Difference between revisions of "Bridges"

From securityrouter.org, an OpenBSD-based firewall
Jump to: navigation, search
(Example)
 
(33 intermediate revisions by the same user not shown)
Line 1: Line 1:
A bridge works like a transparent switch/hub between two or more interfaces and clients on either side of the bridge can communicate with each other exactly as if they are part of the same network.
+
== Introduction ==
  
Below is a complete example in [[Configuration_file|plain-text]] for bridging two local interfaces with each other and clients on either side of the bridge sharing the same [[DHCP#Server|DHCP Server]] and [[Firewalling|firewall rules]]. Pay particular attention to the fact that the vr2 interface does not have any [[Addressing|IP address]] assigned to it. For bridging two networks in separate locations over a tunnel see the article for [[EtherIP]].
+
A bridge works like a transparent switch/hub between two or more interfaces and computers behind any of the bridged interfaces can communicate with each other exactly as if they were part of the same network. The bridge will learn which computers are behind what interface based on their MAC address and will only forward traffic to the necessary interface(s) which reduces traffic load in the network.
 +
 
 +
For bridging two interfaces in two geographically separate locations over a tunnel see the article on [[EtherIP]].
 +
 
 +
== Example ==
 +
 
 +
Below is a complete example in [[Configuration_file|plain-text]] for bridging two local (LAN) interfaces with each other and computers behind both interfaces sharing the same [[DHCP#Server|DHCP server]], default gateway and [[Firewalling|firewall rules]]. This can of course be configured using the graphical web administration, as well. Pay particular attention to the fact that the vr2 interface does not have any [[Addressing|IP address]] assigned to it and that the computers will instead use the IP assigned to vr1 as their default gateway.
  
 
  firewall {
 
  firewall {
Line 26: Line 32:
 
  group "mgmt"
 
  group "mgmt"
 
  address 192.168.1.1/24
 
  address 192.168.1.1/24
  dhcp-server {
+
  dhcp-server
}
 
 
  }
 
  }
 
  interface vr2 {
 
  interface vr2 {
 +
description "LAN"
 
  group "lan"
 
  group "lan"
 
  group "mgmt"
 
  group "mgmt"

Latest revision as of 09:00, 28 March 2014

Introduction

A bridge works like a transparent switch/hub between two or more interfaces and computers behind any of the bridged interfaces can communicate with each other exactly as if they were part of the same network. The bridge will learn which computers are behind what interface based on their MAC address and will only forward traffic to the necessary interface(s) which reduces traffic load in the network.

For bridging two interfaces in two geographically separate locations over a tunnel see the article on EtherIP.

Example

Below is a complete example in plain-text for bridging two local (LAN) interfaces with each other and computers behind both interfaces sharing the same DHCP server, default gateway and firewall rules. This can of course be configured using the graphical web administration, as well. Pay particular attention to the fact that the vr2 interface does not have any IP address assigned to it and that the computers will instead use the IP assigned to vr1 as their default gateway.

firewall {
	pass quick on lan label LAN
	pass in log quick on mgmt proto tcp to (mgmt) port {$mgmt_ports} label management
	match out on wan inet nat-to (wan:0) label NAT
	pass out quick on wan label outbound
}
interface bridge0 {
	firewall {
		skip
	}
	member vr1
	member vr2
}
interface vr0 {
	description "Internet"
	group "wan"
	dhcp-client
}
interface vr1 {
	description "LAN"
	group "lan"
	group "mgmt"
	address 192.168.1.1/24
	dhcp-server
}
interface vr2 {
	description "LAN"
	group "lan"
	group "mgmt"
}
system {
	authentication {
		user "admin" {
			password "admin"
		}
	}
	dns {
		name-server 8.8.8.8
	}
	http-server
	ssh-server
}