On 2013/02/12 16:54, Jeremie Le Hen wrote: > Thanks again for your review. > > http://people.chchile.org/~jlh/tmp/faq6.html > http://people.chchile.org/~jlh/tmp/faq6.diff
This looks fine to me, thank you. Unless there are any objections or other comments I will commit it soon. > > Index: faq6.html > =================================================================== > RCS file: /cvs/www/faq/faq6.html,v > retrieving revision 1.304 > diff -u -p -r1.304 faq6.html > --- faq6.html 2 Nov 2012 11:25:12 -0000 1.304 > +++ faq6.html 12 Feb 2013 15:52:19 -0000 > @@ -1295,7 +1295,7 @@ address, the bridge will pass network da > maintainable (which can be a feature). > > <p> > -<h3>An example of a bridge application</h3> > +<h3>A simple example of a bridge application</h3> > > <p> > One of my computer racks has a number of older systems, none of which > @@ -1367,6 +1367,87 @@ directions. > > <p> > That's it! Reboot, and you now have a functioning bridge. > + > +<p> > +<h3>A bridge acting as a DHCP server</h3> > + > +<p> > +Let's say we have a Soekris net5501, which has four > +<a > href="http://www.openbsd.org/cgi-bin/man.cgi?query=vr&sektion=4";>vr(4)</a> > +interfaces, vr0 through vr3. We want to bridge vr1, vr2 and vr3 > +together, leaving out vr0 for an uplink (a cable modem for instance). > +We also want to serve IP addresses through DHCP over the bridged > +interfaces. Being a DHCP server and an uplink router, the box needs to > +have an IP address on the bridged network (contrary to the previous > +example in which the bridging box was not visible on the network). > + > +<p> > +It is not possible to assign an IP address directly to a > +<a > href="http://www.openbsd.org/cgi-bin/man.cgi?query=bridge&sektion=4";>bridge(4)</a> > +interface. The IP address should be added to one of the member > +interfaces, but we cannot use a physical interface as the link might be > +down, in which case the address would not be reachable. Fortunately, > +starting with OpenBSD 4.7, there is a virtual Ethernet interface driver > +<a > href="http://www.openbsd.org/cgi-bin/man.cgi?query=vether&sektion=4";>vether(4)</a> > +that can be used for that purpose. We will add it to the bridge, assign > +the IP address to it and make dhcpd(8) listen there. > + > +<p> > +Notes: > + > +<ul> > +<li>The <a href="#DHCPserver">DHCP server configuration</a> is not > +described yet again in this section but the addressing scheme used here is > +the same. > +<li>This will also be the uplink router for your bridged network, so we > +will use IP address 192.168.1.1 to match the DHCP server configuration. > +<li>We will not cover the uplink, routing or firewalling configuration > +here.</li> > +</ul> > + > +<p>First mark vr1, vr2 and vr3 as up: > + > +<blockquote><pre> > +$ <b>cat /etc/hostname.vr1</b> > +up > +$ <b>cat /etc/hostname.vr2</b> > +up > +$ <b>cat /etc/hostname.vr3</b> > +up > +</pre></blockquote> > + > +<p> > +Then create the vether0 configuration: > + > +<blockquote><pre> > +$ <b>cat /etc/hostname.vether0</b> > +inet 192.168.1.1 255.255.255.0 192.168.1.255 > +up > +</pre></blockquote> > + > +<p> > +We configure the bridge interface to contain all the above > +interfaces: > + > +<blockquote><pre> > +$ <b>cat /etc/hostname.bridge0</b> > +add vether0 > +add vr1 > +add vr2 > +add vr3 > +up > +</pre></blockquote> > + > +<p> > +And finally we make dhcpd(8) listen on the vether0 interface: > + > +<blockquote><pre> > +$ <b>grep ^dhcpd_flags= /etc/rc.conf.local</b> > +dhcpd_flags="vether0" > +</pre></blockquote> > + > +<p> > +Reboot and voilà! > > <p> > <h3>Filtering on a bridge</h3> > > -- > Jeremie Le Hen > > Scientists say the world is made up of Protons, Neutrons and Electrons. > They forgot to mention Morons.
