See all Debian/Ubuntu Linux related FAQ
My server has five Ethernet ports and one ADSL port. How do I setup IPv4 software bridge using Debian Linux operating systems so that the rest of five ports act as a network switch?

Tutorial details
Difficulty level Intermediate
Root privileges Yes
Requirements Debian Linux
Est. reading time 5 minutes
You need to use brctl command to bridge network connections under Debian Linux. This is useful for:

  1. Sharing your internet connections between multiple devices.
  2. Increase your ethernet jacks capacity without purchasing a dedicated network switch.
  3. Setup Debian as an access point and much more.

Install bridge-utils package

You need to install a package called bridge-utils for configuring the Linux Ethernet bridge.
# apt-get install bridge-utils
Sample outputs:

Reading package lists... Done
Building dependency tree       
Reading state information... Done
The following NEW packages will be installed:
0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
Need to get 35.5 kB of archives.
After this operation, 145 kB of additional disk space will be used.
Get:1 wheezy/main bridge-utils i386 1.5-6 [35.5 kB]
Fetched 35.5 kB in 1s (21.9 kB/s)       
Selecting previously unselected package bridge-utils.
(Reading database ... 23737 files and directories currently installed.)
Unpacking bridge-utils (from .../bridge-utils_1.5-6_i386.deb) ...
Processing triggers for man-db ...
Setting up bridge-utils (1.5-6) ...


In this example below, eth0 to eth4 are acting as a switch. Edit the file /etc/network/interfaces, enter:
# cp -v /etc/network/{interfaces,interfaces.bak}
# vi /etc/network/interfaces

To make your bridge configuration permanent edit this file. Append/modify as follows:

# The loopback network interface
auto lo 
iface lo inet loopback
# Eth0 to Eth5 network switch
allow-hotplug eth0
iface eth0 inet manual
   pre-up   ifconfig $IFACE up
   pre-down ifconfig $IFACE down
allow-hotplug eth1
iface eth1 inet manual
   pre-up   ifconfig $IFACE up
   pre-down ifconfig $IFACE down
allow-hotplug eth2
iface eth2 inet manual
   pre-up   ifconfig $IFACE up 
   pre-down ifconfig $IFACE down
allow-hotplug eth3
iface eth3 inet manual
   pre-up   ifconfig $IFACE up
   pre-down ifconfig $IFACE down
allow-hotplug eth4
iface eth4 inet manual
   pre-up   ifconfig $IFACE up
   pre-down ifconfig $IFACE down
# Setup an IP address for our bridge 
auto br0
iface br0 inet static
  bridge_ports eth0 eth1 eth2 eth3 eth4

Save and close the file.

Restart the networking service

To stop current network configuration, enter:
# service networking stop
Sample outputs:

Deconfiguring network interfaces...done.

To activate br0 network interface, enter:
# service networking start
Sample outputs:

Configuring network interfaces...
Waiting for br0 to get ready (MAXWAIT is 32 seconds).

Verify br0 configuration

Type the following command:
# ip addr show
Sample outputs:

1: lo:  mtu 16436 qdisc noqueue state UNKNOWN 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet scope host lo
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0:  mtu 1500 qdisc pfifo_fast master br0 state UP qlen 1000
    link/ether 00:00:24:cf:69:68 brd ff:ff:ff:ff:ff:ff
3: eth1:  mtu 1500 qdisc pfifo_fast master br0 state UNKNOWN qlen 1000
    link/ether 00:05:b4:09:ee:9c brd ff:ff:ff:ff:ff:ff
4: eth2:  mtu 1500 qdisc pfifo_fast master br0 state DOWN qlen 1000
    link/ether 00:00:24:cf:69:69 brd ff:ff:ff:ff:ff:ff
5: eth3:  mtu 1500 qdisc pfifo_fast master br0 state DOWN qlen 1000
    link/ether 00:00:24:cf:69:6a brd ff:ff:ff:ff:ff:ff
6: eth4:  mtu 1500 qdisc pfifo_fast master br0 state DOWN qlen 1000
    link/ether 00:00:24:cf:69:6b brd ff:ff:ff:ff:ff:ff
7: wlan0:  mtu 1500 qdisc noop state DOWN qlen 1000
    link/ether 00:1d:73:bc:e4:6e brd ff:ff:ff:ff:ff:ff
8: br0:  mtu 1500 qdisc noqueue state UP 
    link/ether 00:00:24:cf:69:68 brd ff:ff:ff:ff:ff:ff
    inet brd scope global br0
    inet6 fe80::200:24ff:fecf:6968/64 scope link 
       valid_lft forever preferred_lft forever

You can use the following brctl command to see all current instances of the ethernet bridge:
# brctl show
Sample outputs:

bridge name	bridge id		STP enabled	interfaces
br0		8000.000024cf6968	no		eth0

How do I show a list of mac address?

