old-www/HOWTO/Remote-Bridging/x19.html

<HTML
><HEAD
><TITLE
>How does it work?</TITLE
><META
NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+
"><LINK
REL="HOME"
TITLE="Remote Bridging with IP Tunnels mini-HOWTO"
HREF="index.html"><LINK
REL="PREVIOUS"
TITLE="Remote Bridging with IP Tunnels mini-HOWTO"
HREF="index.html"><LINK
REL="NEXT"
TITLE="Copyright"
HREF="gfdl.html"></HEAD
><BODY
CLASS="SECT1"
BGCOLOR="#FFFFFF"
TEXT="#000000"
LINK="#0000FF"
VLINK="#840084"
ALINK="#0000FF"
><DIV
CLASS="NAVHEADER"
><TABLE
SUMMARY="Header navigation table"
WIDTH="100%"
BORDER="0"
CELLPADDING="0"
CELLSPACING="0"
><TR
><TH
COLSPAN="3"
ALIGN="center"
>Remote Bridging with IP Tunnels mini-HOWTO</TH
></TR
><TR
><TD
WIDTH="10%"
ALIGN="left"
VALIGN="bottom"
><A
HREF="index.html"
ACCESSKEY="P"
>Prev</A
></TD
><TD
WIDTH="80%"
ALIGN="center"
VALIGN="bottom"
></TD
><TD
WIDTH="10%"
ALIGN="right"
VALIGN="bottom"
><A
HREF="gfdl.html"
ACCESSKEY="N"
>Next</A
></TD
></TR
></TABLE
><HR
ALIGN="LEFT"
WIDTH="100%"></DIV
><DIV
CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="AEN19">1. How does it work?</H1
><P
>You can transparently bridge traffic between 2 ethernet LANs to unite them, if both of them are connected to Internet.</P
><P
>There is no way to do a <SPAN
CLASS="QUOTE"
>"real"</SPAN
> bridge, you can only bridge third level protocols, which linux knows how to route, but ethernet traffic with those protocols will seem bridged.  You can make 2 ethernet bridges, to bridge IP and/or IPX traffic.  You cannot transparently bridge any other third level protocols between distinct LANs.  You should read the rest of this document to determine whether you can bridge any other protocol.</P
><DIV
CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="AEN24">1.1. Bridging IP over ethernet traffic between 2 LANs.</H2
><P
>If you have:
<TABLE
BORDER="1"
BGCOLOR="#E0E0E0"
WIDTH="100%"
><TR
><TD
><FONT
COLOR="#000000"
><PRE
CLASS="SCREEN"
>PC1   (192.168.0.1  /24)--|
PC3   (192.168.0.3  /24)--|
PC5   (192.168.0.5  /24)--|--[ eth0 - bridge_1 - eth1 (195.0.0.1) ]

PC253 (192.168.0.253/24)--|              
                                         | (192.168.0.2  /24) PC2
                                         | (192.168.0.4  /24) PC4
[ (192.0.0.1) eth1 - bridge_2 - eth0 ] --| (192.168.0.6  /24) PC6

