Bridge WAN and LAN interfaces on B3 - SOLVED

Got problems with your B2 or B3? Share and get helped!
Post Reply
makai
Posts: 2
Joined: 19 Oct 2013, 03:22

Bridge WAN and LAN interfaces on B3 - SOLVED

Post by makai » 19 Oct 2013, 03:42

Dear all

I've been trying to bridge the LAN and WAN interfaces on my B3 in order to be able to connect an additional device to my LAN (see attachment for details).

Now I've modified /etc/network/interfaces as follows, but I can't access the B3 anymore after reboot:

Code: Select all

# The loopback network interface
auto lo br0
iface lo inet loopback

# Set up interfaces manually, avoiding conflicts with, e.g., network manager
iface eth0 inet manual
iface eth1 inet manual

# Bridge setup
iface br0 inet static
      bridge_ports eth0 eth1
      address 192.168.0.6
      netmask 255.255.255.0
      gateway 192.168.0.1
Using the usb recovery, I've modified it to use DHCP. But the B3 does not even pull an IP on either interface after reboot:

Code: Select all

# The loopback network interface
auto lo br0
iface lo inet loopback

# Set up interfaces manually, avoiding conflicts with, e.g., network manager
iface eth0 inet manual
iface eth1 inet manual

# Bridge setup
iface br0 inet dhcp
      bridge_ports eth0 eth1
What am I overlooking here?
Attachments
bridge.png
bridge.png (8.02 KiB) Viewed 8019 times
Last edited by makai on 28 Oct 2013, 05:44, edited 1 time in total.

Cheeseboy
Posts: 789
Joined: 08 Apr 2007, 12:16

Re: Bridge WAN and LAN interfaces on B3

Post by Cheeseboy » 19 Oct 2013, 23:09

Hi makai,

I guess you have got a B3 without built-in WiFi and that you have set up the bridge yourself? (from looking at your file contents)
If I'm wrong, stop reading now, and ignore me.

I have a very similar setup at work with my old B2 (sans WiFi). I found that the "router/firewall/DHCP server" I had in front of it just was not up to the job, so I configured it to forward all traffic to my B2. I shut off it's "DHCP server", "Firewall", and all the other crap that it boasted but wasn't doing what I wanted. It even has a WiFi "router", but that had to be disabled as well, and a separate WiFi Access Point had to be introduced in the setup (much as in your illustration).

The B2 (or B3) can do a much better job of it all:
- It can act as a local DNS coordinated with it's DHCP server, so you can look up hosts by name on the local network, or forward other lookups to your ISP (or google, or whatever you choose)
- It can be configured so certain devices always get the same IP address based on the MAC address
- It can be configured so devices that does not identify themselves with a proper hostname (like some phones) will get one assigned
- It can even take care of some weird old machines like my Solaris/SPARC machine that requires the DHCP to give it it's hostname
- It can do pretty much anything you want: VPN tunnels, reverse ssh connections automatically kept open, etc.

My setup at work serves 5-6 people via cable and WiFi. I have no bridge interface installed (no need).
If you are interested in this alternative (basically ditching all functionality except the internet connection in your cable modem), let me know and I can send you all the details.

Cheers,

Cheeseboy

Gordon
Posts: 1390
Joined: 10 Aug 2011, 03:18

Re: Bridge WAN and LAN interfaces on B3

Post by Gordon » 20 Oct 2013, 08:29

Did you remember to change the firewall to accept all traffic from br0 ?

makai
Posts: 2
Joined: 19 Oct 2013, 03:22

Re: Bridge WAN and LAN interfaces on B3

Post by makai » 27 Oct 2013, 06:14

I found out that the issue was caused by the firewall.

After enabling administration through the admin interface and completely disabling the firewall, everything started to work fine.

guyran
Posts: 8
Joined: 18 Nov 2011, 09:52

Re: Bridge WAN and LAN interfaces on B3 - SOLVED

Post by guyran » 10 Aug 2014, 13:43

Hi Makai & Cheeseboy,

Your posts are over a year old but I was wondering how you managed to get your internal LAN set up using a cable modem as the DHCP. According to the Excito doc on the B3 if you choose to use it as router for an internal LAN it automatically starts a DHCP server using 192.168.10.1 as its own address which supposes that anything connecting from the LAN has to use something in the range 192.168.10.xyz. My cable modem has to use DHCP from my IP to connect to the WAN and then uses 192.168.0.xyz internally.
My problem is that the wifi connection from the modem is more & more irregular and as I have a B3 with wifi capability I thought I might use it instead. It may be that my building has more & more users of the 100Mb/sec capability of the cable provider and I suspect that the interference from other routers is causing my disconnection problem or it could be just a ropey modem.
As I am not a network whizz, I am a bit concerned that reconfiguring my B3 might cut off my SSH connection that I would need to reset it if anything goes wrong. If I leave the DHCP server as it is on the cable modem it gives a fixed 192.168.0.182 address to my B3 which I use only as a server at the moment. So if I use the admin interface to change the profile of B3 to a router/firewall/server I suppose that any computer I plug into the LAN side will find its address through the B3's DHCP server and likewise activating the wifi will give addresses in the same range.
Does this mean that my /etc/hosts file will have to be changed on my laptop that I use to connect to my B3 as it points to the original 192.168.0.182? I imagine that it will be doing NAT from my router's LAN to the LAN behind the B3 in the 192.168.10.xyz range.
Should I also deactivate the wifi service of my cable modem to prevent inerference with the B3's WLAN?
Sorry if these questions seem a bit self-evident to someone more knowledgeable than I am in these matters, but I don't want to have to reinstall my B3 to get it working again should anything go wrong. I've just done a complete backup in case ;)

