網絡橋接簡介及設置

Bridging Ethernet Connections

(as of Ubuntu 12.04: September 2012)

These instructions work for Ubuntu 12.04 and some earlier versions (and probably some later versions too).

Why bridge?

It is possible to "bridge" two Ethernet adapters together (for example, eth0 and eth1). When you bridge two Ethernet networks, the two networks become one single (larger) Ethernet network.

One reason you would bridge Ethernet connections is to monitor traffic flowing across an Ethernet cable. For example, in my home network I have a cable modem connected to a wireless router. I wanted to monitor the traffic flowing between these two devices, but I don't want to change anything about the IP addressing on my network.

I obtained a laptop with two Ethernet network adapters (I bought a USB-to-Ethernet dongle to use as the second adapter):

• I plugged the cable modem into one adapter (eth0).

• I plugged the wireless router into the other adapter (eth1).

• I configured Ubuntu to create a bridge (br0) between eth0 and eth1.

I was then able to monitor the network traffic on br0 using tools like ntop, Wireshark, and tcpdump.

(Side note: When I configured ntop to monitor br0, it misclassified some traffic. For example, it classified some HTTP traffic as FTP traffic. I changed ntop to run on the eth0 interface instead and it worked correctly. Unfortunately that change caused ntop to capture both traffic from the wireless router and traffic from my monitoring laptop, but that wasn't a problem.)

How to bridge?

The Debian wiki provides a good overview of how to use brctl and the /etc/network/interfaces file to create and set up bridges. Typing man bridge-utils-interfaces at a command prompt provides additional detail.

In my case I was able to set up a simple Ethernet bridge by placing this text into my /etc/network/interfaces file:

auto lo
iface lo inet loopback
iface eth0 inet manual
iface eth1 inet manual
auto br0
iface br0 inet dhcp
  bridge_ports eth0 eth1

Using auto br0 ensures that the bridge starts when the computer reboots, and using iface br0 inet dhcp provided my laptop with its own IP address on the single (larger) Ethernet network.

Once you have edited the /etc/network/interfaces file, it may be easiest to reboot your computer to turn on the bridging. (It is possible to start the bridge without rebooting or logging out, but you may have some problems with the Network Connection Manager interfering with your settings.)

Bridging Ethernet Connections (as of Kubuntu 6.06: August 2006)

This covers how to bridge connections with Kubuntu 6.06 (Dapper) using the package bridge-utils. Bridging two ethernet connections is the focus of this article. It is assumed that the bridging computer is not directly connected to the internet. This article was created by way of paraphrasinghttp://linux-net.osdl.org/index.php/Bridge. Please visit this site if you need a more in-depth discussion of network bridges and the commands used here.

Additional information on monitoring network activity and setting up a bridge in Ubuntu 6.06 (Dapper) can be found at NetworkMonitoringBridge.

Specifically, this article has been written for Kubuntu 6.06 (Dapper), however, it should be available for use on any distribution of Linux and certainly Ubuntu 6.06 (Dapper) for that matter (you will need to know the Default Gateway IP Address, however, if you wish to use the internet on the bridging computer).

Please note that the bridge-utils package only works if you are using a Linux kernel 2.3 or higher.

The first step is to download bridge-utils. Ensure that you have all of the typical repositories loaded.

Installing bridge-utils

Adept

Search for bridge-utils and choose the drop-down arrow on the left. Choose "request install".

Konsole:

Enter this into Konsole:

sudo apt-get update
sudo apt-get install bridge-utils

If you use sudo -iand enter your password, then you will not have to use sudo before each command. It may also save you some typing in the future.

Setting up the Bridge

Ensure that both (or all) of your interfaces are installed and enabled. If they are then you may proceed at this point. For a few moments, if your computer is connected to the internet then it will be disconnected until a certain point is reached.

