<< | Thread Index | >> ]    [ << | Date Index | >> ]

Subject: RE: bridge + cipe
From: "Frater, Greg" <gjfrater,AT,bechtel,DOT,com>
Date: Thu, 12 Jul 2001 17:22:11 +0200

Eric, 

Two questions about your scenario:

Do I need to set up a route between the two networks, I can't seem to get my
mind around how this would look.  Would I just add a route for 172.32.0.0/20
for eth1 and another one of 172.19.0.0/20 for eth0?

Also how does the traffic get from the bridge (eth0, and cipdb0) and eth1?
If it is with routing will it pass the broadcast traffic?  Man, I am just
not grasping this.

Thanks for the help, can anyone explain this that has done it?

I guess this is what I get for saying "Hey I think we can do that with
Linux!"  This is an all NT shop, Linux is pretty much like a bad word around
here.  Still plugging away...

Greg --

I don't know a whole lot about bridging, but I do know this:

  Asusming that eth0 is internal private network, eth1 is external
public/Internet network, and cipcbX is your CIPE/WAN link:
  Bridging eth0 and eth1 and cipcb0 will create security holes.  now
you're bridging all traffic to all interfaces.  It'd be like replacing
your linux box with a 3 port switch.  If my understanding is correct,
you're sending all packets to all interfaces like a switch would (ok,
almost since switches and bridges pass packets based on MAC addresses).

Security aside, here's another idea for you to try:

Site 1:
  eth0: lan (172.19.0.1/20)
  eth1: wireless (172.32.0.1/20)

Site 2:
  eth0: lan (172.19.0.2/20)
  eth1: wireless (172.32.0.2/20)

Now cipe-link via the 172.32.0.1/20 and 172.32.0.2/20 interfaces.  Then
bridge eth0+cipcb0 and eth0+cipcb0 at site1 and site2.

I think the problem you may be running into is that you have 2 network
cards with interfaces on the same network.  I used the second network on
your subnet'd class B for the wireless side so your linux box
won't get confused.  Maybe this will work?  Just a suggestion; I've never
done it before.  Let me know what you find!

--Eric

On Wed, 11 Jul 2001, Frater, Greg wrote:

> Hello All, 
> 
> Searching the archives revealed several postings regarding this subject.
> However, all I could get from them was that I can use bridging and CIPE
but
> not how to do it.
> 
> I am working with a wireless bridge that links two offices that are on a
> flat network, i.e. everyone is on the same subnet.  We need to encrypt the
> data that crosses the wireless bridge and I need to do it with bridging to
> support broadcast traffic.  I have two machines running rh 7.1 with kernel
> 2.4.5 running CIPE 1.5.2 with bridging enabled in the kernel.  Bridging
and
> CIPE load without errors and I can bridge the traffic just fine.  How do I
> send the traffic from eth0 through the cipdb0 device and then out eth1?
Do
> I have to use routing?  And if so how do I do this and maintain the
bridging
> functionality (broadcast traffic)?
> 
> I made all three interfaces (eth0, eth1, and cipdb0) part of the bridge is
> that right?  
> 
> Is there more documentation on the net, other than the info page that
comes
> with the cipe package, that I have not seen.
> 
> ps. We are using a 172.19.0.0 network with a netmask of 255.255.240.0.
> Again both buildings are on the same subnet.
> 
> In need of some hand holding,
> 
> Greg Frater
> WTP IT Dept.
> gjfrater,AT,bechtel,DOT,com
> 509 371-3537
> 
> --
> Message sent by the cipe-l,AT,inka,DOT,de mailing list.
> Unsubscribe: mail majordomo,AT,inka,DOT,de, "unsubscribe cipe-l" in body
> Other commands available with "help" in body to the same address.
> CIPE info and list archive:
<URL:http://sites.inka.de/~bigred/devel/cipe.html>
> 

--
Message sent by the cipe-l,AT,inka,DOT,de mailing list.
Unsubscribe: mail majordomo,AT,inka,DOT,de, "unsubscribe cipe-l" in body
Other commands available with "help" in body to the same address.
CIPE info and list archive:
<URL:http://sites.inka.de/~bigred/devel/cipe.html>





<< | Thread Index | >> ]    [ << | Date Index | >> ]