Configure Network Interfaces as a Bridge in Debian
Debian Linux: Configure Network Interfaces as a Bridge/Network Switch
My server has five Ethernet ports and one ADSL port. How do I set up an IPv4 software bridge using Debian Linux so that the five ports act as a network switch?
You need to use the brctl command to bridge network connections under Debian Linux. This is useful for:
- Sharing your internet connection between multiple devices.
- Increasing your ethernet jacks capacity without purchasing a dedicated network switch.
- Setting up Debian as an access point and much more.
Install bridge-utils Package
You need to install a package called bridge-utils for configuring the Linux Ethernet bridge.
# apt-get install bridge-utilsSample outputs:
Reading package lists... DoneConfiguration
In this example, eth0 to eth4 are acting as a switch. Edit the file /etc/network/interfaces:
# cp -v /etc/network/{interfaces,interfaces.bak}
# vi /etc/network/interfacesTo make your bridge configuration permanent, edit this file. Append/modify as follows:
# The loopback network interface
auto lo
iface lo inet loopback
# Eth0 to Eth5 network switch
allow-hotplug eth0
iface eth0 inet manual
pre-up ifconfig $IFACE up
pre-down ifconfig $IFACE down
allow-hotplug eth1
iface eth1 inet manual
pre-up ifconfig $IFACE up
pre-down ifconfig $IFACE down
allow-hotplug eth2
iface eth2 inet manual
pre-up ifconfig $IFACE up
pre-down ifconfig $IFACE down
allow-hotplug eth3
iface eth3 inet manual
pre-up ifconfig $IFACE up
pre-down ifconfig $IFACE down
allow-hotplug eth4
iface eth4 inet manual
pre-up ifconfig $IFACE up
pre-down ifconfig $IFACE down
# Setup an IP address for our bridge
auto br0
iface br0 inet static
bridge_ports eth0 eth1 eth2 eth3 eth4
address 192.168.1.253
broadcast 192.169.1.255
netmask 255.255.255.0
Save and close the file.
Restart the Networking Service
To stop the current network configuration:
# service networking stopSample outputs:
Deconfiguring network interfaces...done.To activate the br0 network interface:
# service networking startSample outputs:
Configuring network interfaces...
Waiting for br0 to get ready (MAXWAIT is 32 seconds).
done.Verify br0 Configuration
Type the following command:
# ip addr show(Sample output omitted for brevity)
You can use the following brctl command to see all current instances of the ethernet bridge:
# brctl show(Sample output omitted for brevity)
How Do I Show a List of MAC Addresses?
# brctl showmacs br0How Can I See Bridge STP Information?
# brctl showstp br0Other Options
To see all other supported options, type the following command:
$ man brctlOR
$ brctl --help(Sample output omitted for brevity)
A Note About DHCPD Server
You may want to set up a DHCPD server to allow clients such as desktops, laptops, and mobile devices to request and obtain an IP address and many other parameters from a server/switch itself. See how to set up an ISC DHCP Server for your network for more information.
A Note About Iptables
The data flows through all interfaces, so you only need to filter on one interface. Turn on packet forwarding using the Linux kernel and iptables (NAT). Assuming that eth6 or ppp0 is the connection to the Internet. First, turn on IP forwarding in the kernel:
# sysctl -w net.ipv4.ip_forward=1Next, use the following command:
/sbin/iptables -t nat -A POSTROUTING -o eth6 -j MASQUERADE
### ppp0 ###
/sbin/iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADEOR set up IP forwarding and masquerading (NAT):
/sbin/iptables --table nat --append POSTROUTING --out-interface eth6 -j MASQUERADE
/sbin/iptables --append FORWARD --in-interface br0 -j ACCEPTFeel free to modify rules as per your setup. See the iptables man page or the following tutorials for more information:
- Debian / Ubuntu Linux: Install and Configure Shoreline Firewall (Shorewall)
- Linux: 20 Iptables Examples For New SysAdmins