| Anchor | ||||
|---|---|---|---|---|
|
...
CHARON Network Configuration Utility, STROMASYS (c) 2015 Version 1.4
==================================================================
|
| Div | ||
|---|---|---|
| ||
|
Enter "3" to create a bridge between the host physical network adapter and the Linux virtual network interfaces (TAP) and specify the physical network interface ("eth1" in our example) and the number of virtual network interfaces to be created (2 in our example):
...
- Login as "root" user.
Configure the physical network interface to run in promiscuous mode using the following command. This interface will be dedicated to the whole network bridge (created later).
# ifconfig eth<N> 0.0.0.0 promisc upPromiscuous mode allows the physical (or virtual) network interface to accept the entire volume of incoming packets. This mode is essential for consistency of the information transfer.
In case the firewall is enabled on the host system, the following command should be executed to allow the bridge to forward IP packets:
# /sbin/iptable -I FORWARD -m physdev --physdev-is-bridged -j ACCEPTThis command can also be performed from the bridge configuration script. It has to be executed each time the iptables service is (re)started.
It is also possible to make this setting system-wide. Either:
Issue the given command from the firewall control panel.
Add the following line to the end of the "/etc/sysconfig/iptables
"file:-I FORWARD -m physdev --physdev-is-bridged -j ACCEPT
...
|
| Div | ||
|---|---|---|
| ||
|
Example:
|
The proposed configuration assumes one and only one network bridge, so loops are not possible. It is required to turn off the spanning tree protocol with the following command:
|
Starting bridge
To start the created bridge “br0” use the following command:
|
Usage of the virtual interface in CHARON-AXP configuration
Once the “tap<N>” interfaces have been created, the load command maps those interfaces to CHARON-AXP:
|