On 13 February 2013 20:28, Stuart Henderson <[email protected]> wrote:
> On 2013/02/12 16:54, Jeremie Le Hen wrote: > > Thanks again for your review. > > > > http://people.chchile.org/~jlh/tmp/faq6.html > > http://people.chchile.org/~jlh/tmp/faq6.diff > > This looks fine to me, thank you. Unless there are any objections > or other comments I will commit it soon. > > > One minor comment: you don't *need* to reboot. Although it's a good practice to reboot after you're done setting things up to make sure you don't have any ephemeral configurations (that you will obviously have forgotten about when you reboot for some other reason and find you something is not working as expected). Provided this is explained in 6.2.5, perhaps the 'Reboot and voilà' line should be removed ? On the other hand, the section right before the one Jeremie wrote also recommends a reboot, so it is consistent in that way. > > > Index: faq6.html > > =================================================================== > > RCS file: /cvs/www/faq/faq6.html,v > > retrieving revision 1.304 > > diff -u -p -r1.304 faq6.html > > --- faq6.html 2 Nov 2012 11:25:12 -0000 1.304 > > +++ faq6.html 12 Feb 2013 15:52:19 -0000 > > @@ -1295,7 +1295,7 @@ address, the bridge will pass network da > > maintainable (which can be a feature). > > > > <p> > > -<h3>An example of a bridge application</h3> > > +<h3>A simple example of a bridge application</h3> > > > > <p> > > One of my computer racks has a number of older systems, none of which > > @@ -1367,6 +1367,87 @@ directions. > > > > <p> > > That's it! Reboot, and you now have a functioning bridge. > > + > > +<p> > > +<h3>A bridge acting as a DHCP server</h3> > > + > > +<p> > > +Let's say we have a Soekris net5501, which has four > > +<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=vr&sektion=4 > ">vr(4)</a> > > +interfaces, vr0 through vr3. We want to bridge vr1, vr2 and vr3 > > +together, leaving out vr0 for an uplink (a cable modem for instance). > > +We also want to serve IP addresses through DHCP over the bridged > > +interfaces. Being a DHCP server and an uplink router, the box needs to > > +have an IP address on the bridged network (contrary to the previous > > +example in which the bridging box was not visible on the network). > > + > > +<p> > > +It is not possible to assign an IP address directly to a > > +<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bridge&sektion=4 > ">bridge(4)</a> > > +interface. The IP address should be added to one of the member > > +interfaces, but we cannot use a physical interface as the link might be > > +down, in which case the address would not be reachable. Fortunately, > > +starting with OpenBSD 4.7, there is a virtual Ethernet interface driver > > +<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=vether&sektion=4 > ">vether(4)</a> > > +that can be used for that purpose. We will add it to the bridge, assign > > +the IP address to it and make dhcpd(8) listen there. > > + > > +<p> > > +Notes: > > + > > +<ul> > > +<li>The <a href="#DHCPserver">DHCP server configuration</a> is not > > +described yet again in this section but the addressing scheme used here > is > > +the same. > > +<li>This will also be the uplink router for your bridged network, so we > > +will use IP address 192.168.1.1 to match the DHCP server configuration. > > +<li>We will not cover the uplink, routing or firewalling configuration > > +here.</li> > > +</ul> > > + > > +<p>First mark vr1, vr2 and vr3 as up: > > + > > +<blockquote><pre> > > +$ <b>cat /etc/hostname.vr1</b> > > +up > > +$ <b>cat /etc/hostname.vr2</b> > > +up > > +$ <b>cat /etc/hostname.vr3</b> > > +up > > +</pre></blockquote> > > + > > +<p> > > +Then create the vether0 configuration: > > + > > +<blockquote><pre> > > +$ <b>cat /etc/hostname.vether0</b> > > +inet 192.168.1.1 255.255.255.0 192.168.1.255 > > +up > > +</pre></blockquote> > > + > > +<p> > > +We configure the bridge interface to contain all the above > > +interfaces: > > + > > +<blockquote><pre> > > +$ <b>cat /etc/hostname.bridge0</b> > > +add vether0 > > +add vr1 > > +add vr2 > > +add vr3 > > +up > > +</pre></blockquote> > > + > > +<p> > > +And finally we make dhcpd(8) listen on the vether0 interface: > > + > > +<blockquote><pre> > > +$ <b>grep ^dhcpd_flags= /etc/rc.conf.local</b> > > +dhcpd_flags="vether0" > > +</pre></blockquote> > > + > > +<p> > > +Reboot and voilà! > > > > <p> > > <h3>Filtering on a bridge</h3> > > > > -- > > Jeremie Le Hen > > > > Scientists say the world is made up of Protons, Neutrons and Electrons. > > They forgot to mention Morons.
