CentOS 6 ELRepo kernel bridge issues

bridgecentos

I'm currently running the following Kernel on CentOS 6.6 from ELRepo

[root@de14 ~]# uname -r

4.0.4-1.el6.elrepo.x86_64

Anything related to a bridge doesn't work, what I've come to understand is CentOS runs sysctl.conf before the bridge is come up

echo 1 > /proc/sys/net/bridge/bridge-nf-call-iptables

/proc/sys/net/bridge/bridge-nf-call-iptables: No such file or directory

There's nothing under,

-bash: cd: /proc/sys/net/bridge: No such file or directory

But br0 which is a bridge on eth0 works fine, what would be the best way to get the usual bridge capabilities back (bridge-nf-call-iptables) and the like ?

Best Answer

In recent kernels, the /proc/sys/net/bridge collection of sysctls is provided by the br_netfilter module. When your system boots, you may see a message like this from the kernel:

bridge: automatic filtering via arp/ip/ip6tables has been deprecated. 
Update your scripts to load br_netfilter if you need this.

For example:

# ls /proc/sys/net/bridge
ls: cannot access /proc/sys/net/bridge: No such file or directory
# modprobe br_netfilter
# ls /proc/sys/net/bridge
bridge-nf-call-arptables  bridge-nf-filter-pppoe-tagged
bridge-nf-call-ip6tables  bridge-nf-filter-vlan-tagged
bridge-nf-call-iptables   bridge-nf-pass-vlan-input-dev

Related Solutions

Centos – the correct way to setup a bonded bridge on Centos 6 for KVM guests

Not sure about CentOS 6, but on Fedora the bonding module is not added to the Linux kernel by default and therefore you need to create a file /etc/modprobe.d/bonding.conf with content

alias bond0 bonding

Reboot, and you should see bonding module loaded during boot.

Since you have two bonded interfaces you might have to add another alias line for bond1 as well. However I have never tried that.

Suggest you get one working and then worry about setting up the second.

Other issue you raised about the bridge, other points to note, these configurations work with the network daemon but I don't believe they work with NetworkManager. Are you running the network or the NetworkManager daemon?

And finally, there are different ways to configure netfilter to handle bridged interfaces. At least on Fedora 12+, the default is to disable netfilter on bridges. However you can change this by editing /etc/sysctl.conf and setting

net.bridge.bridge-nf-call-iptables=1

Do the same for arp and ipv6 and in this file you also need to set

net.ipv4.ip_forward=1

Flush your FORWARD chain and replace with iptables rule

iptables -A FORWARD -m physdev --physdev-is-bridged -j ACCEPT

Setting up bridged LXC containers with static IPs

In fact you can set the address and gateway from within the host and configure the container not to touch the interface at all using the keyword manual.

Place this within the guests /etc/network/interfaces:

auto eth0
iface eth0 inet manual

Also leave it up to the container's config file to set up the interface:

lxc.network.type = veth
lxc.network.flags = up
lxc.network.link = lxc-bridge-nat
lxc.network.ipv4 = 192.168.100.16/24
lxc.network.ipv4.gateway = auto

The guest will behave like it's BIOS already set up the interface and just use it.

Especially explore lxc.network.ipv4.gateway.

Best Answer

Related Solutions

Centos – the correct way to setup a bonded bridge on Centos 6 for KVM guests

Setting up bridged LXC containers with static IPs

Related Topic