel Corporation 82546EB Gigabit Ethernet Controller (Copper)DEVICE=eth1.10HWADDR=00:04:xx:xx:xx:xxONBOOT=yesHOTPLUG=noBOOTPROTO=noneTYPE=EthernetVLAN=yesBRIDGE=br10VLAN id 11 on eth0: /etc/sysconfig/network-scripts/ifcfg-eth1.11 # Intel Corporation 82546EB Gigabit Ethernet Controller (Copper)DEVICE=eth1.11HWADDR=00:04:xx:xx:xx:xxONBOOT=yesHOTPLUG=noBOOTPROTO=noneTYPE=EthernetVLAN=yesBRIDGE=br11The bridges need to be configured too: /etc/sysconfig/network-scrips/ifcfg-br10 DEVICE=br10TYPE=Bridge#IPADDR=1.2.3.4#GATEWAY=1.2.3.1#NETMASK=255.255.255.0ONBOOT=yesBOOTPROTO=noneIPV6INIT=noIPV6_AUTOCONF=noDELAY=5STP=yes/etc/sysconfig/network-scrips/ifcfg-br11 DEVICE=br11TYPE=Bridge#IPADDR=1.2.4.4#GATEWAY=1.2.3.1#NETMASK=255.255.255.0ONBOOT=yesBOOTPROTO=noneIPV6INIT=noIPV6_AUTOCONF=noDELAY=5STP=yesNow, the system is able to use the two bridges, after enabling the current configuration. # service network restart |
No comments:
Post a Comment
Please feel free to contact or comment the article