Struggling a bit with a Debian Linux bridge configuration
Hello folks,
First time post here but been lurking for quite a while since 2015 on "the old world". This particular issue has stumped me and I'd like to try and pick someone's brains for some help.
Here's my setup: I have two IPs being used; one for the Debian Linux system in question on the bare metal hardware, and a second IP used by a Windows Server VM running in KVM with libvirtd.
I recently switched over from one dedi to another. On my old dedi, I have a network config that looks like this:
auto br0
iface br0 inet static
address 203.111.0.114
netmask 255.255.255.248
gateway 203.111.0.113
bridge_ports eth0
bridge_stp off
bridge_maxwait 5
dns-nameservers 1.1.1.1 9.9.9.9 74.82.42.42
dns-search example.com
I then set another IP, 203.111.0.115 manually in the VM itself. This works great on this old dedi!
However a newer dedi I am moving to, with the same version of Debian Linux installed, has a slightly different setup. With the old dedi, I get a /29, but this new one, I only get 2 IPs out of a shared /24. So, my network config now looks like this on the new dedi:
auto br0
iface br0 inet static
address 203.111.0.214
netmask 255.255.255.0
gateway 203.111.0.1
bridge_ports eth0
bridge_stp off
bridge_maxwait 5
dns-nameservers 1.1.1.1 9.9.9.9 74.82.42.42
dns-search example.com
I then set a static IP on the VM just like before. Both systems can ping the default gateway at 203.111.0.1, but cannot reach anything beyond it. The Linux system's route table shows 203.111.0.1 as a default route, but is unable to pass any traffic beyond it.
I've made sure that I've gotten things like the bridge utils package installed on both systems.
Now here's the real wrinkle:
If I take out the bridge component on the new dedi, and just set the interface up without the bridge, like so:
auto eth0
allow-hotplug eth0
iface eth0 inet static
address 203.111.0.214
netmask 255.255.255.0
gateway 203.111.0.1
bridge_ports eth0
bridge_stp off
bridge_maxwait 5
dns-nameservers 1.1.1.1 9.9.9.9 74.82.42.42
dns-search example.com
This works perfectly fine and I can get out to internet destinations, as intended.
I've opened a ticket with the provider and they pointed to a issue in my network config, so I'm kind of stumped. I don't know what I'm missing here so I'm hoping someone could point me in the right direction. Thank you all in advance!
Cheap dedis are my drug, and I'm too far gone to turn back.
Comments
I would consider checking/asking about MAC filters or other bridging requirements, such as using your primary IP to forward for the KVM/etc.
My pronouns are asshole/asshole/asshole. I will give you the same courtesy.
That's a really good thought; unfortunately they are claiming there are no MAC filters and they require STP to be turned off. I even tested this by manually setting the bridge MAC to be the same as the NIC's, and changing the NIC's to be something different, with the same behavior, unfortunately. I am able to directly assign the second IP address to a subinterface (eth0:1) and that does work.
Thanks for your suggestions!
Cheap dedis are my drug, and I'm too far gone to turn back.
Spanning Tree is a bad idea in the first place.
The fact that it works fine with eth0:1 makes me question it. I'd suggest using macchanger on the slave and see what it does.
My pronouns are asshole/asshole/asshole. I will give you the same courtesy.
No dice, unfortunately... I'm wondering if this particular network card driver has issues with bridges maybe? Though it's a Intel card just like the old dedi, and there isn't anything in the kernel buffer to indicate that this occurring, either.
Cheap dedis are my drug, and I'm too far gone to turn back.
Just for a further update. I presented my findings again a second time to the support agent for the hosting provider, and they are escalating my ticket to the network engineering team. Will be keep the thread updated for anyone else who might be searching the internets for the same issue...
Cheap dedis are my drug, and I'm too far gone to turn back.
Out of curiousity, are you sure v4 forwarding is enabled?
I still question if they're filtering with the allowed MAC addresses upstream if you don't have weird ebtables/iptables rules.
Also, a dedi with 2 IPs for itself hanging onto a /24? I've.. not seen that with physical hardware before.
My pronouns are asshole/asshole/asshole. I will give you the same courtesy.
Double check your interface names? I still end up fucking myself over with the new ifnames until I remember to shut that shit off in the grub config.
v4 forwarding would be another one to check as @SagnikS suggested
Also make sure you don't have an eth0 listing in your interfaces file that might be turning up before the bridge?
Just throwing some ideas out there.
🦍🍌
I can ask, but I'd imagine it would have to be.
Yeah, it's a bit odd. I've seen it for dedis with only 1 IP to conserve IP space before, but not in this situation.
Good call, but I am confirming that my config is using the correct interface names; I changed some details on the configs I pasted just to remain a tad more anonymous.
Thank you everyone for the suggestions so far. I am still working on the issue with the provider for now but of course will keep you all updated.
Cheap dedis are my drug, and I'm too far gone to turn back.
Yup, it is enabled on the OS.
Cheap dedis are my drug, and I'm too far gone to turn back.
Ok, this is fully a boneheaded mistake on my part. I decided to just reinstall Debian again but this time opt out of using an unmanaged network daemon, and instead have NetworkManager handle the networking, and everything seems to work. For anyone else who wants to repeat what I did:
I still don't fully get why the old setup without NetworkManager worked on the old dedi; but this will work for what I need it to do.
A big thank you to everyone who provided help and suggestions on troubleshooting. I might start participating in the community a bit more given the generous help so many people offered. Love you guys. Cheers!
Cheap dedis are my drug, and I'm too far gone to turn back.
I am glad the network demon daemon has been exorcised with a reinstall incantation.
Deals and Reviews: LowEndBoxes Review | Avoid dodgy providers with The LEBRE Whitelist | Free hosting (with conditions): Evolution-Host, NanoKVM, FreeMach, ServedEZ | Get expert copyediting and copywriting help at The Write Flow
Since we're talking bridges, have anyone encountered this with Debian 10 (Proxmox) bridges:
no routing.
Forwarding, proxy arp enabled, iptables checked.
As soon as I do this:
routing starts working.
Proxmox documentation doesn't understand either
https://pve.proxmox.com/wiki/Network_Configuration
Anyone knows what's the catch?
@CamoYoshi NetworkManager is the devil and should be abolished.
@comi There are some oddities I ran into with Proxmox the last time I tried; proxy arp worked, but it wouldn't work with eth0 as the primary and the bridge- you basically just had to bridge. This is pretty common if it's the same physical interface. It can be due to the ethernet driver or other things - since Linux is a hodgepodge of both good-and-barely-working code, I never bothered to look further after finding a working solution.
My pronouns are asshole/asshole/asshole. I will give you the same courtesy.
Yeah for the most part it can be annoying but I generally know how to work around its... idiosyncrasies, so I'll live.
Cheap dedis are my drug, and I'm too far gone to turn back.
But muh purfekshonism... :O