<< | Thread Index | >> ]    [ << | Date Index | >> ]

Subject: Re: bridge + cipe
From: ewheeler,AT,kaico,DOT,com
Date: Thu, 12 Jul 2001 02:32:32 +0200
In-reply-to: <178859BD4001D511A89D00508BB0D72017F8F7@WTPS0017>

Greg --

I don't know a whole lot about bridging, but I do know this:

  Asusming that eth0 is internal private network, eth1 is external
public/Internet network, and cipcbX is your CIPE/WAN link:
  Bridging eth0 and eth1 and cipcb0 will create security holes.  now
you're bridging all traffic to all interfaces.  It'd be like replacing
your linux box with a 3 port switch.  If my understanding is correct,
you're sending all packets to all interfaces like a switch would (ok,
almost since switches and bridges pass packets based on MAC addresses).

Security aside, here's another idea for you to try:

Site 1:
  eth0: lan (172.19.0.1/20)
  eth1: wireless (172.32.0.1/20)

Site 2:
  eth0: lan (172.19.0.2/20)
  eth1: wireless (172.32.0.2/20)

Now cipe-link via the 172.32.0.1/20 and 172.32.0.2/20 interfaces.  Then
bridge eth0+cipcb0 and eth0+cipcb0 at site1 and site2.

I think the problem you may be running into is that you have 2 network
cards with interfaces on the same network.  I used the second network on
your subnet'd class B for the wireless side so your linux box
won't get confused.  Maybe this will work?  Just a suggestion; I've never
done it before.  Let me know what you find!

--Eric

On Wed, 11 Jul 2001, Frater, Greg wrote:

> Hello All, 
> 
> Searching the archives revealed several postings regarding this subject.
> However, all I could get from them was that I can use bridging and CIPE but
> not how to do it.
> 
> I am working with a wireless bridge that links two offices that are on a
> flat network, i.e. everyone is on the same subnet.  We need to encrypt the
> data that crosses the wireless bridge and I need to do it with bridging to
> support broadcast traffic.  I have two machines running rh 7.1 with kernel
> 2.4.5 running CIPE 1.5.2 with bridging enabled in the kernel.  Bridging and
> CIPE load without errors and I can bridge the traffic just fine.  How do I
> send the traffic from eth0 through the cipdb0 device and then out eth1?  Do
> I have to use routing?  And if so how do I do this and maintain the bridging
> functionality (broadcast traffic)?
> 
> I made all three interfaces (eth0, eth1, and cipdb0) part of the bridge is
> that right?  
> 
> Is there more documentation on the net, other than the info page that comes
> with the cipe package, that I have not seen.
> 
> ps. We are using a 172.19.0.0 network with a netmask of 255.255.240.0.
> Again both buildings are on the same subnet.
> 
> In need of some hand holding,
> 
> Greg Frater
> WTP IT Dept.
> gjfrater,AT,bechtel,DOT,com
> 509 371-3537
> 
> --
> Message sent by the cipe-l,AT,inka,DOT,de mailing list.
> Unsubscribe: mail majordomo,AT,inka,DOT,de, "unsubscribe cipe-l" in body
> Other commands available with "help" in body to the same address.
> CIPE info and list archive: 
><URL:http://sites.inka.de/~bigred/devel/cipe.html>
> 





<< | Thread Index | >> ]    [ << | Date Index | >> ]