3

Is it possible to bridge aliased interfaces? And use their standard "parent" interfaces independently with full functionality?

Here's the scenario: I have a Linux based firewall and router with two interfaces (eth0, eth1). I would like to bridge for IPv4 traffic and route for IPv6 traffic using just these interfaces.

Would it be possible to setup eth0 and eth1 for IPv6 routing and forwarding, while at the same time bridging eth0:1 and eth1:1 as a "passthrough" IPv4 bridge (all of the IPv4 routing is done on other side of this machine) so I can setup packet filtering rules both on the bridge and on the standard eth0, and eth1 interfaces?

2 Answers2

2

Aliases are deprecated and basically meaningless. They exist solely to support adding multiple ip addresses to a single interface with the also long deprecated ifconfig command. They're not real interfaces. You can add multiple ip addresses to a single interface with the 'ip addr' command.

Using ifconfig is really a bad idea since it basically uses obsolete kernel interfaces that need to outright lie for some slightly more complex setups. This is unavoidable due to there simply not being a way to provide a correct answer within their limited flexibility.

This also means that bridging aliases is meaningless. Aliases don't really exist, they're just some (obsolete) syntactic fluff over the underlying interface (to trick ifconfig), so can't be meaningfully bridged (though the underlying interfaces can be).

That said, see https://unix.stackexchange.com/questions/432967/how-can-i-bridge-ipv4-but-route-ipv6-at-the-same-time

MaZe
  • 131
  • 2
2

Bridging is a layer-2 thing. Aliasses on interfaces are for assigning multiple IP addresses: that is layer-3...

What you want is a brouter. See http://ebtables.sourceforge.net/examples/basic.html#ex_brouter

Sander Steffann
  • 7,712
  • 19
  • 29
  • Sooo... is there support for both bridging and using aliases on the same two interfaces? –  Oct 22 '11 at 21:40
  • It can be complex to configure, but: yes. Never built this myself though. I like clean layer-2 and layer-3 separation. That makes everything much easier to maintain and troubleshoot. – Sander Steffann Oct 28 '11 at 14:16
  • If you configured two different machines to do the IPv4 bridging and the IPv6 routing, it should mostly trivial to do. The host doing IPv6 routing needs to do nothing fancy at all, just plain IPv6 routing. The machine with bridiging need some brctl commands and some ebtales rules. The important part on that machine is to not pass any IPv6 traffic, so ebtales rules must drop all packets with ethertype 0x86dd. In order for IPv4 to work 0x0800 and 0x806 must be allowed through. All other ethertypes you can pass or drop as you see fit. – kasperd May 07 '14 at 21:16