> [[!meta title="simple-bridging-with-dhcp-server-side"]] > > # Company: PowerCraft Technology > # Author: Copyright Jelle de Jong > # Note: Please send me an email if you enhanced the document > # Date: 2010-05-24 / 2010-07-04 > # License: CC-BY-SA > > # This document is free documentation; you can redistribute it and/or > # modify it under the terms of the Creative Commons Attribution Share > # Alike as published by the Creative Commons Foundation; either version > # 3.0 of the License, or (at your option) any later version. > # > # This document is distributed in the hope that it will be useful, > # but WITHOUT ANY WARRANTY; without even the implied warranty of > # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the > # Creative Commons BY-SA License for more details. > # > # http://creativecommons.org/licenses/by-sa/ > > #----------------------------------------------------------------------- > > # for commercial support contact me, part of the revenue go back to tinc > > #----------------------------------------------------------------------- > > # http://www.tinc-vpn.org/ > # http://www.tinc-vpn.org/examples/bridging > # http://www.tinc-vpn.org/documentation/tinc_toc > > #----------------------------------------------------------------------- > > # <@guus> Well all the tinc daemons together act like a single switcch > # <@guus> And each node in the VPN is connected to a port of that switch > # <@guus> And if you bridge the VPN interface with eth0, then it's like you plug a cable in a port of your eth0 LAN and the other end of that cable into the tinc switch > > #----------------------------------------------------------------------- > > unset LANG LANGUAGE LC_ALL > apt-get update; apt-get dist-upgrade > > apt-cache show tinc > apt-get install tinc > apt-get install bridge-utils > > #----------------------------------------------------------------------- > > /etc/init.d/tinc stop > > #----------------------------------------------------------------------- > > # ls -hal /dev/net/tun > crw-rw-rw- 1 root root 10, 200 May 20 20:07 /dev/net/tun > > # grep tinc /etc/services > tinc 655/tcp # tinc control port > tinc 655/udp > > cat /usr/share/doc/tinc/README.Debian > zcat /usr/share/doc/tinc/README.gz | less > zcat /usr/share/doc/tinc/NEWS.gz | less > cat /usr/share/doc/tinc/examples/tinc-up > w3m /usr/share/doc/tinc/tinc_0.html > > cat /etc/default/tinc > less /etc/init.d/tinc > > #----------------------------------------------------------------------- > > vim /etc/default/tinc > EXTRA="-d" > cat /etc/default/tinc > > #----------------------------------------------------------------------- > > cat /etc/tinc/nets.boot > echo 'powercraft01' | tee --append /etc/tinc/nets.boot > cat /etc/tinc/nets.boot > > #----------------------------------------------------------------------- > > ls -hal /etc/tinc/scallab01/ > mkdir --verbose /etc/tinc/powercraft01/ > mkdir --verbose /etc/tinc/powercraft01/hosts/ > touch /etc/tinc/powercraft01/tinc.conf > > #----------------------------------------------------------------------- > > vim /etc/network/interfaces > > # tinc-vpn: dhcp bridge > auto br0 > iface br0 inet static > address 192.168.3.1 > netmask 255.255.255.0 > # pre-up /sbin/ifconfig eth2 hw ether 00:1b:21:61:af:d7 > # pre-up /sbin/ifconfig eth2 0.0.0.0 > # bridge_ports eth2 > bridge_ports tun1 > bridge_maxwait 1 > bridge_fd 2.5 > post-up /bin/echo 1 > /proc/sys/net/ipv4/conf/br0/proxy_arp # optional > > cat /etc/network/interfaces > > #----------------------------------------------------------------------- > > echo 'interface "br0" { > request subnet-mask, broadcast-address, time-offset, > host-name, netbios-scope, interface-mtu, ntp-servers; > }' | tee --append /etc/dhcp3/dhclient.conf > > cat /etc/dhcp3/dhclient.conf > > #----------------------------------------------------------------------- > > vim /etc/dhcp3/dhcpd.conf > > subnet 192.168.3.0 netmask 255.255.255.0 { > range 192.168.3.200 192.168.3.240; > option routers 192.168.3.1; > option domain-name-servers 192.168.3.1; > } > > #----------------------------------------------------------------------- > > ifdown br0 > ifup br0 > > #----------------------------------------------------------------------- > > vim /etc/default/dhcp3-server > INTERFACES="vlan2 eth0 br0" # add the br0 to the correct location > > /etc/init.d/dhcp3-server restart > ps aux | grep dhcp > tail -n 400 -f /var/log/syslog > > #----------------------------------------------------------------------- > > ifconfig br0 > route -n > brctl show > > #----------------------------------------------------------------------- > > # ifconfig br0 > br0 Link encap:Ethernet HWaddr 00:00:00:00:00:00 > inet addr:192.168.3.1 Bcast:192.168.3.255 Mask:255.255.255.0 > inet6 addr: fe80::dc56:d3ff:fe1a:31df/64 Scope:Link > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > RX packets:12 errors:0 dropped:0 overruns:0 frame:0 > TX packets:14 errors:0 dropped:0 overruns:0 carrier:0 > collisions:0 txqueuelen:0 > RX bytes:2568 (2.5 KB) TX bytes:1536 (1.5 KB) > > # route -n > Kernel IP routing table > Destination Gateway Genmask Flags Metric Ref Use Iface > 192.168.3.0 0.0.0.0 255.255.255.0 U 0 0 0 br0 > 192.168.2.0 0.0.0.0 255.255.255.0 U 0 0 0 vlan2 > 192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 > 84.245.3.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1 > 0.0.0.0 84.245.3.1 0.0.0.0 UG 100 0 0 eth1 > > # brctl show > bridge name bridge id STP enabled interfaces > br0 8000.000000000000 no > > #----------------------------------------------------------------------- > > echo 'AddressFamily = ipv4 > Device = /dev/net/tun > Interface = tun1 > Mode = switch > Name = server01' | tee /etc/tinc/powercraft01/tinc.conf > > cat /etc/tinc/powercraft01/tinc.conf > chmod 640 /etc/tinc/powercraft01/tinc.conf > ls -hal /etc/tinc/powercraft01/tinc.conf > > echo '#!/bin/sh > ifconfig $INTERFACE 0.0.0.0 > route add -net 192.168.30.0 netmask 255.255.255.0 br0 # optional subnet > brctl addif br0 $INTERFACE' | tee /etc/tinc/powercraft01/tinc-up > > cat /etc/tinc/powercraft01/tinc-up > chmod 750 /etc/tinc/powercraft01/tinc-up > ls -hal /etc/tinc/powercraft01/tinc-up > > echo '#!/bin/sh > brctl delif br0 $INTERFACE > route del -net 192.168.30.0 netmask 255.255.255.0 br0 # optional subnet > ifconfig $INTERFACE down' | tee /etc/tinc/powercraft01/tinc-down > > cat /etc/tinc/powercraft01/tinc-down > chmod 750 /etc/tinc/powercraft01/tinc-down > ls -hal /etc/tinc/powercraft01/tinc-down > > #----------------------------------------------------------------------- > > rm /etc/tinc/powercraft01/rsa_key.priv > rm /etc/tinc/powercraft01/hosts/server01 > tincd -n powercraft01 -K > > #----------------------------------------------------------------------- > > getent services | grep 656 > > #----------------------------------------------------------------------- > > vim /etc/tinc/powercraft01/hosts/server01 > > # add on head of file > Compression = 9 > PMTU = 1492 > PMTUDiscovery = yes > Port = 656 > > cat /etc/tinc/powercraft01/hosts/server01 > > #----------------------------------------------------------------------- > > /etc/init.d/tinc stop > fg > /usr/sbin/tincd --net powercraft01 --no-detach --debug=5 > > #----------------------------------------------------------------------- > > /etc/init.d/tinc restart > tail --line=500 --follow /var/log/syslog > > #----------------------------------------------------------------------- > > ifconfig br0 > ifconfig tun1 > route -n > brctl show br0 > brctl showmacs br0 > > #----------------------------------------------------------------------- > > # ifconfig br0 > br0 Link encap:Ethernet HWaddr 1e:eb:95:c3:04:d8 > inet addr:192.168.3.1 Bcast:192.168.3.255 Mask:255.255.255.0 > inet6 addr: fe80::dc56:d3ff:fe1a:31df/64 Scope:Link > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > RX packets:17 errors:0 dropped:0 overruns:0 frame:0 > TX packets:20 errors:0 dropped:0 overruns:0 carrier:0 > collisions:0 txqueuelen:0 > RX bytes:3328 (3.3 KB) TX bytes:2408 (2.4 KB) > > # ifconfig tun1 > tun1 Link encap:Ethernet HWaddr 1e:eb:95:c3:04:d8 > inet6 addr: fe80::1ceb:95ff:fec3:4d8/64 Scope:Link > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > RX packets:8 errors:0 dropped:0 overruns:0 frame:0 > TX packets:12 errors:0 dropped:0 overruns:0 carrier:0 > collisions:0 txqueuelen:500 > RX bytes:2627 (2.6 KB) TX bytes:1340 (1.3 KB) > > # route -n > Kernel IP routing table > Destination Gateway Genmask Flags Metric Ref Use Iface > 192.168.3.0 0.0.0.0 255.255.255.0 U 0 0 0 br0 > 192.168.2.0 0.0.0.0 255.255.255.0 U 0 0 0 vlan2 > 192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 > 84.245.3.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1 > 0.0.0.0 84.245.3.1 0.0.0.0 UG 100 0 0 eth1 > > # brctl show br0 > bridge name bridge id STP enabled interfaces > br0 8000.1eeb95c304d8 no tun1 > > # brctl showmacs br0 > port no mac addr is local? ageing timer > 1 1e:eb:95:c3:04:d8 yes 0.00 > 1 86:03:27:21:2e:60 no 44.19 > > #----------------------------------------------------------------------- > > ps aux | grep tincd > tincd -n powercraft01 -kUSR2 > tail -n 100 /var/log/syslog > > #----------------------------------------------------------------------- > > May 24 17:29:31 ashley tinc.powercraft01[11557]: Statistics for Linux tun/tap device (tap mode) /dev/net/tun: > May 24 17:29:31 ashley tinc.powercraft01[11557]: total bytes in: 468 > May 24 17:29:31 ashley tinc.powercraft01[11557]: total bytes out: 0 > May 24 17:29:31 ashley tinc.powercraft01[11557]: Nodes: > May 24 17:29:31 ashley tinc.powercraft01[11557]: server01 at MYSELF cipher 0 digest 0 maclength 0 compression 0 options 4 status 0018 nexthop server01 via server01 pmtu 1518 (min 0 max 1518) > May 24 17:29:31 ashley tinc.powercraft01[11557]: End of nodes. > May 24 17:29:31 ashley tinc.powercraft01[11557]: Edges: > May 24 17:29:31 ashley tinc.powercraft01[11557]: End of edges. > May 24 17:29:31 ashley tinc.powercraft01[11557]: Subnet list: > May 24 17:29:31 ashley tinc.powercraft01[11557]: a2:63:0:96:a:c8#10 owner server01 > May 24 17:29:31 ashley tinc.powercraft01[11557]: End of subnet list. > > #----------------------------------------------------------------------- > > tcpdump -n -i br0 broadcast > tcpdump -n -i tun0 broadcast > > #----------------------------------------------------------------------- > > tcpdump -n -e -i br0 icmp > tcpdump -A -p -n -i br0 port 80 > tcpdump -A -p -n -i br0 > > tcpdump -i br0 host 84.245.3.195 -l > > #----------------------------------------------------------------------- > > cat /var/lib/dhcp3/dhcpd.leases > > #----------------------------------------------------------------------- > > # optional > export LAN01=vlan2 > export VPN02=br0 > # /sbin/iptables --append FORWARD --in-interface br0 --out-interface vlan2 --jump ACCEPT > /sbin/iptables --append FORWARD --in-interface ${VPN02} --source 192.168.3.150 --destination 192.168.2.206 --out-interface ${LAN01} --jump ACCEPT > > #-----------------------------------------------------------------------