[gentoo-amd64] Networking bridging

[gentoo-amd64] Networking bridging

[Chris Brennan]

I am trying to set up a Bridge for Qemu to use. I followed the guide
at
http://gentoo-wiki.com/HOWTO:_Qemu#Using_TUN.2FTAP_interface_as_a_normal_user
but when ever the bridge starts, I loose connectivity outside of my
box :/ ... am I missing something ....


I've includes the output of my /etc/conf.d/net file ....


# This blank configuration will automatically use DHCP for any net.*
# scripts in /etc/init.d.  To create a more complete configuration,
# please review /etc/conf.d/net.example and save your configuration
# in /etc/conf.d/net (this file :]!).
dns_domain=( "unworldly.org" )
nis_domain=( "unworldly.org" )
dns_domain_eth0=( "unworldly.org" )
dns_search_eth0=( "unworldly.org xaerolimit.net" )
dns_servers_eth0=( "192.168.1.1 4.2.2.1 4.2.2.2" )

##
# LAN
##
config_eth0=( "192.168.1.2 netmask 255.255.255.0 brd 192.168.1.255" )
routes_eth0=( "default via 192.168.1.1" )

##
# Bridge
##
bridge_br0="eth0"
config_br0=( "192.168.1.20 netmask 255.255.255.0 brd 192.168.1.255" )
#dhcpcd_br0="-t 10"
RC_NEED_br0="net.eth0"
brctl_br0=( "setfd 0" "sethello 0" "stp off" )
config_tap0=( "10.0.2.1 netmask 255.255.255.0" )

-- 
#################################################################################
# NOTICE: The contents of this e-mail and any attachments to it may   
     #
# contain privileged and confidential information from XaeroLimit   
     #
# Industries or its affiliates. This information is only for the
viewing     #
# or use of the intended recipient. If you are not the intended
recipient,     #
# you are hereby notified that any disclosure, copying, distribution
or use     #
# of, or the taking of any action in reliance upon, the information   
     #
# contained in this e-mail, or any of the attachments to this e-mail,
        #
# is strictly prohibited. If you have received this e-mail in error,
        #
# please immediately notify the sender by replying to this message and
        #
# delete it from your system.                             #
#################################################################################

-- 
gentoo-amd64@lists.gentoo.org mailing list

[gentoo-amd64] Re: Networking bridging

[Duncan]

Chris Brennan <xaero@xaerolimit.net> posted
47BCE4AB.2000500@xaerolimit.net, excerpted below, on  Wed, 20 Feb 2008
21:40:43 -0500:

> I am trying to set up a Bridge for Qemu to use. I followed the guide at
> http://gentoo-wiki.com/
HOWTO:_Qemu#Using_TUN.2FTAP_interface_as_a_normal_user
> but when ever the bridge starts, I loose connectivity outside of my box
> :/ ... am I missing something ....

I've not done bridging or the like here so don't know the details, nor do 
I claim to be a routing expert, but in the hope this will at least get 
you pointed in the right direction...


That sounds like a routing issue.   When the bridge starts, it gets 
precedence routing and the regular eth0 interface drops back a notch.  To 
correct it you'd need to adjust your routing table, presumably by 
specifically setting the bridge interface routing to a lower precedence.  
(Beyond that, I don't know, as I've simply kept note of enough info about 
it to know where to start reading if I ever face routing issues or need 
to setup additional interfaces.  Hopefully, it's enough to start you in 
the right direction as well...)

Additionally, are you sure the bridge should be setup as eth0 when you 
already have an eth0?  As I said, I don't know a lot about it, but I'd 
have expected it to be, say, eth1, not eth0, unless you indeed /did/ want 
it to actually replace eth0 when it was enabled.

