Debian Linux: Configure Network Interfaces As A Bridge / Network Switch

My server has five Ethernet ports and one ADSL port. How do I setup IPv4 software bridge using Debian Linux operating systems so that the rest of five ports act as a network switch?

You need to use brctl command to bridge network connections under Debian Linux. This is useful for:

  1. Sharing your internet connections between multiple devices.
  2. Increase your ethernet jacks capacity without purchasing a dedicated network switch.
  3. Setup Debian as an access point and much more.

Install bridge-utils package

You need to install a package called bridge-utils for configuring the Linux Ethernet bridge.
# apt-get install bridge-utils
Sample outputs:

Reading package lists... Done
Building dependency tree       
Reading state information... Done
The following NEW packages will be installed:
0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
Need to get 35.5 kB of archives.
After this operation, 145 kB of additional disk space will be used.
Get:1 wheezy/main bridge-utils i386 1.5-6 [35.5 kB]
Fetched 35.5 kB in 1s (21.9 kB/s)       
Selecting previously unselected package bridge-utils.
(Reading database ... 23737 files and directories currently installed.)
Unpacking bridge-utils (from .../bridge-utils_1.5-6_i386.deb) ...
Processing triggers for man-db ...
Setting up bridge-utils (1.5-6) ...


In this example below, eth0 to eth4 are acting as a switch. Edit the file /etc/network/interfaces, enter:
# cp -v /etc/network/{interfaces,interfaces.bak}
# vi /etc/network/interfaces

To make your bridge configuration permanent edit this file. Append/modify as follows:

# The loopback network interface
auto lo 
iface lo inet loopback
# Eth0 to Eth5 network switch
allow-hotplug eth0
iface eth0 inet manual
   pre-up   ifconfig $IFACE up
   pre-down ifconfig $IFACE down
allow-hotplug eth1
iface eth1 inet manual
   pre-up   ifconfig $IFACE up
   pre-down ifconfig $IFACE down
allow-hotplug eth2
iface eth2 inet manual
   pre-up   ifconfig $IFACE up 
   pre-down ifconfig $IFACE down
allow-hotplug eth3
iface eth3 inet manual
   pre-up   ifconfig $IFACE up
   pre-down ifconfig $IFACE down
allow-hotplug eth4
iface eth4 inet manual
   pre-up   ifconfig $IFACE up
   pre-down ifconfig $IFACE down
# Setup an IP address for our bridge 
auto br0
iface br0 inet static
  bridge_ports eth0 eth1 eth2 eth3 eth4

Save and close the file.

Restart the networking service

To stop current network configuration, enter:
# service networking stop
Sample outputs:

Deconfiguring network interfaces...done.

To activate br0 network interface, enter:
# service networking start
Sample outputs:

Configuring network interfaces...
Waiting for br0 to get ready (MAXWAIT is 32 seconds).

Verify br0 configuration

Type the following command:
# ip addr show
Sample outputs:

1: lo:  mtu 16436 qdisc noqueue state UNKNOWN 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet scope host lo
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0:  mtu 1500 qdisc pfifo_fast master br0 state UP qlen 1000
    link/ether 00:00:24:cf:69:68 brd ff:ff:ff:ff:ff:ff
3: eth1:  mtu 1500 qdisc pfifo_fast master br0 state UNKNOWN qlen 1000
    link/ether 00:05:b4:09:ee:9c brd ff:ff:ff:ff:ff:ff
4: eth2:  mtu 1500 qdisc pfifo_fast master br0 state DOWN qlen 1000
    link/ether 00:00:24:cf:69:69 brd ff:ff:ff:ff:ff:ff
5: eth3:  mtu 1500 qdisc pfifo_fast master br0 state DOWN qlen 1000
    link/ether 00:00:24:cf:69:6a brd ff:ff:ff:ff:ff:ff
6: eth4:  mtu 1500 qdisc pfifo_fast master br0 state DOWN qlen 1000
    link/ether 00:00:24:cf:69:6b brd ff:ff:ff:ff:ff:ff
7: wlan0:  mtu 1500 qdisc noop state DOWN qlen 1000
    link/ether 00:1d:73:bc:e4:6e brd ff:ff:ff:ff:ff:ff
8: br0:  mtu 1500 qdisc noqueue state UP 
    link/ether 00:00:24:cf:69:68 brd ff:ff:ff:ff:ff:ff
    inet brd scope global br0
    inet6 fe80::200:24ff:fecf:6968/64 scope link 
       valid_lft forever preferred_lft forever

You can use the following brctl command to see all current instances of the ethernet bridge:
# brctl show
Sample outputs:

bridge name	bridge id		STP enabled	interfaces
br0		8000.000024cf6968	no		eth0

How do I show a list of mac address?

# brctl showmacs br0

How can I see bridge stp information?

# brctl showstp br0

Other options

To see all other supported options type the following command
$ man brctl
$ brctl --help
Sample outputs:

Usage: brctl [commands]
	addbr     			add bridge
	delbr     			delete bridge
	addif     	 	add interface to bridge
	delif     	 	delete interface from bridge
	hairpin   	  {on|off}	turn hairpin on/off

A note about DHCPD server

You may want to setup DHCPD server to allow clients such as desktop, laptop, and mobile devices to request and obtain an IP address and many other parameters from a server / switch itself. See how to setup an ISC DHCP Server for your network for more information.

A note about Iptables

The data flows through all interfaces, so you only need to filter on one interface. Turn on packet forwarding using Linux kernel and iptables (NAT). Assuming that eth6 or ppp0 is the connection to the Internet. First, turn on IP forwarding in the kernel:
# sysctl -w net.ipv4.ip_forward=1
Next, use the following command:
/sbin/iptables -t nat -A POSTROUTING -o eth6 -j MASQUERADE
### ppp0 ###
/sbin/iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE

OR setup an IP forwarding and masquerading (NAT):
/sbin/iptables --table nat --append POSTROUTING --out-interface eth6 -j MASQUERADE
/sbin/iptables --append FORWARD --in-interface br0 -j ACCEPT

Feel free to modify rules as per your setup. See iptables man page or the following tutorials for more information:

  1. Debian / Ubuntu Linux: Install and Configure Shoreline Firewall (Shorewall)
  2. Linux: 20 Iptables Examples For New SysAdmins
See also

Posted by: SXI ADMIN

The author is the creator of SXI LLC and a seasoned sysadmin, DevOps engineer, and a trainer for the Linux operating system/Unix shell scripting. Get the latest tutorials on SysAdmin, Linux/Unix and open source topics via RSS/XML feed or weekly email newsletter.