10

I am trying to set up a Linux bridge with 2 ethernet interfaces and cannot get it to work correctly. I am using Gentoo Linux and thought it would be quite easy but I end up having trouble getting packets go through the bridge. All of that is virtualized under Hyper-V is that matters for anything (but I doubt it).

Here goes my configuration.

 ------              ------------------           --------         -----------
| NUX3 |------------|eth1  BRIDGE  eth0|---------| ROUTER |-------/ INTERNET /
 ------              ------------------           --------        -----------
192.168.1.195/24    192.168.1.197/24 (br0)     192.168.1.101/24
00:15:5d:00:01:12   00:15:5d:00:01:08 (eth0)   00:15:5d:00:01:03
                    00:15:5d:00:01:13 (eth1)       

# cat /etc/conf.d/net

bridge_br0=( "eth0 eth1" )
config_eth0=( "null" )
config_eth1=( "null" )
config_br0=( "192.168.1.197 netmask 255.255.255.0 brd 192.168.1.255" )
routes_br0=( "default via 192.168.1.101" )

# brctl show

bridge name      bridge id              STP enabled      interfaces
br0              8000.00155d000108      no               eth0
                                                         eth1

# brctl showstp br0

<...>
eth0 (1)               state               forwarding
eth1 (2)               state               forwarding
<...>

# cat /etc/sysctl.conf

net.ipv4.ip_forward = 1
net.bridge.bridge-nf-call-arptables = 0
net.bridge.bridge-nf-call-iptables = 0

# ifconfig

<...>
br0    UP BROADCAST RUNNING MULTICAST
       inet addr:192.168.1.197  Bcast:192.168.1.255  Mask:255.255.255.0
<...>
eth0    UP BROADCAST RUNNING PROMISC MULTICAST
<...>
eth1    UP BROADCAST RUNNING PROMISC MULTICAST
<...>

# brctl showmacs br0

port no mac addr                    is local?        ageing timer
  1     00:15:5d:00:01:03           no                   1.51
  1     00:15:5d:00:01:08           yes                  0.00
  2     00:15:5d:00:01:12           no                  36.22
  2     00:15:5d:00:01:13           yes                  0.00

BRIDGE can ping the ROUTER but not NUX3, NUX3 cannot ping neither BRIDGE nor ROUTER. All seems good to me but I am obviously missing something. I'd be really glad if someone can point me to it!

Thanks.

Alexandre Nizoux
  • 498
  • 1
  • 4
  • 15
  • I can also do it all manually but situation is exactly the same. No problem to bring the bridge up but nothing seems to go through... – Alexandre Nizoux Mar 01 '10 at 14:24

3 Answers3

9

It's possible that the underlying network devices on the host do not have promiscuous mode enabled. In VMWare, for example, if the underlying virtual network adapter isn't +promisc then the guest bridge will fail miserably -- even though it thinks its able to enter promiscuous mode, it can't.

I've never used HyperV, but the logic should be the same, if the host doesn't allow the guest to enter promiscuous mode, the bridge can't pass packets back and forth because the network card will only handle frames that are addressed specifically to it.

If you disable the bridge, you're able to ping NUX3 and the router, correct?

John Ewart
  • 281
  • 1
  • 3
  • Absolutely, I can ping both. Whoa, that would seem like a reasonable explanation of both a correct setup and a miserable failure to bridge while being absolutely logic :D I'll go find out right now and will keep you posted. Thanks John. – Alexandre Nizoux Mar 02 '10 at 08:28
  • I'll go ahead and rate this as the answer, since I can feel you are absolutely right. Trouble is that Hyper-V does not, as of today, support promisc mode for the virtual interfaces... DUH! Wish I knew that before :) Thanks again Jonh, you spared me some serious wasted time. – Alexandre Nizoux Mar 02 '10 at 09:27
  • Spot on, works like a charm with same VM under ESXi ;) – Alexandre Nizoux Mar 03 '10 at 18:24
  • Glad to know this worked for you... Can't say I'm too surprised by another half-baked Microsoft product, even free software works better than that ;) – John Ewart Mar 04 '10 at 03:45
  • @JohnEwart Promisc mode is "reject" by default in ESXi 5.1, this also saved me, thanks! – Tim Feb 08 '13 at 02:12
  • 1
    Clint's answer below fixed this for me! – Jim Hunziker Feb 18 '15 at 21:36
7

in the hyper-v manager, go to the settings for the vm you want to use a bridge on, and under every network interface that you want to use as part of the bridge enable the "allow mac address spoofing" checkbox. I'm using Windows Server 2008r2 SP1. That's what I did to get it to work. I'm also using Ubuntu 12.04 which has all the Hyper-V drivers preinstalled, but I don't think that matters.

Clint
  • 71
  • 1
  • 1
6

Bridging works fine.

  1. As saying before need to enable MAC address spoofing
  2. In latest kernels iptables rules actuals for bridge too. So it must configured or disabled. For disable iptables rules for bridges execute: sysctl net.bridge.bridge-nf-call-iptables=0
Scott Pack
  • 14,717
  • 10
  • 51
  • 83
Roman Ivanov
  • 61
  • 1
  • 1
  • 1
    OMG have issue in setting up EVE NG nested virtualization under KVM and not able to ping my gateway through bridge network... but using this command in eve i am able to ping a gateway.. vert very thanks for the posting sysctl net.bridge.bridge-nf-call-iptables=0 – Ghulam Mujtaba Sep 17 '20 at 21:21