Open Konsole and use the following commands. Note that when interfaces are referenced, they refer to device names assigned by linux such as "eth0" and "eth1". Also note that myBridge is the name of the bridge that you wish to have. This can be anything, but a simple name like bridge0 or bridge1 is suggested.

ip addr flush dev <interface 1>
ip addr flush dev <interface 2>
brctl addbr <bridge name>
brctl addif <bridge name> <interface 1> <interface 2>
ip link set dev <bridge name> up

In lines 1-2 we simply prepared the devices to be bridged. In line 3, we added a new bridge named myBridge (whatever you named your bridge). In lines 4-5, we added interface1 and interface2 to myBridge. In line 6, we made the bridge operational. For more information on commands: use the Konsole command brctl

Create the Bridge at Start-up

The above setup demonstrated how to create a bridge using the command line, however when you restart your computer you will lose it. To prevent this from happening, we need to edit the /etc/network/interfaces file. This file shows an example of a bridge configure via dhcp.

Sample /etc/network/interfaces file

# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
# The loopback network interface
auto lo
iface lo inet loopback
# Bridge between eth0 and eth1
auto br0
iface br0 inet dhcp
# For static configuration delete or comment out the above line and uncomment the following:
# iface br0 inet static
#  address 192.168.1.10
#  netmask 255.255.255.0
#  network 192.168.1.0
#  gateway 192.168.1.1
#  dns-nameservers 192.168.1.5
#  dns-search example.com
  pre-up ip link set eth0 down
  pre-up ip link set eth1 down
  pre-up brctl addbr br0
  pre-up brctl addif br0 eth0 eth1
  pre-up ip addr flush dev eth0
  pre-up ip addr flush dev eth1
  post-down ip link set eth0 down
  post-down ip link set eth1 down
  post-down ip link set br0 down
  post-down brctl delif br0 eth0 eth1
  post-down brctl delbr br0

Restart networking

sudo /etc/init.d/networking restart 

Notes about the setup

You have successfully completed an invisible bridge between your interfaces. If computer doing the bridging's purpose is simply to act as a switch and nothing more, then you are done. However, most users will still want to be able access the internet (and the rest of the network for that matter from the computer). Please read below to see how to do this.

Enabling Internet Use on the Bridging Computer

It is very simple to setup the internet on the bridging computer.

Finding the Default Gateway

These directions below attempt to locate your default gateway. They are not foolproof and if you are not sure what your default gateway is then contact your Network Administrator or see the Kubuntu IRC channel if the Administrator is you. If you know your default gateway, then skip to the

1. If the internet worked on your computer before, then open the KDE Panel and choose system settings. 2. Open System Settings and next click Network Settings. 3. Click the "Administrator Mode..." button at the bottom of the window and enter your password. 4. Choose the "Route" tab and remember, write down, or copy the address inside the Default Gateway group box and the "IP Address" text box.

You now have your default gateway IP address. It is now possible to setup your computer to access the internet through the bridge.

Konsole Commands

Once you have your default gateway then enter these commands below.

ip route add default via <default gateway ip address>
dhclient <bridge name>

If you get a message back from the first command, such as

SIOCADDRT: File exists

or

SIOCADDRT: Network is unreachable

Then skip to the second command.


To ensure that you are connected to the internet, ping the IP address with the command below.

ping 66.94.234.13

If you get in Konsole:

# ping 66.94.234.13
PING 66.94.234.13 (66.94.234.13) 56(84) bytes of data.
64 bytes from 66.94.234.13: icmp_seq=1 ttl=55 time=386 ms
64 bytes from 66.94.234.13: icmp_seq=2 ttl=55 time=250 ms
64 bytes from 66.94.234.13: icmp_seq=3 ttl=55 time=283 ms
64 bytes from 66.94.234.13: icmp_seq=4 ttl=55 time=256 ms
64 bytes from 66.94.234.13: icmp_seq=5 ttl=55 time=247 ms
64 bytes from 66.94.234.13: icmp_seq=6 ttl=55 time=254 ms

Then you are done! However, if you do not, double check your work by taking down the bridge:

ip link set <bridge name> down
brctl delbr <bridge name>

And then go through the steps once more. Once again, you can get more help on the brctl command by typing brctlinto Konsole.

At this point you may also want to see http://linux-net.osdl.org/index.php/Bridge at this point for a more in depth explanation of bridges and other commands within brctl.