Tcpdump cannot capture host traffic on bridge

alfa · December 29, 2022, 9:02am

Hi,
My device is Mikrotik rb750gr3
I created a bridge with the following configurations:

wan connected to ISP Router
ISP Router IP 192.168.70.1/24
wan and lan5 bridged together and bridge IP is 70.2

host pc IP on lan5 : 70.3

host: ping 8.8.8.8
        64 bytes from 8.8.8.8: icmp_seq=2690 ttl=117 time=30.1 ms
        64 bytes from 8.8.8.8: icmp_seq=2691 ttl=117 time=30.2 ms
        64 bytes from 8.8.8.8: icmp_seq=2692 ttl=117 time=30.2 ms

with this configuration when i listen br-lan interface like shown below:

tcpdump -i br-lan host 192.168.70.3
> there is no traffic
tcpdump -i lan5 host 192.168.70.3
> there is no traffic

Why my host's traffic not enters br-lan and lan5 interfaces?
Are there any body to explain this stuation?
Thanks for help..

lleachii · December 29, 2022, 12:07pm

/etc/config/network

please

Do you happen to have Hardware Offloading enabled?
Did you setup a VLAN on the bridge too?

alfa · December 29, 2022, 1:23pm

Hi,
there is no vlan on br-test bridge

~# cat /etc/config/network 

config interface 'loopback'
	option device 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config interface 'wan'
	option proto 'dhcp'
	option macaddr '00:ab:ad:xx:xx:xx'
	option device 'br-test'

config device
	option name 'br-lan'
	option type 'bridge'
	option bridge_empty '1'
	option mtu '1500'
	list ports 'lan2'
	list ports 'lan3'

config interface 'LAN'
	option device 'br-lan'
	option proto 'static'
	option ipaddr '192.168.1.1'
	option netmask '255.255.255.0'

config interface 'wg0'
	option proto 'wireguard'
	option private_key 'yyyyyy'
	list addresses '192.168.168.2/30'

config wireguard_wg0
	option description 'center'
	option route_allowed_ips '1'
	option endpoint_host 'zzzzzz'
	option persistent_keepalive '25'
	option public_key 'xxxxxx'
	option endpoint_port '59001'
	list allowed_ips '192.168.168.1/30'
	list allowed_ips '192.168.20.0/24'
	list allowed_ips '192.168.11.0/24'

config device
	option type '8021q'
	option ifname 'br-lan'
	option vid '10'
	option name 'br-lan.10'

config device
	option type '8021q'
	option ifname 'br-lan'
	option vid '20'
	option name 'br-lan.20'

config device
	option type '8021q'
	option ifname 'br-lan'
	option vid '30'
	option name 'br-lan.30'

config device
	option type 'bridge'
	option name 'br-test'
	list ports 'lan4'
	list ports 'lan5'
	list ports 'wan'

config globals 'globals'
	option packet_steering '1'

lleachii · December 29, 2022, 1:28pm

Why is this here?

alfa · December 29, 2022, 2:26pm

actually i don't now.
i removed that option and tested again
problem still exists

alfa · December 29, 2022, 2:31pm

I downloaded 100MB test file but byte counters didn't show this.

lan5      Link encap:Ethernet  HWaddr 9A:12:5A:A4:AE:D4  
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:28650 errors:0 dropped:0 overruns:0 frame:0
          TX packets:54091 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:1628199 (1.5 MiB)  TX bytes:19265582 (18.3 MiB)

wan       Link encap:Ethernet  HWaddr 9A:12:5A:A4:AE:D4  
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:2754 errors:0 dropped:25 overruns:0 frame:0
          TX packets:476 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:324012 (316.4 KiB)  TX bytes:61808 (60.3 KiB)

br-test   Link encap:Ethernet  HWaddr 9A:12:5A:A4:AE:D4  
          inet addr:192.168.80.3  Bcast:192.168.80.255  Mask:255.255.255.0
          inet6 addr: fe80::9812:5aff:fea4:aed4/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:28665 errors:0 dropped:0 overruns:0 frame:0
          TX packets:54176 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:1629702 (1.5 MiB)  TX bytes:19279676 (18.3 MiB)

root@OpenWrt:~# brctl show br-test
bridge name	bridge id		STP enabled	interfaces
br-test		7fff.9a125aa4aed4	no		lan4
							wan
							lan5

lleachii · December 29, 2022, 2:58pm

Apologies, I didn't see this...

Did you make WAN a LAN port?

alfa · December 29, 2022, 3:08pm

I plugged ISP router's cable to WAN port
i am trying to make transparent bridge
so when i bridge wan and lan5 port together
and set up wireguard, I want ISP router to act as a default router for my lan hosts
but redirect only specific routes to wireguard for example 192.168.100.0/24 is on wireguard

When my lan hosts attempt to reach 100.0/24 transparent bridge must forward this to wireguard.
But i don't know how to do this.

lleachii · December 29, 2022, 3:15pm

So your ISP has issued you multiple IP addresses and permits such a config?

You need a router, but you made a transparent bridge.

alfa · January 30, 2023, 4:31pm

Problem caused by switch offloading
Here is the solution:

system · February 9, 2023, 4:32pm

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.