Hope it helps... and that someone who better knows the subject matter 
comes along with more help. =8^S

-- 
Duncan - List replies preferred.   No HTML msgs.
"Every nonfree program has a lord, a master --
and if you use the program, he is your master."  Richard Stallman

-- 
gentoo-amd64@lists.gentoo.org mailing list

Re: [gentoo-amd64] Re: Networking bridging

[Chris Brennan]

Duncan,
    a routing issue does help, gives me a new place to look.


As for the device name, technically these are the real devices as
follows ....

eth0 -> real ethernet device
br0 -> bridging device
tap0/tap1 TUN/TAP Devices

Duncan wrote:
> Chris Brennan <xaero@xaerolimit.net> posted
> 47BCE4AB.2000500@xaerolimit.net, excerpted below, on  Wed, 20 Feb 2008
> 21:40:43 -0500:
>
>   
>> I am trying to set up a Bridge for Qemu to use. I followed the guide at
>> http://gentoo-wiki.com/
>>     
> HOWTO:_Qemu#Using_TUN.2FTAP_interface_as_a_normal_user
>   
>> but when ever the bridge starts, I loose connectivity outside of my box
>> :/ ... am I missing something ....
>>     
>
> I've not done bridging or the like here so don't know the details, nor do 
> I claim to be a routing expert, but in the hope this will at least get 
> you pointed in the right direction...
>
>
> That sounds like a routing issue.   When the bridge starts, it gets 
> precedence routing and the regular eth0 interface drops back a notch.  To 
> correct it you'd need to adjust your routing table, presumably by 
> specifically setting the bridge interface routing to a lower precedence.  
> (Beyond that, I don't know, as I've simply kept note of enough info about 
> it to know where to start reading if I ever face routing issues or need 
> to setup additional interfaces.  Hopefully, it's enough to start you in 
> the right direction as well...)
>
> Additionally, are you sure the bridge should be setup as eth0 when you 
> already have an eth0?  As I said, I don't know a lot about it, but I'd 
> have expected it to be, say, eth1, not eth0, unless you indeed /did/ want 
> it to actually replace eth0 when it was enabled.
>
> Hope it helps... and that someone who better knows the subject matter 
> comes along with more help. =8^S
>
>   
-- 
gentoo-amd64@lists.gentoo.org mailing list

Re: [gentoo-amd64] Networking bridging

[Isaac Conway]

Chris Brennan wrote:
> I am trying to set up a Bridge for Qemu to use. I followed the guide
> at
> http://gentoo-wiki.com/HOWTO:_Qemu#Using_TUN.2FTAP_interface_as_a_normal_user
> but when ever the bridge starts, I loose connectivity outside of my
> box :/ ... am I missing something ....
>
>
> I've includes the output of my /etc/conf.d/net file ....
>
>
> # This blank configuration will automatically use DHCP for any net.*
> # scripts in /etc/init.d.  To create a more complete configuration,
> # please review /etc/conf.d/net.example and save your configuration
> # in /etc/conf.d/net (this file :]!).
> dns_domain=( "unworldly.org" )
> nis_domain=( "unworldly.org" )
> dns_domain_eth0=( "unworldly.org" )
> dns_search_eth0=( "unworldly.org xaerolimit.net" )
> dns_servers_eth0=( "192.168.1.1 4.2.2.1 4.2.2.2" )
>
> ##
> # LAN
> ##
> config_eth0=( "192.168.1.2 netmask 255.255.255.0 brd 192.168.1.255" )
> routes_eth0=( "default via 192.168.1.1" )
>
> ##
> # Bridge
> ##
> bridge_br0="eth0"
> config_br0=( "192.168.1.20 netmask 255.255.255.0 brd 192.168.1.255" )
> #dhcpcd_br0="-t 10"
> RC_NEED_br0="net.eth0"
> brctl_br0=( "setfd 0" "sethello 0" "stp off" )
> config_tap0=( "10.0.2.1 netmask 255.255.255.0" )
>
>   
I think what you are after is the following:

bridge_br0="eth0"
config_br0=( "192.168.1.20 netmask 255.255.255.0" )
routes_br0=( "default via 192.168.1.1" )
config_eth0=( "null" )
depend_br0() {
need net.eth0
}

