Home / server / Questions / 666310
Accepted
Mike
Asked: 2015-02-10 14:39:52 +0800 CST

Enabling bridged connections with a single network card with multiple IP addresses

  • 772

I have a server with one network card in it (eth1). My server is assigned 5 public IP addresses and it is currently configured like this (/etc/network/interfaces):

# The primary network interface
allow-hotplug eth1
iface eth1 inet static
    address xxx.yyy.zzz.130
    netmask 255.255.255.248
    network xxx.yyy.zzz.128
    broadcast xxx.yyy.zzz.135
    gateway xxx.yyy.zzz.129

iface eth1:0 inet static
    address xxx.yyy.zzz.131
    netmask 255.255.255.248

iface eth1:1 inet static
    address xxx.yyy.zzz.132
    netmask 255.255.255.248

iface eth1:2 inet static
    address xxx.yyy.zzz.133
    netmask 255.255.255.248

iface eth1:3 inet static
    address xxx.yyy.zzz.134
    netmask 255.255.255.248

This is working perfectly, however I wanted to add a KVM virtual machine with a bridged connection with the public IP xxx.yyy.zzz.131.

If I do this:

auto br0
iface br0 inet static
  bridge-ports eth1
  bridge_stp off
  bridge_fd 0
  bridge_maxwait 0
  address xxx.yyy.zzz.131
  netmask 255.255.255.248

Then only xxx.yyy.zzz.131 is accessible. None of the other IPs are.

If I change it to bridge-ports eth1:0 I get the error:

SIOCSIFFLAGS: Cannot assign requested address
RTNETLINK answers: File exists
Failed to bring up br0.

If I comment out the other sections about eth1:0, in addition to the above error, I also get Ignoring unknown interface eth1:0=eth10. at the beginning.

How do I add a bridged device if I only have one NIC and multiple IPs?

linux

3 Answers

  1. Best Answer

    You should only have the IP address for the host on the host bridge. The IP addresses for the guests should be assigned only in the guests.

    • 1

  2. You can use several ways to use a public ip inside a VM.

    First way is that, what you've chosen. In this case you create a bridge interface with eth1 as bridge port.

    Your interfaces file should be look something like.

    iface br0 inet static
    bridge-ports eth1
    bridge_stp off
    bridge_fd 0
    bridge_maxwait 0
    address xxx.yyy.zzz.130
    netmask 255.255.255.248
    gateway xxx.yyy.zzz.129

iface br0:1 inet static
    address xxx.yyy.zzz.132
    netmask 255.255.255.248

iface br0:2 inet static
    address xxx.yyy.zzz.133
    netmask 255.255.255.248

iface br0:3 inet static
    address xxx.yyy.zzz.134
    netmask 255.255.255.248

    Notice, the xxx.yyy.zzz.131 isn't assigned on the host. Also the broadcast and network options are useless, so I've omitted them.

    After this you can use the public ip inside VM without any additional tricks, because the VM will be connected as bridge port.

    Other way is use the proxy-arp feature. For this you don't need change the interfaces file. You just assign the public ip inside VM (as primary or secondary), on the host add a route to this public ip, and enable the proxy-arp function on the eth1 interface. Notice, this public ip shouldn't be assigned on the host itself, only inside a VM. Also, don't forget make these changes permanent (you can use the post-up options in the interfaces file).

    ip route add <public-ip> dev <virt-bridge-iface>
sysctl -w net.ipv4.conf.eth1.proxy_arp=1
    • 1

  3. It is not possible to create a bridged network for one IP address. It needs to be done to the entire network interface or not at all. If you only have one NIC, your only option is to assign all IP addresses on the host machine and then use a firewall (e.g. iptables) to do NAT to the guest OS.

    This article has a script that will do it for you automatically when the guest OSes start/stop.

    • -1