0

I have a RaspberryPi along with a USB to Ethernet adapter (eth1).

I want to bridge eth0 and eth1 and create a br0 interface.

I want to devices connected to eth1 receive their DNS (dnsmasq) settings from Raspberry Pi either with or without DHCP.

How do I go about setting up /etc/network/interfaces and dnsmasq.conf so that dnsmasq is running on the bridge ?

EDIT:

I am trying to limit to dnsmasq to only eth1 , I thought bridge was the best way , is there a better way ?

My setup : ISP -> Router ( DHCP Turned Off ) -> Raspberry Pi -> Devices

My ISP does not have a modem and is direct ethernet connection in my house.

When I connect devices to eth1 on Raspberry Pi, before dnsmasq can answer, the ISP is handing out a DHCP lease bypassing dnsmasq.

My goal: I want the Raspberry Pi in my setup to provide DNS Settings automatically to all devices connected to my network, without manual configuration. I actually don't care if Raspberry Pi provides DHCP, I turned DHCP off on the Router since I came to the conclusion you need to provide DHCP to automatically traverse DNS settings, please let me know if I am wrong.

John
  • 1
  • 1
  • 1
  • 2
  • I have no idea about the bridging. Have you looked at dnsmasq.conf? It seems well commented and should be fairly straightforward to configure. – joan Sep 02 '15 at 07:55
  • Why do you want the RPi to act as a bridge? If you're hoping to isolate the devices connected to one interface, there may be better approaches to use. You certainly don't need a bridge if you just want the RPi to serve DNS and DHCP. That said, you can certainly do so (see answer below). – bobstro Sep 02 '15 at 13:18
  • @Huygens I edited the question with more detail, please let me know if that helps. – John Sep 02 '15 at 16:08
  • 1
    A layer 2 bridge simply passes traffic through the 2 interfaces. Traffic on either bridged interface is usually in the same subnet. You want a layer 3 router setup with separate IP subnets on either interface. You will route between interfaces, and use iptables to create NAT (network address translation) rules between your (private) internal IP subnet and your ISP's network. You do show your Router (DHCP Turned Off) in place, so this might already be in place. You need to provide more detail. What are the details on that router? Simply putting the RPi on your internal network may work. – bobstro Sep 02 '15 at 16:18
  • John, what is your ISP and country? The default setup for your internet connection seems lacking a router. I do have also a bridge because my internet connection is through cable TV, but I can only obtain 1 IP address so I have a router just behind: internet<->DOCSYS bridge<->route Running<->home devices. – Huygens Sep 02 '15 at 17:06
  • @bobstro right! Bridge is layer 2 indeed! Sorry for the added confusion. – Huygens Sep 02 '15 at 17:08

2 Answers2

4

There are 3 steps necessary to accomplish what you're describing:

  1. Create the bridge device.
  2. Assign an IP address to the bridge device.
  3. Configure dnsmasq to listen on the bridge interface IP address.

Creating the bridge device is simple:

sudo apt-get install bridge-utils
sudo brctl addbr br0
sudo brctl addif br0 eth0 eth1

If you want it created automatically, modify /etc/network/interfaces:

iface eth0 inet manual
iface eth1 inet manual

# Bridge setup
iface br0 inet static
    bridge_ports eth0 eth1
    address 192.168.0.2
    netmask 255.255.255.0
    gateway 192.168.0.1

For all intents and purposes, the newly-created bridge interface (br0) is just another interface. In this example, the RPi will be assigned 192.168.0.2 and use 192.168.0.1 as its default gateway.

Configuring dnsmasq is done just as with any other interface. dnsmasq supports a lot of options, but one setting is essential: Define a dhcp range:

dhcp-range=192.168.0.128,192.168.0.191,72h

Once you have dnsmasq configured, it will hand out dhcp leases to devices connected to either interface in the bridge pair. dhcp requests received on either eth0 or eth1 will be assigned addresses by dnsmasq. Be sure this is what you want! If you want to limit dnsmasq to only eth1, you'll need to do some additional work, and bridging may not be the best answer.

For devices not using dhcp, simply point them to your RPi's IP address (192.168.0.2 in this example) for their DNS server.

The Debian wiki has an excellent summary on bridging. As Joan notes, the /etc/dnsmasq.conf file has a wealth of documentation on configuring it for dns and dhcp options.

