<HTML ><HEAD ><TITLE >Building bridges, and pseudo-bridges with Proxy ARP</TITLE ><META NAME="GENERATOR" CONTENT="Modular DocBook HTML Stylesheet Version 1.7"><LINK REL="HOME" TITLE="Linux Advanced Routing & Traffic Control HOWTO" HREF="index.html"><LINK REL="PREVIOUS" TITLE="Rate limiting a single host or netmask" HREF="lartc.ratelimit.single.html"><LINK REL="NEXT" TITLE="State of bridging and iptables" HREF="lartc.bridging.iptables.html"></HEAD ><BODY CLASS="CHAPTER" BGCOLOR="#FFFFFF" TEXT="#000000" LINK="#0000FF" VLINK="#840084" ALINK="#0000FF" ><DIV CLASS="NAVHEADER" ><TABLE SUMMARY="Header navigation table" WIDTH="100%" BORDER="0" CELLPADDING="0" CELLSPACING="0" ><TR ><TH COLSPAN="3" ALIGN="center" >Linux Advanced Routing & Traffic Control HOWTO</TH ></TR ><TR ><TD WIDTH="10%" ALIGN="left" VALIGN="bottom" ><A HREF="lartc.ratelimit.single.html" ACCESSKEY="P" >Prev</A ></TD ><TD WIDTH="80%" ALIGN="center" VALIGN="bottom" ></TD ><TD WIDTH="10%" ALIGN="right" VALIGN="bottom" ><A HREF="lartc.bridging.iptables.html" ACCESSKEY="N" >Next</A ></TD ></TR ></TABLE ><HR ALIGN="LEFT" WIDTH="100%"></DIV ><DIV CLASS="CHAPTER" ><H1 ><A NAME="LARTC.BRIDGING" ></A >Chapter 16. Building bridges, and pseudo-bridges with Proxy ARP</H1 ><DIV CLASS="TOC" ><DL ><DT ><B >Table of Contents</B ></DT ><DT >16.1. <A HREF="lartc.bridging.iptables.html" >State of bridging and iptables</A ></DT ><DT >16.2. <A HREF="lartc.bridging.shaping.html" >Bridging and shaping</A ></DT ><DT >16.3. <A HREF="lartc.bridging.proxy-arp.html" >Pseudo-bridges with Proxy-ARP</A ></DT ><DD ><DL ><DT >16.3.1. <A HREF="lartc.bridging.proxy-arp.html#AEN2041" >ARP & Proxy-ARP</A ></DT ><DT >16.3.2. <A HREF="lartc.bridging.proxy-arp.html#AEN2048" >Implementing it</A ></DT ></DL ></DD ></DL ></DIV ><P >Bridges are devices which can be installed in a network without any reconfiguration. A network switch is basically a many-port bridge. A bridge is often a 2-port switch. Linux does however support multiple interfaces in a bridge, making it a true switch.</P ><P >Bridges are often deployed when confronted with a broken network that needs to be fixed without any alterations. Because the bridge is a layer-2 device, one layer below IP, routers and servers are not aware of its existence. This means that you can transparently block or modify certain packets, or do shaping.</P ><P >Another good thing is that a bridge can often be replaced by a cross cable or a hub, should it break down.</P ><P >The bad news is that a bridge can cause great confusion unless it is very well documented. It does not appear in traceroutes, but somehow packets disappear or get changed from point A to point B ('this network is HAUNTED!'). You should also wonder if an organization that 'does not want to change anything' is doing the right thing.</P ><P >The Linux 2.4/2.5 bridge is documented on <A HREF=" http://bridge.sourceforge.net/" TARGET="_top" >this page</A >.</P ></DIV ><DIV CLASS="NAVFOOTER" ><HR ALIGN="LEFT" WIDTH="100%"><TABLE SUMMARY="Footer navigation table" WIDTH="100%" BORDER="0" CELLPADDING="0" CELLSPACING="0" ><TR ><TD WIDTH="33%" ALIGN="left" VALIGN="top" ><A HREF="lartc.ratelimit.single.html" ACCESSKEY="P" >Prev</A ></TD ><TD WIDTH="34%" ALIGN="center" VALIGN="top" ><A HREF="index.html" ACCESSKEY="H" >Home</A ></TD ><TD WIDTH="33%" ALIGN="right" VALIGN="top" ><A HREF="lartc.bridging.iptables.html" ACCESSKEY="N" >Next</A ></TD ></TR ><TR ><TD WIDTH="33%" ALIGN="left" VALIGN="top" >Rate limiting a single host or netmask</TD ><TD WIDTH="34%" ALIGN="center" VALIGN="top" > </TD ><TD WIDTH="33%" ALIGN="right" VALIGN="top" >State of bridging and iptables</TD ></TR ></TABLE ></DIV ></BODY ></HTML >