                                         | (192.168.0.254/24) PC254</PRE
></FONT
></TD
></TR
></TABLE
></P
><P
><I
CLASS="MEDIALABEL"
>bridge_1</I
> and <I
CLASS="MEDIALABEL"
>bridge_2</I
> are your Linux bridges and externally connected to the Internet interface eth1. So <TT
CLASS="USERINPUT"
><B
>195.0.0.1</B
></TT
> and <TT
CLASS="USERINPUT"
><B
>192.0.0.1</B
></TT
> can be any valid Internet addresses given to you by your ISP.</P
><P
>So, you should:</P
><P
></P
><OL
TYPE="1"
><LI
><P
>Get two linux computers with kernels 2.2 or 2.4. Kernels should be compiled with <SPAN
CLASS="ACRONYM"
>PPP</SPAN
> and <SPAN
CLASS="APPLICATION"
>Advanced Router</SPAN
>. You also need the <SPAN
CLASS="APPLICATION"
>iproute2</SPAN
> package properly installed.  Information on <SPAN
CLASS="APPLICATION"
>iproute2</SPAN
> can be found in <TT
CLASS="FILENAME"
>Configure.help</TT
> of your kernel in the comments under <SPAN
CLASS="APPLICATION"
>Advanced Router</SPAN
>. You also need the following utilities:</P
><P
></P
><UL
><LI
><P
><SPAN
CLASS="APPLICATION"
>pppd</SPAN
> (PPP daemon) - <A
HREF="ftp://cs.anu.edu.au/pub/software/ppp/"
TARGET="_top"
>ftp://cs.anu.edu.au/pub/software/ppp/</A
></P
></LI
><LI
><P
><SPAN
CLASS="APPLICATION"
>PopTop</SPAN
> (PPTP server) - <A
HREF="http://poptop.lineo.com/"
TARGET="_top"
>http://poptop.lineo.com</A
></P
></LI
><LI
><P
><SPAN
CLASS="APPLICATION"
>PPTP</SPAN
> (Linux PPTP Client, by C.S. Ananian) - <A
HREF="http://www.pdos.lcs.mit.edu/~cananian/Projects/PPTP/"
TARGET="_top"
>http://www.pdos.lcs.mit.edu/~cananian/Projects/PPTP/</A
></P
></LI
><LI
><P
><SPAN
CLASS="APPLICATION"
>tarpd</SPAN
> (a trivial proxy arp daemon) - <A
HREF="http://www.cs.hut.fi/~tricky/utils/net/tarpd-1.6.tar.gz"
TARGET="_top"
>htp://www.cs.hut.fi/~tricky/utils/net/tarpd-1.6.tar.gz</A
></P
></LI
></UL
><P
>You can also find them on <A
HREF="http://www.freshmeat.net"
TARGET="_top"
>http://www.freshmeat.net</A
></P
><P
>Please, keep in mind that you need special patches for pppd and the kernel if you want to do <SPAN
CLASS="APPLICATION"
>MS Chap</SPAN
> and <SPAN
CLASS="APPLICATION"
>MS Encryption (MPPE)</SPAN
>.  Refer to the <SPAN
CLASS="APPLICATION"
>PoPTop</SPAN
> manual for instructions on how to get and install these patches.</P
></LI
><LI
><P
>Connect your routers to Internet, or establish any other communication between them with the exception of IP.</P
></LI
><LI
><P
>Make a <SPAN
CLASS="ACRONYM"
>PPTP</SPAN
> tunnel between them. There are example configurations in the PoPToP (server) and pptp (client) manuals.</P
></LI
><LI
><P
>Now you should have two bridges and an IP tunnel between then, possibly encrypted (refer to the <SPAN
CLASS="ACRONYM"
>PPP</SPAN
> manual).  Let's configure bridging.</P
></LI
><LI
><P
>Remember that the bridge is really a router, so we need to run the following commands on our bridges (this assumes <I
CLASS="MEDIALABEL"
>bridge_1</I
> and <I
CLASS="MEDIALABEL"
>bridge_2</I
> are IP addresses, assigned to each end of the <SPAN
CLASS="ACRONYM"
>PPTP</SPAN
> tunnel between bridges):</P
><TABLE
BORDER="1"
BGCOLOR="#E0E0E0"
WIDTH="90%"
><TR
><TD
><FONT
COLOR="#000000"
><PRE
CLASS="SCREEN"
>     bridge_1$ip route add 192.168.0.2 via bridge_2
     bridge_1$ip route add 192.168.0.4 via bridge_2
     bridge_1$ip route add 192.168.0.6 via bridge_2
             
     bridge_1$ip route add 192.168.0.254 via bridge_2
     bridge_1$ip route add 192.168.0.255 via bridge_2
        </PRE
></FONT
></TD
></TR
></TABLE
><P
>On the other side:</P
><TABLE
BORDER="1"
BGCOLOR="#E0E0E0"
WIDTH="90%"
><TR
><TD
><FONT
COLOR="#000000"
><PRE
CLASS="SCREEN"
>     bridge_2$ip route add 192.168.0.1 via bridge_1
     bridge_2$ip route add 192.168.0.3 via bridge_1
     bridge_2$ip route add 192.168.0.5 via bridge_1
              
     bridge_2$ip route add 192.168.0.253 via bridge_1
        </PRE
></FONT
></TD
></TR
></TABLE
><P
>This will tell each of bridges which hosts are on the other side. You can do the same with the old-style <TT
CLASS="USERINPUT"
><B
>route</B
></TT
> command.  It will look like:</P
><TABLE
BORDER="1"
BGCOLOR="#E0E0E0"
WIDTH="90%"
><TR
><TD
><FONT
COLOR="#000000"
><PRE
CLASS="SCREEN"
>     bridge_1$route add -host 192.168.0.2 gw bridge_2
     bridge_1$route add -host 192.168.0.4 gw bridge_2
     bridge_1$route add -host 192.168.0.6 gw bridge_2
              