EDIT: In hindsight, the question appears to be simply about configuring dnsmasq on an internal network, and not about routing or bridging. I'll leave this response here in case somebody really is after a bridged solution.

bobstro
  • 3,998
  • 14
  • 27
  • thanks for the answer. I am trying to limit to dnsmasq to only eth1 , I thought bridge was the best way , is there a better way ?

    My setup : ISP -> Router ( DHCP Turned Off ) -> Raspberry Pi -> Devices

    My ISP does not have a modem and is direct ethernet connection in my house. When I connect devices to eth1 on Raspberry Pi, before dnsmasq can answer, the ISP is handing out a DHCP lease bypassing dnsmasq.

     – John Sep 02 '15 at 16:03
  • @bostro I edited the question with more detail – John Sep 02 '15 at 16:08
  • 1
    You probably want to set up your RPi as a firewall -- a Layer 3 router using NAT and iptables rather than a Layer 2 bridge -- to create a setup that will do 2 things: 1. It will protect your internal network from traffic coming in from your ISP connection, 2. It will allow you to segment the network so that your internal network is a separate IP subnet which you can provide separate DNS, DHCP and other services without your ISP interfering. Instead of creating the br0 bridge interface, manage eth0 and eth1 as separate IP networks and NAT your traffic. – bobstro Sep 02 '15 at 16:15
  • Got it. Do you a similar setup/code like you mentioned in the previous answer ? It would really help. Also was I correct in assuming to automatically traverse DNS settings you have to also provide DHCP ? – John Sep 02 '15 at 16:18
  • Clarify what the existing router is doing. You describe your ISP simply handing off Ethernet, but you show it connected to a router in your diagram. I think you just need the RPi running dnsmasq on your internal network based on the diagram. No RPi routing OR bridging required for that. – bobstro Sep 02 '15 at 16:22
  • You are correct, I just dnsmasq on the internal network, I don't want RPi to do routing. I just assumed bridging is the best way to automatically traverse DNS settings. Please let me know the alternate, correct way. – John Sep 02 '15 at 16:24
  • All you need to do in that case is get your RPi running on your internal network along with all your other devices and configure dnsmasq as a dhcp server for your internal network. I think you have more of a dnsmasq question than RPi or network routing or bridging at this point. Keep it simple! One interface is all you need. I have the same setup on my home network. – bobstro Sep 02 '15 at 16:26
  • great can you tell me how to setup dnsmasq to achieve that ? Where to place the RPi in my setup ? How to have dnsmasq offer a dhcp lease and not have my ISP do it ? – John Sep 02 '15 at 16:28
  • If that router in your diagram truly has dhcp disabled, you should not be getting ip addresses via dhcp from your ISP. Please provide more details on IP addresses and configurations. The dnsmasq config file has most of the information you need, but you'll have to google some details. – bobstro Sep 02 '15 at 16:30
  • It does have DHCP disabled. As soon as a device is plugged into the ISP provided ethernet, it gets dhcp. Since the Router is just passing all packets on, the RPi is getting DHCP as soon as I plug it in to the Router. I have the setup here : https://gist.github.com/anonymous/e1fcf22dc9020d36c259 please let me know if I should provide more info – John Sep 02 '15 at 16:36
  • 1
    A somewhat unusual setup. Many ISPs only provide a single IP address per customer. Based on your description, it sounds like your router is configured as a bridge since it's passing on the dhcp traffic to your ISP from your internal network. In that case, I would recommend configuring the RPi as a Layer 3 router with separate inside and outside interfaces and subnets, then configuring it as a firewall. – bobstro Sep 02 '15 at 16:42
  • If you have a tutorial or steps on how to do that, I'd really appreciate it. – John Sep 02 '15 at 16:51
  • Probably best to ask another question at this point. I'll leave my answer about bridging as-is. – bobstro Sep 02 '15 at 16:52
  • @bobstro you're correct. It seems that John needs a router and not another bridge. Though as you said it is rather uncommon setup. – Huygens Sep 02 '15 at 17:01
  • @John there is already an answered question how to setup a RPi as a router: http://raspberrypi.stackexchange.com/questions/7223/using-the-raspberry-pi-as-a-router. John, is the answer satisfying? Would it help you achieve what you want? – Huygens Sep 02 '15 at 17:13
-4

follow the bridge steps but only add eth1 then do a ip route add default gw. no iptables should be required for either. translation is usually only required for wifi. libvirt does that and can do that without iptables. set ips are very specific. learn to describe, and search for what you want before you ask. sound like your missing a few things that only you should know anyway

moofer
  • 1