[LARTC] Bridge and Router on the same device

Abel Martín abel.martin.ruiz at gmail.com
Thu Nov 16 10:50:34 CET 2006 

On 11/13/06, Net Cerebrum <netcerebrum at gmail.com> wrote:
> I want to configure a device with three network interfaces where two of them
> would bridge two segments of the LAN subnet and the third one would be
> connected to the WAN link.
>
> eth0 - 10.10.10.2/24 to be connected to the internet gateway having IP
> 10.10.10.1/24 (also the default gateway for the device)
> eth1 and eth2 bridged as br0 with IP address 172.16.100.1 connected to
> different segments of the subnet 172.16.100.0/24.
>
>
>                                WAN (10.10.10.1)
>                                          |
>                                          |
>                                 eth0 (10.10.10.2)
>
>
>
> -----eth1
>      eth2------
> LAN (172.16.100.0/24)                                LAN
> (172.16.100.0/24)
>
>
> I plan to configure the Bridge IP ( 172.16.100.1) as the default gateway for
> the LAN and also regulate the traffic between the two bridged interfaces
> (eth1 and eth2) using a user space tool. Further since the traffic meant for
> internet would pass through eth0, there would be a need to regulate the
> traffic between eth1 and eth0 and also eth2 and eth0.
>
> Is the above arrangement feasible ? Would it be possible to define static
> routes on this device itself involving hosts reachable through either of the
> interfaces.
>
> Thank you in advance.
>

I think it's possible, but, what does "regulating traffic between the
two bridged interfaces"? Remember that a bridge works at the data link
layer, so I think it won't be possible filter bridged traffic at
higher layers (TCP/IP) on the bridge device. Maybe you can filter at
network and transport layers on the physical interfaces which are
attached to the bridge (eth1, eth2) with iptables if you really need
it. Don't know if you mean filtering by saying "regulating".

Routing and bridging is possible. The default gateway for the hosts in
172.16.100.0/24 should be  172.16.100.1, and there's nothing wrong
with using a IP which is bonded to a bridge interface. For traffic
that needs to be routed from the 172.16.100.0/24 network through the
WAN interface you can treat the bridge as a physical interface.
10.10.10.1 should be the default gateway for this machine.

Regards.

More information about the LARTC mailing list