How to make routing between bridges in linux?

Question

i want to create bridge for my virtual machine. And i want to have access in internet from my virtual bridge. What i did:

DEVICE=br1
TYPE=Bridge
ONBOOT=yes
BOOTPROTO=static
IPADDR=192.168.1.1
NETMASK=255.255.255.0

I have bridge in my network (by dhcp), that linked with eth0:

br0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.110.14  netmask 255.255.255.0  broadcast 192.168.110.255

br0:

DEVICE=br0
TYPE=Bridge
ONBOOT=yes
BOOTPROTO=dhcp

eth0:

TYPE=Ethernet
BOOTPROTO=dhcp
DEFROUTE=yes
PEERDNS=yes
PEERROUTES=yes
NAME=eth0
DEVICE=eth0
ONBOOT=yes
BRIDGE=br0

iptables command:

iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -j SNAT --to-source 192.168.110.14

but it doesn't working.

ping -I br1 8.8.8.8
PING 8.8.8.8 (8.8.8.8) from 192.168.1.1 br1: 56(84) bytes of data.
^C
--- 8.8.8.8 ping statistics ---
61 packets transmitted, 0 received, 100% packet loss, time 59999ms

What i did wrong ? Please help.

Answer 1

Bridging is at layer-2, and routing is at layer-3, and iptables operates at layer-3, not layer-2. There is no concept of routing at layer-2, where bridges operate. Bridges use layer-2, e.g. MAC, addresses, and frames are delivered directly to the destination layer-2 address. Bridging happens on a single LAN. Routing happens between LANs, and it uses layer-3, e.g. IP, addresses to send packets from on LAN to another LAN. On the LANs, frames encapsulate the packets and are used to send the frames directly from one host to another host.

A host on a LAN will mask the layer-3 address of the destination to see if the destination is on its LAN. If it is, it will create a frame for the destination host. If not, it will create a frame for its configured gateway (router). At layer-2, a gateway is just another host on the LAN. It is the gateway that would perform routing, not the bridge. Whether or not the frames are delivered to the destination host or the gateway is up to the source host, not the bridge.