Linuxdoc Linux Questions
Click here to ask our community of linux experts!
Custom Search

1. How does it work?

You can transparently bridge traffic between 2 ethernet LANs to unite them, if both of them are connected to Internet.

There is no way to do a "real" bridge, you can only bridge third level protocols, which linux knows how to route, but ethernet traffic with those protocols will seem bridged. You can make 2 ethernet bridges, to bridge IP and/or IPX traffic. You cannot transparently bridge any other third level protocols between distinct LANs. You should read the rest of this document to determine whether you can bridge any other protocol.

1.1. Bridging IP over ethernet traffic between 2 LANs.

If you have:

PC1   (192.168.0.1  /24)--|
PC3   (192.168.0.3  /24)--|
PC5   (192.168.0.5  /24)--|--[ eth0 - bridge_1 - eth1 (195.0.0.1) ]

PC253 (192.168.0.253/24)--|              
                                         | (192.168.0.2  /24) PC2
                                         | (192.168.0.4  /24) PC4
[ (192.0.0.1) eth1 - bridge_2 - eth0 ] --| (192.168.0.6  /24) PC6

                                         | (192.168.0.254/24) PC254

bridge_1 and bridge_2 are your Linux bridges and externally connected to the Internet interface eth1. So 195.0.0.1 and 192.0.0.1 can be any valid Internet addresses given to you by your ISP.

So, you should:

  1. Get two linux computers with kernels 2.2 or 2.4. Kernels should be compiled with PPP and Advanced Router. You also need the iproute2 package properly installed. Information on iproute2 can be found in Configure.help of your kernel in the comments under Advanced Router. You also need the following utilities:

    You can also find them on http://www.freshmeat.net

    Please, keep in mind that you need special patches for pppd and the kernel if you want to do MS Chap and MS Encryption (MPPE). Refer to the PoPTop manual for instructions on how to get and install these patches.

  2. Connect your routers to Internet, or establish any other communication between them with the exception of IP.

  3. Make a PPTP tunnel between them. There are example configurations in the PoPToP (server) and pptp (client) manuals.

  4. Now you should have two bridges and an IP tunnel between then, possibly encrypted (refer to the PPP manual). Let's configure bridging.

  5. Remember that the bridge is really a router, so we need to run the following commands on our bridges (this assumes bridge_1 and bridge_2 are IP addresses, assigned to each end of the PPTP tunnel between bridges):

         bridge_1$ip route add 192.168.0.2 via bridge_2
         bridge_1$ip route add 192.168.0.4 via bridge_2
         bridge_1$ip route add 192.168.0.6 via bridge_2
                 
         bridge_1$ip route add 192.168.0.254 via bridge_2
         bridge_1$ip route add 192.168.0.255 via bridge_2
            
    

    On the other side:

         bridge_2$ip route add 192.168.0.1 via bridge_1
         bridge_2$ip route add 192.168.0.3 via bridge_1
         bridge_2$ip route add 192.168.0.5 via bridge_1
                  
         bridge_2$ip route add 192.168.0.253 via bridge_1
            
    

    This will tell each of bridges which hosts are on the other side. You can do the same with the old-style route command. It will look like:

         bridge_1$route add -host 192.168.0.2 gw bridge_2
         bridge_1$route add -host 192.168.0.4 gw bridge_2
         bridge_1$route add -host 192.168.0.6 gw bridge_2
                  
         bridge_1$route add -host 192.168.0.254 gw bridge_2
         bridge_1$route add -host 192.168.0.255 gw bridge_2
            
    

    On the other side:

         bridge_2$route add -host 192.168.0.1 gw bridge_1
         bridge_2$route add -host 192.168.0.3 gw bridge_1
         bridge_2$route add -host 192.168.0.5 gw bridge_1
                   
         bridge_2$route add -host 192.168.0.253 gw bridge_1
            
    

    Please note once more that bridge_1 and bridge_2 are not IP addresses given by your ISP, but IP addresses which you assigned to each end of the PPTP tunnel.

  6. Now you have two bridges and each of them knows where to find a particular IP. But how do you tell those computers to send their traffic for the remote network to the local bridge? You need tarpd.

    tarpd is a very simple daemon, which replies to arp requests for certain IP addresses. You only need to run a tarpd on each bridge, and specify the list of IP addresses found on the remote end.

    For example, for those two bridges you should run:

         bridge_1$tarpd eth0 192.168.0.2 255.255.255.255  \
                             192.168.0.4 255.255.255.255  \
                                      
                             192.168.0.254 255.255.255.255
            
    

    On the other side:

         bridge_2$tarpd eth0 192.168.0.1 255.255.255.255  \
                             192.168.0.3 255.255.255.255  \
                                      
                             192.168.0.253 255.255.255.255
            
    

    You specify 128 remote pairs (IP/mask. Mask should be 255.255.255.255 in order not to confuse tarpd!) on each bridge.

  7. Enjoy your bridges!