     bridge_1$route add -host 192.168.0.254 gw bridge_2
     bridge_1$route add -host 192.168.0.255 gw bridge_2
        </PRE
></FONT
></TD
></TR
></TABLE
><P
>On the other side:</P
><TABLE
BORDER="1"
BGCOLOR="#E0E0E0"
WIDTH="90%"
><TR
><TD
><FONT
COLOR="#000000"
><PRE
CLASS="SCREEN"
>     bridge_2$route add -host 192.168.0.1 gw bridge_1
     bridge_2$route add -host 192.168.0.3 gw bridge_1
     bridge_2$route add -host 192.168.0.5 gw bridge_1
               
     bridge_2$route add -host 192.168.0.253 gw bridge_1
        </PRE
></FONT
></TD
></TR
></TABLE
><P
>Please note once more that <I
CLASS="MEDIALABEL"
>bridge_1</I
> and <I
CLASS="MEDIALABEL"
>bridge_2</I
> are <EM
>not</EM
> IP addresses given by your ISP, but IP addresses which <EM
>you</EM
> assigned to each end of the <SPAN
CLASS="ACRONYM"
>PPTP</SPAN
> tunnel.</P
></LI
><LI
><P
>Now you have two bridges and each of them knows where to find a particular IP.  But how do you tell those computers to send their traffic for the remote network to the local bridge? You need tarpd.</P
><P
><TT
CLASS="USERINPUT"
><B
>tarpd</B
></TT
> is a very simple daemon, which replies to arp requests for certain IP addresses. You only need to run a <TT
CLASS="USERINPUT"
><B
>tarpd</B
></TT
> on each bridge, and specify the list of IP addresses found on the remote end.</P
><P
>For example, for those two bridges you should run:</P
><TABLE
BORDER="1"
BGCOLOR="#E0E0E0"
WIDTH="90%"
><TR
><TD
><FONT
COLOR="#000000"
><PRE
CLASS="SCREEN"
>     bridge_1$tarpd eth0 192.168.0.2 255.255.255.255  \
                         192.168.0.4 255.255.255.255  \
                                  
                         192.168.0.254 255.255.255.255
        </PRE
></FONT
></TD
></TR
></TABLE
><P
>On the other side:</P
><TABLE
BORDER="1"
BGCOLOR="#E0E0E0"
WIDTH="90%"
><TR
><TD
><FONT
COLOR="#000000"
><PRE
CLASS="SCREEN"
>     bridge_2$tarpd eth0 192.168.0.1 255.255.255.255  \
                         192.168.0.3 255.255.255.255  \
                                  
                         192.168.0.253 255.255.255.255
        </PRE
></FONT
></TD
></TR
></TABLE
><P
>You specify 128 remote pairs (IP/mask. Mask should be 255.255.255.255 in order not to confuse tarpd!) on each bridge.</P
></LI
><LI
><P
>Enjoy your bridges!</P
></LI
></OL
></DIV
><DIV
CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="AEN105">1.2. What about other protocols?</H2
><P
>Really, I can say nothing about other protocol routing. I never used them.  But I suppose if you are familiar with other protocols, it should not be too difficult to bridge it this way.</P
></DIV
></DIV
><DIV
CLASS="NAVFOOTER"
><HR
ALIGN="LEFT"
WIDTH="100%"><TABLE
SUMMARY="Footer navigation table"
WIDTH="100%"
BORDER="0"
CELLPADDING="0"
CELLSPACING="0"
><TR
><TD
WIDTH="33%"
ALIGN="left"
VALIGN="top"
><A
HREF="index.html"
ACCESSKEY="P"
>Prev</A
></TD
><TD
WIDTH="34%"
ALIGN="center"
VALIGN="top"
><A
HREF="index.html"
ACCESSKEY="H"
>Home</A
></TD
><TD
WIDTH="33%"
ALIGN="right"
VALIGN="top"
><A
HREF="gfdl.html"
ACCESSKEY="N"
>Next</A
></TD
></TR
><TR
><TD
WIDTH="33%"
ALIGN="left"
VALIGN="top"
>Remote Bridging with IP Tunnels mini-HOWTO</TD
><TD
WIDTH="34%"
ALIGN="center"
VALIGN="top"
>&nbsp;</TD
><TD
WIDTH="33%"
ALIGN="right"
VALIGN="top"
>Copyright</TD
></TR
></TABLE
></DIV
></BODY
></HTML
>