Linux bridging not forwarding packets

bridgegentoohyper-vlinux

I am trying to set up a Linux bridge with 2 ethernet interfaces and cannot get it to work correctly. I am using Gentoo Linux and thought it would be quite easy but I end up having trouble getting packets go through the bridge. All of that is virtualized under Hyper-V is that matters for anything (but I doubt it).

Here goes my configuration.

 ------              ------------------           --------         -----------
| NUX3 |------------|eth1  BRIDGE  eth0|---------| ROUTER |-------/ INTERNET /
 ------              ------------------           --------        -----------
192.168.1.195/24    192.168.1.197/24 (br0)     192.168.1.101/24
00:15:5d:00:01:12   00:15:5d:00:01:08 (eth0)   00:15:5d:00:01:03
                    00:15:5d:00:01:13 (eth1)

# cat /etc/conf.d/net

bridge_br0=( "eth0 eth1" )
config_eth0=( "null" )
config_eth1=( "null" )
config_br0=( "192.168.1.197 netmask 255.255.255.0 brd 192.168.1.255" )
routes_br0=( "default via 192.168.1.101" )

# brctl show

bridge name      bridge id              STP enabled      interfaces
br0              8000.00155d000108      no               eth0
                                                         eth1

# brctl showstp br0

<...>
eth0 (1)               state               forwarding
eth1 (2)               state               forwarding
<...>

# cat /etc/sysctl.conf

net.ipv4.ip_forward = 1
net.bridge.bridge-nf-call-arptables = 0
net.bridge.bridge-nf-call-iptables = 0

# ifconfig

<...>
br0    UP BROADCAST RUNNING MULTICAST
       inet addr:192.168.1.197  Bcast:192.168.1.255  Mask:255.255.255.0
<...>
eth0    UP BROADCAST RUNNING PROMISC MULTICAST
<...>
eth1    UP BROADCAST RUNNING PROMISC MULTICAST
<...>

# brctl showmacs br0

port no mac addr                    is local?        ageing timer
  1     00:15:5d:00:01:03           no                   1.51
  1     00:15:5d:00:01:08           yes                  0.00
  2     00:15:5d:00:01:12           no                  36.22
  2     00:15:5d:00:01:13           yes                  0.00

BRIDGE can ping the ROUTER but not NUX3, NUX3 cannot ping neither BRIDGE nor ROUTER. All seems good to me but I am obviously missing something. I'd be really glad if someone can point me to it!

Thanks.

Best Answer

It's possible that the underlying network devices on the host do not have promiscuous mode enabled. In VMWare, for example, if the underlying virtual network adapter isn't +promisc then the guest bridge will fail miserably -- even though it thinks its able to enter promiscuous mode, it can't.

I've never used HyperV, but the logic should be the same, if the host doesn't allow the guest to enter promiscuous mode, the bridge can't pass packets back and forth because the network card will only handle frames that are addressed specifically to it.

If you disable the bridge, you're able to ping NUX3 and the router, correct?

Related Topic