Re: [coLinux-users] Problem with windows service and ndis-bridge

[Henry N. <hen...@ar...>]

  Am 05.08.2010 23:01, schrieb Lars Grundei:
> Hi Henry,
>
> ok now I am a bit confused.

I'm too. - From your bridging the bridge ;-)


> The colinux wiki (http://colinux.wikia.com/wiki/Network) tells me:
>
> "The NDIS driver is new in coLinux 0.7.4. It makes use of the NDIS programming API built into windows. It works in practice exactly like the WinPcap driver, just without third party network drivers. It follows the same syntax in the configuration file as the winpcap driver, just use ndis-bridge instead of pcap-bridge"
>
> And
>
> "The name and mac fields are optional. If you don't specify the name parameter coLinux will use the first TAP device it finds. If you don't specify the MAC address in mac, a random one will be generated (in the range 00:FF:xx:xx:xx:xx)."
>
> The 1st comment can be found in section NDIS (this was new to me). The 2nd comment can be found in section TAP, Installation (this is an old part of the wiki, I remember that from my first colinux contact, wich has been a couple of years ago).
>
> Two NICs are required to create a windows bridge, in my case it seems to be quite logical to use the eth0 and tap0 for this. According to my understanding this means, that you need specify the TAP device if you want to access colinux from the network.
>
> Could you clarify this?

"Windows Bridge" and coLinux "ndis-bridge" are different types of 
networking. Of curse, they works similar.

Some peoples use a "Windows Bridge" between WLAN card and Loopback 
adapter to break out the problem of multiple MAC address on the wireless 
channel.

If you use "ndis-bridge" then it is working like a bridge between your 
real Ethernet card and the adapter on Linux side (eth2 in your case). 
You will add a second MAC on the same adapter and Linux than can send 
and receive packets over this. So, ndis-bridge give one adapter a second 
MAC adresses and a second IP-adresses (on the Linux side). The MAC and 
IP address are *added* to the normal work of Windows network stuff. In 
summary have two MACs and two IP adresses. But, every side (Windows and 
Linux) has only one MAC and one IP address.

Compared with the "Windows Bridge": This will bind two adapters and adds 
an 3rd MAC for the bridge self. The original ipaddress of the both 
adapers are hidden (or removed), and the bridge self becomes a new IP 
address.

TAP-Win32 is a separate network between Linux (guest) and Windows 
(Host). This network is normal not accessable from outside of your Windows.

Now, if you have created a "Windows Bridge" between TAP-Win32 and your 
Ethernet card, than you have mixed the two networks to a big one. If you 
use ndis-bridge on this "Windows Bridge", then you will add the 4th MAC 
to this construct. And I don't understand why you don't use the real 
Ethernet adapter directly?  Maybe it can work. Afraid not efficiently. 
And last you will not use the other end of TAP driver, so the Link is 
permanently down for TAP-Win32. I don't understand why you bridged the TAP?

You have (as I assume):
Windows LAN (MAC1) + Windows TAP-Win32 (MAC2) ==> Windows-Bridge (MAC3)
Windows-Bridge (MAC3) ==> ndis-bridge ==> Linux eth2 (MAC4)

Why not?
Windows LAN ==> ndis-bridge ==> Linux eth2
Windows TAP-Win32 ==> tuntap ==> Linux eth1

Over the ndis-bridge you would have all the traffic between your Linux 
and the world outside of your Windows.
This type of config you can also better configure for firewalls (inside 
Linux and/or Windows), and they are less of network driver layers. 
Windows Bridge is slower as ndis-bridge.

With the additional TAP to eth1, all the traffic between Linux (guest) 
and Windows (host) you have a separate network with separate ip area (!) 
and will never seen on the local network.

Now, if you use ndis-bridge you not need the TAP. You can also access 
your Linux from Windows and via versa over the ndis-bridge. Of curse the 
performance is not the best, because using more hardware stacks, and all 
the traffic from Linux to Windows would also seen on all the other 
networking devices in your local network.

===
The additional options now.

For TAP-Win32 the "name" is optional. If you have only one TAP driver 
installed, then coLinux will find it. The TAP-Win32 driver has a 
specific ID, that coLinux knows and will locate for.

ndis-bridge can use *all* adapters (inclusively TAP and loopback), and 
we need to know what interface is your connection to the world.
If you have only ndis-bridge (no TAP-Win32), then it is really optional.
If you have TAP-Win32 and ndis-bridge configured, then the ndis-bridge 
will some times wrong catch the TAP as your favorite network interface. 
It is rarely and depend on your CPU speed and number of cores. Single 
CPU cores often works slowly, so the TAP will be "link up" many seconds 
after the ndis-bridge has scanned all adapters, and all works perfect. 
On faster CPU and dual cores, the TAP-Win32 can be up before the 
ndis-bridge scans the network. In this case the name should written in 
config.

The default sort order of network adapters is sorted by install date, 
and the last installed adapter is placed on top of the list. So you 
would have typically TAP-Win32, WLAN, on board Ethernet card, Loopback 
adapter.

In my case, I have sorted my network adapters (some there in the menu 
"extras" in network overview) to let find coLinux my TAP all times as 
last adapter, after cable LAN and after WLAN (because WLAN dows not work 
with ndis-bridge).

-- 
Henry N.