cheers,
guyran
Registered Linux User #546337 @ linuxcounter.net

Cheeseboy
Posts: 789
Joined: 08 Apr 2007, 12:16

Re: Bridge WAN and LAN interfaces on B3 - SOLVED

Post by Cheeseboy » 11 Aug 2014, 03:44

Hi guyran,

I recently found myself in a similar situation with my second B3. This one was behind a modem/router/wifi-thingy as well (although 4G/LTE rather than ADSL).

I found the easiest way was to completely all built-in functionality of the modem/router and let the B3 take care of everything.
This was a few months ago, so steps might not be in order (and I made mistakes and had to restart), but the general idea;

1. Set up the B3 as a router/server/firewall
2. In the WAN settings of the B3, give it a static IP address, in the same range as the ADSL modem (192.168.0.2 or something).
2.1. Gateway, point it to the ADSL modem (192.168.0.1)
2.2. Default DNS, point it to the B3 itself (192.168.0.2)
3. In the ADSL modem, turn of DNS forwarding, DHCP, WiFi, Firewall, but enable all traffic to be forwarded without interference to B3 (192.168.0.2)
4. In the B3 network settings, under LAN, make sure that you enable DNS and DHCP service
5. Configure the B3 firewall

If all is set up correctly, you should need no customized hosts file on the clients. The B3 will bridge between it's own Ethernet and WiFi LAN.
All clients (ethernet and WiFi) will have 192.168.10.x addresses.

Please be aware that it is easy to make mistakes. You said you have backed up your B3 settings, but have you tested to restore them?
Can you restore them if you are unable to reach B3 through the web interface? Can you restore the ADSL modem?

Ideally:
- Make a clonezilla backup of /dev/sda1 on your b3 (I know, it requires pulling the disk out of the B3)
- At least make sure that you have a B3 reinstall/rescue stick prepared (and tested).
- That you have a spare unit you can use as DHCP server for B3 in rescue mode (some old router or such)
- That you can configure one of your computers to have a static IP address - the same that the B3 would have (192.168.0.2 in the example above) - so you can use it to connect to the ADSL router and reconfigure it if something goes wrong, rather than having to do a factory reset.

In short - be careful!
(And please do not hold me responsible if anything goes wrong :-))

Best regards,

/Cheeseboy

Gordon
Posts: 1390
Joined: 10 Aug 2011, 03:18

Re: Bridge WAN and LAN interfaces on B3 - SOLVED

Post by Gordon » 11 Aug 2014, 04:17

You can simply cascade the two.

Use the cable modem to connect to the internet and connect the B3 WAN interface to the LAN side of your modem. Depending on your needs you may have to reconfigure the modem for the changed hardware address of the B3, which will be 1 less then the current configured hardware address. As stated, the server-router profile will set up a DHCP server with a default network of 192.168.10.0 which is not the same as the one used by your cable modem and thus enables routing. The B3 will also act as a DNS server, so you can simply delete the entry that you have for the B3 in your laptops /etc/hosts.

NAT
There are two types of NAT: Source NAT (SNAT) which is often called masquerading and Destination NAT (DNAT). Whenever you request a page on the internet, Source NAT in the B3 will rewrite the callers address, e.g. your laptops IP address, with the B3 WAN address prior to forwarding the request. Your cable modem will do the same, thus allowing the web server on the other end to return the page to your public IP address, i.e. the WAN address on your cable modem. Both the cable modem and the B3 will then replace the destination field in the received packet(s) so they can be forwarded to the original caller (you). This last bit is Destination NAT, which in this case is set up dynamically as part of the masquerading scheme. You can however configure fixed rules to allow some services on internal machines to be exposed to the internet. e.g. you could configure the modem to forward all packets for port 443 (https) to the B3 WAN address. From the internet it will then seem like the modem is serving the B3 admin pages.

Wifi
In theory there are 13 channels you can use for Wifi, but local legislation can restrict this to the first 11 channels and in fact the hostapd service on your B3 will not allow you to use the top 2 channels to make sure you will not unintentionally break the law. These channels are 5Mhz apart, but they are 22Mhz wide. So yes there may be interference to some degree when multiple access points are within each others reach or when you are in the middle. Note in this case that technically it's not interference if you are all using the same channel, but it will be like sitting in a room with everybody talking through one other and it will be hard to make something out unless at some point only one person is speaking. From below image you can find that your best channel options are 1, 6 and 11. However if your neighbour is using channel 2 you would probably want to use channel 7.

Image

Post Reply