Next Previous Contents

2. Required software

This software setup is needed on the ethernet bridge computer. According to our Testing grounds.

2.1 Featured Linux kernel

Use of kernel 2.6 is not yet a good idea. Yes, it's astonishing. The why the bridging code breaks and where it does so has not yet come to my and others attention, I cannot recommend kernels of the 2.6 series. You have the clou? Assure yourself the credit, mail the solution to me (e-mail address at entry page). See also Kernel-Notes for additional information on this. So far, use kernel 2.4 series.
As of kernel version 2.4.18 there's already support for the Ethernet Bridge capability built-in. No patches needed so far. Regarding later kernel versions, it must be stated that 2.4.23 might be less recommendable, especially in conjunction with ebtables and netfilter-bridging. Later versions seem advisable.
The following paragraph is outdated now (2005-07-12) as all we need is present in kernel. You may skip this paragraph, it is only retained for legacy:
But if we intend to use netfilter capabilities, because we want to run iptables on our new Linux router/fw box, we still need to apply a patch. Any patches needed can be found and downloaded on the sourceforge Ethernet Bridge homepage.

root@bridge:~> cd /usr/src/
root@bridge:~> wget -c http://bridge.sourceforge.net/devel/bridge-nf/bridge-nf-0.0.7-against-2.4.18.diff
root@bridge:~> cd /usr/src/linux/
root@bridge:~> patch -p1 -i ../bridge-nf/bridge-nf-0.0.7-against-2.4.18.diff
        

Supposedly we want netfilter support on our bridge interface and we have already patched the vanillal kernel we may now activate some necessary kernel configuration items. On how to build a private kernel image see the CD-Net-Install-HOWTO, Toolbox. Oh, yeah, it's still in German only. Hm, I should fix this some time, but time lacks... Any volunteers? (deadly silence is cracking.. ;)

Nevertheless, we start by now: In

        Code maturity level options
        
we activate
        [*] Prompt for development and/or incomplete code/drivers
        
and in
        Loadable module support
        
        [*] Enable loadable module support  
        [*]   Set version information on all module symbols
        [*]   Kernel module loader
        
Ok, so far so good. Now, we go to
        Networking options
        
and mark
        [*] Network packet filtering (replaces ipchains)
        [ ]   Network packet filtering debugging
        
Note:

Previously, the above debugging option had been selected. For now, unless you want your /var/log/-partition being filled up in short-time distance, deactivate this option.
If this options is activated, messages similar to the following appear in counts of thousands in dmesg and /var/log/{kern.log,debug,syslog,messages}:

skb: pf=2 (unowned) dev=br0 len=52
PROTO=6 156.136.32.121:3709 192.168.101.2:112 L=52 S=0x00 I=35470 F=0x4000 T=51 
nf_hook: hook 1 already set.
skb: pf=2 (unowned) dev=br0 len=52
PROTO=6 156.136.32.121:3709 192.168.101.2:112 L=52 S=0x00 I=35470 F=0x4000 T=51 
nf_hook: hook 0 already set.
skb: pf=2 (unowned) dev=br0 len=52
PROTO=6 192.168.101.11:2828 192.168.101.2:202 L=52 S=0x10 I=63 F=0x4000 T=64 
nf_hook: hook 1 already set.
skb: pf=2 (unowned) dev=br0 len=52
PROTO=6 192.168.101.11:2828 192.168.101.2:202 L=52 S=0x10 I=63 F=0x4000 T=64 
nf_hook: hook 3 already set.
skb: pf=7 (owned) dev=eth1 len=1500
        

Furthermore, in

          IP: Netfilter Configuration  --->
        
we mark any item we need as module. Now the long awaited item: activate
        <M> 802.1d Ethernet Bridging
        
as well as
        [*]   netfilter (firewalling) support
        
Note:

The above entry is available only if we successfully patched our kernel!

Finally, we just need a successful

root@bridge:~> make dep clean bzImage modules modules_install
        
cycle and we're done. Don't forget to edit /etc/lilo.conf and do
root@bridge:~> lilo -t
root@bridge:~> lilo
root@bridge:~> reboot
        
, though.

Hint:

Perhaps we might mark our new kernel as the bridge kernel? We vi the toplevel Makefile in our kernel sources and edit the head line called EXTRAVERSION =. We may actually set it to, say bridge? ;-)
After the modules_install we find the fresh modules in /lib/modules/2.4.18bridge
For debian users (eventually use export PATCH_THE_KERNEL=YES before and --added_patches your_patches with make-kpkg):

root@bridge:~> make-kpkg --revision=tf.1.0 kernel_image
          

2.2 Userspace tool: brctl

Once our kernel has the capabilities needed to perform Ethernet Bridge and netfilter actions, we prepare the user space tool brctl. brctl is the configuration tool we use to set up anything to suit our needs.

We download the source tarball, unpack it and change directory into it.

root@bridge:~> wget -c http://bridge.sourceforge.net/bridge-utils/bridge-utils-0.9.5.tar.gz
root@bridge:~> tar xvzf bridge-utils-0.9.5.tar.gz
root@bridge:~> cd bridge-utils-0.9.5
        
At this time, read the README and the files in the doc/ subdirectory. Then do a simple make and copy the resulting brctl/brctl executable to /sbin/.
root@bridge:~> make
root@bridge:~> cp -vi brctl/brctl /sbin/
        
This is it. Go for Setup now.

2.3 Kernel-Notes

Symptom: Anything during setup works but packets do no longer traverse as they did in 2.4 the bridge interfaces.
ipuk s (qasuari_ @ _yahoo.com) wrote (about june 2005):

[...]
I have to compile my kernel from 2.4.18-14 to 2.6.0 and activate
bridge-netfilter&ebtables.
After compiling, i can't ping from a host to interface of linux box.
Linux box just have 1 interface.whats wrong with my compilation ???
[...]
        


Next Previous Contents