You do not need an IP on the eth0 interface. This should get your box 
online with the bridge setup. (not tested, but fairly certain) Not 
totally sure what your intentions are for the tun interface. I would 
assume you would want to add it to the bridge group, so that it is on 
the same bridge as the outside world.  Or perhaps you want to route to 
the 192 IP to get to the 10. stuff....  Also, make sure you setup 
/etc/init.d/net.br0 and /etc/init.d/net.tap0 and set them to start with 
the box.  Hope this helps.

-- 
Isaac D. Conway
http://www.conwaynetworks.com

-- 
gentoo-amd64@lists.gentoo.org mailing list

Re: [gentoo-amd64] Networking bridging

[Jason]

Chris Brennan wrote:
> I am trying to set up a Bridge for Qemu to use. I followed the guide
> at
> http://gentoo-wiki.com/HOWTO:_Qemu#Using_TUN.2FTAP_interface_as_a_normal_user
> but when ever the bridge starts, I loose connectivity outside of my
> box :/ ... am I missing something ....
> 
> 
> I've includes the output of my /etc/conf.d/net file ....
...
> ##
> # LAN
> ##
> config_eth0=( "192.168.1.2 netmask 255.255.255.0 brd 192.168.1.255" )
> routes_eth0=( "default via 192.168.1.1" )
> 
> ##
> # Bridge
> ##
> bridge_br0="eth0"
> config_br0=( "192.168.1.20 netmask 255.255.255.0 brd 192.168.1.255" )
> #dhcpcd_br0="-t 10"
> RC_NEED_br0="net.eth0"
> brctl_br0=( "setfd 0" "sethello 0" "stp off" )
> config_tap0=( "10.0.2.1 netmask 255.255.255.0" )
> 

Here's my /etc/conf.d/net for bridging.

# Begin ##############################################################
# dynamically add devs to br0 as they are created
bridge_add_tap0="br0"
bridge_add_tap1="br0"
bridge_add_tap2="br0"

# put devs in promiscuous mode, br0 has config
config_eth0=( "0.0.0.0 promisc" )
config_tap0=( "0.0.0.0 promisc" )
config_tap1=( "0.0.0.0 promisc" )
config_tap2=( "0.0.0.0 promisc" )

config_br0=( "192.168.1.2 netmask 255.255.255.0" )
routes_br0=( "default via 192.168.1.1" )
bridge_br0="eth0"

# cascading deps tap* irrelevant w/o br0 and eth0
depend_tap0() {
      need net.br0
}
depend_tap1() {
      need net.br0
}
depend_tap2() {
      need net.br0
}
depend_br0() {
      need net.eth0
}

# enable proxyarping
postup() {
   if [[ ${IFACE} == "tap0" ]] ; then
      echo " *     Enabling Proxy ARP on ${IFACE}..."
      echo 1 >/proc/sys/net/ipv4/conf/tap0/proxy_arp
   fi
   if [[ ${IFACE} == "tap1" ]] ; then
      echo " *     Enabling Proxy ARP on ${IFACE}..."
      echo 1 >/proc/sys/net/ipv4/conf/tap1/proxy_arp
   fi

}

# remove from bridge
postdown() {
   if [[ ${IFACE} == "tap0" ]] ; then
      echo " *     Removing ${IFACE} from bridge br0..."
      brctl delif br0 tap0
      echo " *     Disabling Proxy ARP on ${IFACE}..."
      echo 0 >/proc/sys/net/ipv4/conf/tap0/proxy_arp
   fi
   if [[ ${IFACE} == "tap1" ]] ; then
      echo " *     Removing ${IFACE} from bridge br0..."
      brctl delif br0 tap1
      echo " *     Disabling Proxy ARP on ${IFACE}..."
      echo 0 >/proc/sys/net/ipv4/conf/tap1/proxy_arp
   fi

}
# End ################################################################

The key difference is that the underlying "real" devices in the bridge
need to be 0.0.0.0 and in promiscuous mode.  The bridge has the ip
address.