# brctl showmacs br0

How can I see bridge stp information?

# brctl showstp br0

Other options

To see all other supported options type the following command
$ man brctl
$ brctl --help
Sample outputs:

Usage: brctl [commands]
	addbr     			add bridge
	delbr     			delete bridge
	addif     	 	add interface to bridge
	delif     	 	delete interface from bridge
	hairpin   	  {on|off}	turn hairpin on/off

A note about DHCPD server

You may want to setup DHCPD server to allow clients such as desktop, laptop, and mobile devices to request and obtain an IP address and many other parameters from a server / switch itself. See how to setup an ISC DHCP Server for your network for more information.

A note about Iptables

The data flows through all interfaces, so you only need to filter on one interface. Turn on packet forwarding using Linux kernel and iptables (NAT). Assuming that eth6 or ppp0 is the connection to the Internet. First, turn on IP forwarding in the kernel:
# sysctl -w net.ipv4.ip_forward=1
Next, use the following command:
/sbin/iptables -t nat -A POSTROUTING -o eth6 -j MASQUERADE
### ppp0 ###
/sbin/iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE

OR setup an IP forwarding and masquerading (NAT):
/sbin/iptables --table nat --append POSTROUTING --out-interface eth6 -j MASQUERADE
/sbin/iptables --append FORWARD --in-interface br0 -j ACCEPT

Feel free to modify rules as per your setup. See iptables man page or the following tutorials for more information:

  1. Debian / Ubuntu Linux: Install and Configure Shoreline Firewall (Shorewall)
  2. Linux: 20 Iptables Examples For New SysAdmins
See also

🥺 Was this helpful? Please add a comment to show your appreciation or feedback.

nixCrat Tux Pixel Penguin
Hi! 🤠
I'm Vivek Gite, and I write about Linux, macOS, Unix, IT, programming, infosec, and open source. Subscribe to my RSS feed or email newsletter for updates.

10 comments… add one
  • Vitalie Jan 2, 2013 @ 14:21

    we could write shorter this line:

    # cp -v /etc/network/{interfaces,interfaces.bak}

    # cp -v /etc/network/interfaces{,.bak}

  • Jalal Hajigholamali Jan 5, 2013 @ 6:06


    Thanks too much

  • echo083 Jan 7, 2013 @ 23:08

    nice :)

  • Andre May 14, 2013 @ 17:30

    Thank you! Helps a lot!

  • 3thicalH4CK3R Aug 31, 2013 @ 7:39

    Using Backtrack 5R3 which is ubuntu based, can i bridge wlan0 and eth0? I want to be able to run a router connected to eth0 that shares the internet connect that is connected to wlan0. Will this method work in this case?? If not do you know how?

  • Andreas Feb 11, 2014 @ 14:47

    Hi I am trying to bridge eth1 with an openVPN tap0. The client behind eth1 gets the IP from the openVPN server, but I cannot ping anything in the subnet.
    Router 1:
    openVPN Server
    – eth0
    – openVPN tab0 Server
    – bridge eth0 with tap0
    openVPN Client (behind router 2
    – eth0
    – openVPN tap0 Client (can ping all subnets and get servers ip in browser whatismyip)
    – bridge tab0 and eth1 (br0
    Client Behind eth1
    – gets DHCP from (router 1)
    – cannot ping router 1 but can ping (br0
    – arp – a shows mac of router 1
    – No intenet traffic at all

    does anybody have an suggesstion on this?

    Thank you,

    • heavy t May 27, 2015 @ 19:12

      Hey Andreas, old thread but if anyone else is looking, in openvpn in the server config.
      add dns server and dns

  • Jack Dec 22, 2016 @ 7:55

    It doesn’t work for me when I start networking.service //
    Networking.service could not be found
    Please help!!

  • Ingo Feb 27, 2017 @ 15:27


    ist this not more like an HUB, not really an switch ?

  • Larry Laffer May 16, 2021 @ 18:49

    Surely you meant “broadcast” and not “broadcast”.

Leave a Reply

Your email address will not be published. Required fields are marked *

Use HTML <pre>...</pre> for code samples. Your comment will appear only after approval by the site admin.