Bridging Network Interfaces

If you want to forward packets from one network interface to the other and vice versa, for example to act as a physical router, you can most easily do this by bridging network interfaces. Once you set this up, you can also deep-scan packets going through using iptables.

Kernel configuration
Using menuconfig (see official kernel update guide), make sure your kernel have this configuration enabled :

If compiled as module:

Bridge-utils installation
Install bridge-utils by using the following :

Configuration
Test the bridging by performing it manually :


 * To verify your bridge configuration :

Setup on boot
Once you have a working bridge, you can modify your network configuration to add it on boot :

(taken from net.example of current stable baselayout: 1.12.*)


 * Note that for any interfaces that are to be in the bridge, they need to be set to "null." Unexpected results may occur if these ports get configured with an IP. Hence, configure the individual ethernet ports like so:


 * You need to configure the ports to null values so dhcp does not get started


 * If you have multiple bridges on the network, you'll probably want to turn on STP (discussed above; shown below). You can use similar syntax for other brctl commands:


 * Try to prevent "storms"


 * To access the network through eth0 add to /etc/conf.d/net

Next, create the symbolic links for the extra interface and for br0 init scripts and add them to the default runlevel: Code: Symbolic Links & Default Run Runlevel

Bridging and Iptables
You can filter bridged traffic with iptables when you have the proper kernel configuration :
 * Please refer to the iptables article for further information.

If you want to disable this feature on-the-fly without recompiling the kernel, you can tune the behavior with sysctl: