I'm trying to build a silent bridge for monitoring purpose. My computer is running linux 2.6, brctl 1.4 and has 3 NIC:
eth0, with an assigned IP, used for SSH maintenance
eth1, and eth2 , the 2 ports of the bridge br0
all is set in etc/network/interfaces :
auto lo
iface lo inet loopback
auto eth0
iface eth0 inet static
address 192.168.1.120
netmask 255.255.255.0
network 192.168.1.0
broadcast 192.168.1.255
gateway 192.168.1.254
auto br0
iface br0 inet manual
bridge_ports eth1 eth2
bridge_maxwait 0
bridge_stp off
This way, both eth0 and eth1 are connected to my local network.(eth2 being connected to my gateway) But only eth0 has an IP addr.
The bridge is working just fine, and I can monitor traffic using tcpdump -i br0, or other tools.
Since the bridge has no ip address, it should not emit any traffic. However, it sometimes answers to arp request, instead of eth0.
assuming eth0 has 00:01:02:ab:00:00 and eth1 has 00:01:02:ab:00:01 for mac address: this is what I get on my local station running wireshark :
packet no time source dest protocol info
4303 1063.539943 00:01:02:ab:00:01 Giga-Byt_46:d9:fe ARP 192.168.1.120 is at 00:01:02:ab:00:01
4305 1063.539958 00:01:02:ab:00:00 Giga-Byt_46:d9:fe ARP 192.168.1.120 is at 00:01:02:ab:00:00
Since my 'real' IP interface respond miliseconds later, but it could not be the case…
How can I fix this problem ?
Best Answer
http://kb.linuxvirtualserver.org/wiki/Using_arp_announce/arp_ignore_to_disable_ARP should help you, if you ask the bridge to not answer to arp requests.