Home / server / Questions / 117788
Accepted
Alexandre Nizoux
Asked: 2010-03-02 02:14:49 +0800 CST

Linux bridging not forwarding packets

  • 772

I am trying to set up a Linux bridge with 2 ethernet interfaces and cannot get it to work correctly. I am using Gentoo Linux and thought it would be quite easy but I end up having trouble getting packets go through the bridge. All of that is virtualized under Hyper-V is that matters for anything (but I doubt it).

Here goes my configuration.

 ------              ------------------           --------         -----------
| NUX3 |------------|eth1  BRIDGE  eth0|---------| ROUTER |-------/ INTERNET /
 ------              ------------------           --------        -----------
192.168.1.195/24    192.168.1.197/24 (br0)     192.168.1.101/24
00:15:5d:00:01:12   00:15:5d:00:01:08 (eth0)   00:15:5d:00:01:03
                    00:15:5d:00:01:13 (eth1)

# cat /etc/conf.d/net

bridge_br0=( "eth0 eth1" )
config_eth0=( "null" )
config_eth1=( "null" )
config_br0=( "192.168.1.197 netmask 255.255.255.0 brd 192.168.1.255" )
routes_br0=( "default via 192.168.1.101" )

# brctl show

bridge name      bridge id              STP enabled      interfaces
br0              8000.00155d000108      no               eth0
                                                         eth1

# brctl showstp br0

<...>
eth0 (1)               state               forwarding
eth1 (2)               state               forwarding
<...>

# cat /etc/sysctl.conf

net.ipv4.ip_forward = 1
net.bridge.bridge-nf-call-arptables = 0
net.bridge.bridge-nf-call-iptables = 0

# ifconfig

<...>
br0    UP BROADCAST RUNNING MULTICAST
       inet addr:192.168.1.197  Bcast:192.168.1.255  Mask:255.255.255.0
<...>
eth0    UP BROADCAST RUNNING PROMISC MULTICAST
<...>
eth1    UP BROADCAST RUNNING PROMISC MULTICAST
<...>

# brctl showmacs br0

port no mac addr                    is local?        ageing timer
  1     00:15:5d:00:01:03           no                   1.51
  1     00:15:5d:00:01:08           yes                  0.00
  2     00:15:5d:00:01:12           no                  36.22
  2     00:15:5d:00:01:13           yes                  0.00

BRIDGE can ping the ROUTER but not NUX3, NUX3 cannot ping neither BRIDGE nor ROUTER. All seems good to me but I am obviously missing something. I'd be really glad if someone can point me to it!

Thanks.

linux hyper-v bridge gentoo

3 Answers

  1. Best Answer

    It's possible that the underlying network devices on the host do not have promiscuous mode enabled. In VMWare, for example, if the underlying virtual network adapter isn't +promisc then the guest bridge will fail miserably -- even though it thinks its able to enter promiscuous mode, it can't.

    I've never used HyperV, but the logic should be the same, if the host doesn't allow the guest to enter promiscuous mode, the bridge can't pass packets back and forth because the network card will only handle frames that are addressed specifically to it.

    If you disable the bridge, you're able to ping NUX3 and the router, correct?

    • 9

  2. in the hyper-v manager, go to the settings for the vm you want to use a bridge on, and under every network interface that you want to use as part of the bridge enable the "allow mac address spoofing" checkbox. I'm using Windows Server 2008r2 SP1. That's what I did to get it to work. I'm also using Ubuntu 12.04 which has all the Hyper-V drivers preinstalled, but I don't think that matters.

    • 7

  3. Bridging works fine.

    1. As saying before need to enable MAC address spoofing
    2. In latest kernels iptables rules actuals for bridge too. So it must configured or disabled. For disable iptables rules for bridges execute: sysctl net.bridge.bridge-nf-call-iptables=0
    • 6