Bridges and tunnels in Fedora
From juliano.info
Fedora Linux supports setting bridges and tunnels through its startup network configuration scripts, even though the frontend (system-config-network) doesn't allow their creation or management.
Of course, it is possible to set bridges and tunnels by issuing the appropriate commands in /etc/rc.local, but this solution is not optimal since it bypasses the network scripts, making it harder to manage connections (i.e. no ifup and ifdown support). Keep reading to learn how to do it using Fedora's own network configuration scripts.
Contents |
Bridge
A bridge connects multiple network segments at the data link layer level. It can be used if you have a spare network card and want to connect tree or more computers without a hub or a switch. It may also be used to connect two different kinds of networks (i.e. Token Ring and Ethernet) or if you want to do some firewalling between network segments without routing.
To setup a bridge (named br0) between two local network cards (named eth0 and eth1), stop the network service, go to /etc/sysconfig/networking/devices and create the following files:
| ifcfg-br0 | ifcfg-eth0 | ifcfg-eth1 |
|---|---|---|
DEVICE=br0 ONBOOT=yes TYPE=Bridge IPADDR=... # IP address of the interface here NETMASK=... # IP address mask here GATEWAY=... # Default gateway here |
DEVICE=eth0 TYPE=Ethernet ONBOOT=yes USERCTL=no BOOTPROTO=none BRIDGE=br0 |
DEVICE=eth1 TYPE=Ethernet ONBOOT=yes USERCTL=no BOOTPROTO=none BRIDGE=br0 |
After creating these files, start system-config-network and enable the new interfaces, so they are present to the current network profile. This effectively creates hardlinks of the above files in other two directories used by the network configuration scripts. Restart the network service and both your cards will bridge traffic between them.
Tunnel
A tunnel routes packets through networks that are not directly connected. This is achieved by encapsulating the IP packet of the inner network into another packet that is routed through the outer network. We are interested here in simple tunnels, like IP over IP and GRE.
In the example below, we consider two private networks with compatible addresses (i.e. non-overlapping), where you want to route packets between them. Network A uses the 10.0.0.0/24 address space, while Network B uses the 10.0.1.0/24 address space. The router of Network A has internal address 10.0.0.1 and external address 192.168.4.8, while the router of Network B has internal address 10.0.1.1 and external address 192.168.15.16. The routers see each other via their external addresses.
To setup a tunnel (named tun0) between these two networks, create the following files in the /etc/sysconfig/networking/devices directory of each router:
| ifcfg-tun0 (Router of Network A) | ifcfg-tun0 (Router of Network B) |
|---|---|
DEVICE=tun0 TYPE=IPIP # Or "GRE" for a GRE tunnel ONBOOT=yes MY_INNER_IPADDR=10.0.0.1 PEER_OUTER_IPADDR=192.168.15.16 PEER_INNER_IPADDR=10.0.1.0/24 BOOTPROTO=none |
DEVICE=tun0 TYPE=IPIP # Or "GRE" for a GRE tunnel ONBOOT=yes MY_INNER_IPADDR=10.0.0.2 PEER_OUTER_IPADDR=192.168.4.8 PEER_INNER_IPADDR=10.0.0.0/24 BOOTPROTO=none |
After creating these files, start system-config-network and enable the new interface on both routers. This will create hardlinks of the above files in other two directories used by the network configuration scripts. Then, on both routers, start the tunnel with:
ifup tun0
Remember that you need to set net.ipv4.ip_forward = 1 in /etc/sysctl.conf in order to route packets between networks.
References
- Fedora's /usr/share/doc/initscripts-*/sysconfig.txt
See also
- Bridge at linux-net.osdl.org - How to create Linux bridges, non-Fedora specific.
- Tunneling at linux-net.osdl.org - How to create Linux tunnels, non-Fedora specific.