If you _need_ two separate subnets, you may want to use a tun and
iptables or ip_forward/route.  One idea you might try is what I
suggested, but with br0 = subnetA, br0:1 = subnetB...  Not sure it would
work, but worth a try.

Assuming your tap device is the end of an incoming VPN, the proxy arping
is only necessary if you want the VPN client (the above script is for
the VPN server) to be able to hit the internet through the server's gateway.

Yeah, looking at the preup/postdown functions just now made me realize I
wrote them a _long_ time ago.  rewrite at your leisure... ;-)

hth,

Jason.
-- 
gentoo-amd64@lists.gentoo.org mailing list

Re: [gentoo-amd64] Networking bridging

[Chris Brennan]

Issac
    I found that adding the few lines I was missing from your net to
mine and then enabling the br0 device first and I was able to ping the
outside world. One problem though, this line

                depend_br0() { need net.eth0 }

refused to work ... it hung my net scripts ... the RC_need_br0=(
"eth0" ) seems to work though.

I will bootup my gentoo livecd shortly and see if I can ping the
outside world from with in my VM ....



Isaac Conway wrote:
> Chris Brennan wrote:
>> I am trying to set up a Bridge for Qemu to use. I followed the guide
>> at
>>
http://gentoo-wiki.com/HOWTO:_Qemu#Using_TUN.2FTAP_interface_as_a_normal_user
>>
>> but when ever the bridge starts, I loose connectivity outside of my
>> box :/ ... am I missing something ....
>>
>>
>> I've includes the output of my /etc/conf.d/net file ....
>>
>>
>> # This blank configuration will automatically use DHCP for any net.*
>> # scripts in /etc/init.d.  To create a more complete configuration,
>> # please review /etc/conf.d/net.example and save your configuration
>> # in /etc/conf.d/net (this file :]!).
>> dns_domain=( "unworldly.org" )
>> nis_domain=( "unworldly.org" )
>> dns_domain_eth0=( "unworldly.org" )
>> dns_search_eth0=( "unworldly.org xaerolimit.net" )
>> dns_servers_eth0=( "192.168.1.1 4.2.2.1 4.2.2.2" )
>>
>> ##
>> # LAN
>> ##
>> config_eth0=( "192.168.1.2 netmask 255.255.255.0 brd 192.168.1.255" )
>> routes_eth0=( "default via 192.168.1.1" )
>>
>> ##
>> # Bridge
>> ##
>> bridge_br0="eth0"
>> config_br0=( "192.168.1.20 netmask 255.255.255.0 brd 192.168.1.255" )
>> #dhcpcd_br0="-t 10"
>> RC_NEED_br0="net.eth0"
>> brctl_br0=( "setfd 0" "sethello 0" "stp off" )
>> config_tap0=( "10.0.2.1 netmask 255.255.255.0" )
>>
>>  
> I think what you are after is the following:
>
> bridge_br0="eth0"
> config_br0=( "192.168.1.20 netmask 255.255.255.0" )
> routes_br0=( "default via 192.168.1.1" )
> config_eth0=( "null" )
> depend_br0() {
> need net.eth0
> }
>
> You do not need an IP on the eth0 interface. This should get your
> box online with the bridge setup. (not tested, but fairly certain)
> Not totally sure what your intentions are for the tun interface. I
> would assume you would want to add it to the bridge group, so that
> it is on the same bridge as the outside world.  Or perhaps you want
> to route to the 192 IP to get to the 10. stuff....  Also, make sure
> you setup /etc/init.d/net.br0 and /etc/init.d/net.tap0 and set them
> to start with the box.  Hope this helps.
>

-- 
gentoo-amd64@lists.gentoo.org mailing list