0

I have the following setup (except the "server-addressed packets"-part): http://www.directupload.net/file/d/4062/jo9qswvv_png.htm Basically eth0, eth1 and a wap. eth1 and wap are bridged with br0.

So my server has two IP-addresses but only a hostname ("Server") on eth0. The problem is that packets coming from the bridge (e.g. my tablet) addressed to the server (via hostname) exit the eth1-port and enter the eth0-port again.

I do not know how to route those packets correctly. And whether iptables or ebtables has to be used. Or is it simpler to solve the dns-request "Server" entering from the wap with the ip of the br0 (second ip of server)?

I hope this is understandable. Tell me if you need more or a different explanation. Thanks in advance.

(System: Ubuntu Server 14.04.1)

Improve this question
3
  • Does this configuration work or not? This is not clear from your OP. And if it does not work, how does it fail? If it fails, we will need your routing table ip route show, assuming you only have one routing table, right? No source-routing.. I mean.
    – MariusMatutiae
    Commented Jul 31, 2015 at 14:50
  • @MariusMatutiae Oh OK. The configuration works. But it is not exactly how I want it to be. If I ping the server, it only works when both ethernet ports are connected because the packet first goes through the bridge and bounces back at the switch into the other eth-port.(assumption!) Here is my routing table: default via 192.168.178.1 dev eth0 *break line* 192.168.178.0/24 dev eth0 proto kernel scope link src 192.168.178.59
    – Hakalulu
    Commented Aug 1, 2015 at 1:06
  • @MariusMatutiae Ah and I think I did not change the routing tables (I made some changes with iptables and reverted them: Output of "iptables -L" is now empty again). I do not know how to source-route, so I guess not that I have two tables...
    – Hakalulu
    Commented Aug 1, 2015 at 9:11

1 Answer 1

Reset to default
0

What you wish to accomplish can be done, but it does require some work.

Let me first clarify that this has nothing to do with iptables or ebtables. You should think of NICs (including bridges) as windows: they open on the outside, not on the inside. Thus both eth0 and br0 send packets away from their outer side, i.e. on the ethernet cable, and receive packets from the same direction. Thus you cannot coax br0 into sending packets toward the interior of your server, nor eth0 to accept packets coming from inside the server.

What you can do is the following:

  1. create a tap0 interface, and bridge your wifi interface with it, not with eth1; this implies that you will also have to setup a DHCP server listening on the new bridge, let's call it br-new;

  2. setup eth1 exactly like you used to setup br0;

  3. route all traffic from br-new to eth1; you do this by means of policy-routing, sometimes also called source-routing. This requires a second routing table, where the configuration for eth1 resides, including a default gateway. It is actually trivial to do it, just read here.

  4. When you setup your DHCP server for the wireless network, make sure your brand new interface br-new is associated with the name Server. For instance, if you are using dnsmasq as a DHCP server, the following line will do:

    dhcp-host=4C:E6:76:C4:54:24,Server,192.168.73.1,12h

This assigns to an interface with MAC address 4C:E6:76:C4:54:24 the name Server, and the static IP address 192.168.73.1, for a lease lasting 12 hours. If you are using Debian or one of its derivatives, this means that you can define the br-new interface in the file /etc/networking/interfaces, but its type is neither dhcp nor static, but manual, because this will allow dnsmasq to give it an ip address.

This is all. If you have never done it, it will definitely take you some time to implement it. If I were in your shoes, I would keep my current configuration.

Improve this answer
1
  • Thank you for your thorough answer. I especially like that you gave your personal opinion at the end. I will think about implementing your solution, but I do not like the fact that I need two DHCP-server. I did not expect it to be so difficult. Naive me thought this would be solved with 1 or 2 routing table entries. For now I should read some more about how all this works. Thanks again.
    – Hakalulu
    Commented Aug 2, 2015 at 10:33

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .