Struggling a bit with a Debian Linux bridge configuration

Hello folks,

First time post here but been lurking for quite a while since 2015 on "the old world". This particular issue has stumped me and I'd like to try and pick someone's brains for some help.

Here's my setup: I have two IPs being used; one for the Debian Linux system in question on the bare metal hardware, and a second IP used by a Windows Server VM running in KVM with libvirtd.

I recently switched over from one dedi to another. On my old dedi, I have a network config that looks like this:

auto br0
iface br0 inet static
address 203.111.0.114
netmask 255.255.255.248
gateway 203.111.0.113
bridge_ports eth0
bridge_stp off
bridge_maxwait 5
dns-nameservers 1.1.1.1 9.9.9.9 74.82.42.42
dns-search example.com

I then set another IP, 203.111.0.115 manually in the VM itself. This works great on this old dedi!

However a newer dedi I am moving to, with the same version of Debian Linux installed, has a slightly different setup. With the old dedi, I get a /29, but this new one, I only get 2 IPs out of a shared /24. So, my network config now looks like this on the new dedi:

auto br0
iface br0 inet static
address 203.111.0.214
netmask 255.255.255.0
gateway 203.111.0.1
bridge_ports eth0
bridge_stp off
bridge_maxwait 5
dns-nameservers 1.1.1.1 9.9.9.9 74.82.42.42
dns-search example.com

I then set a static IP on the VM just like before. Both systems can ping the default gateway at 203.111.0.1, but cannot reach anything beyond it. The Linux system's route table shows 203.111.0.1 as a default route, but is unable to pass any traffic beyond it.

I've made sure that I've gotten things like the bridge utils package installed on both systems.

Now here's the real wrinkle:

If I take out the bridge component on the new dedi, and just set the interface up without the bridge, like so:

auto eth0
allow-hotplug eth0
iface eth0 inet static
address 203.111.0.214
netmask 255.255.255.0
gateway 203.111.0.1
bridge_ports eth0
bridge_stp off
bridge_maxwait 5
dns-nameservers 1.1.1.1 9.9.9.9 74.82.42.42
dns-search example.com

This works perfectly fine and I can get out to internet destinations, as intended.

I've opened a ticket with the provider and they pointed to a issue in my network config, so I'm kind of stumped. I don't know what I'm missing here so I'm hoping someone could point me in the right direction. Thank you all in advance!

Cheap dedis are my drug, and I'm too far gone to turn back.

Comments

  • WSSWSS OGRetired

    I would consider checking/asking about MAC filters or other bridging requirements, such as using your primary IP to forward for the KVM/etc.

    My pronouns are like/subscribe.

  • @WSS said:
    I would consider checking/asking about MAC filters or other bridging requirements, such as using your primary IP to forward for the KVM/etc.

    That's a really good thought; unfortunately they are claiming there are no MAC filters and they require STP to be turned off. I even tested this by manually setting the bridge MAC to be the same as the NIC's, and changing the NIC's to be something different, with the same behavior, unfortunately. I am able to directly assign the second IP address to a subinterface (eth0:1) and that does work.

    Thanks for your suggestions!

    Cheap dedis are my drug, and I'm too far gone to turn back.

  • WSSWSS OGRetired

    Spanning Tree is a bad idea in the first place.

    The fact that it works fine with eth0:1 makes me question it. I'd suggest using macchanger on the slave and see what it does.

    My pronouns are like/subscribe.

  • edited January 2020

    @WSS said:
    Spanning Tree is a bad idea in the first place.

    The fact that it works fine with eth0:1 makes me question it. I'd suggest using macchanger on the slave and see what it does.

    No dice, unfortunately... I'm wondering if this particular network card driver has issues with bridges maybe? Though it's a Intel card just like the old dedi, and there isn't anything in the kernel buffer to indicate that this occurring, either.

    Cheap dedis are my drug, and I'm too far gone to turn back.

  • Just for a further update. I presented my findings again a second time to the support agent for the hosting provider, and they are escalating my ticket to the network engineering team. Will be keep the thread updated for anyone else who might be searching the internets for the same issue...

    Cheap dedis are my drug, and I'm too far gone to turn back.

  • SagnikSSagnikS Hosting ProviderOG

    Out of curiousity, are you sure v4 forwarding is enabled?

  • WSSWSS OGRetired

    I still question if they're filtering with the allowed MAC addresses upstream if you don't have weird ebtables/iptables rules.

    Also, a dedi with 2 IPs for itself hanging onto a /24? I've.. not seen that with physical hardware before.

    My pronouns are like/subscribe.

  • Double check your interface names? I still end up fucking myself over with the new ifnames until I remember to shut that shit off in the grub config.

    v4 forwarding would be another one to check as @SagnikS suggested

    Also make sure you don't have an eth0 listing in your interfaces file that might be turning up before the bridge?

    Just throwing some ideas out there.

    🦍🍌

  • edited February 2020

    @SagnikS said:
    Out of curiousity, are you sure v4 forwarding is enabled?

    I can ask, but I'd imagine it would have to be.

    @WSS said:
    I still question if they're filtering with the allowed MAC addresses upstream if you don't have weird ebtables/iptables rules.

    Also, a dedi with 2 IPs for itself hanging onto a /24? I've.. not seen that with physical hardware before.

    Yeah, it's a bit odd. I've seen it for dedis with only 1 IP to conserve IP space before, but not in this situation.

    @Harambe said:
    Double check your interface names? I still end up fucking myself over with the new ifnames until I remember to shut that shit off in the grub config.

    v4 forwarding would be another one to check as @SagnikS suggested

    Also make sure you don't have an eth0 listing in your interfaces file that might be turning up before the bridge?

    Just throwing some ideas out there.

    Good call, but I am confirming that my config is using the correct interface names; I changed some details on the configs I pasted just to remain a tad more anonymous. :)

    Thank you everyone for the suggestions so far. I am still working on the issue with the provider for now but of course will keep you all updated.

    Cheap dedis are my drug, and I'm too far gone to turn back.

  • @SagnikS said:
    Out of curiousity, are you sure v4 forwarding is enabled?

    Yup, it is enabled on the OS.

    Cheap dedis are my drug, and I'm too far gone to turn back.

  • Ok, this is fully a boneheaded mistake on my part. I decided to just reinstall Debian again but this time opt out of using an unmanaged network daemon, and instead have NetworkManager handle the networking, and everything seems to work. For anyone else who wants to repeat what I did:

    1. Create a bridge interface within NetworkManager, and assign it one of your two IPs.
    2. Set up your VM to use a shared network device, and type in the name that your bridge interface has been assigned (can be obtained by running "ip addr")
    3. Inside the VM, statically assign your second IP in the VM's network configuration settings.

    I still don't fully get why the old setup without NetworkManager worked on the old dedi; but this will work for what I need it to do.

    A big thank you to everyone who provided help and suggestions on troubleshooting. I might start participating in the community a bit more given the generous help so many people offered. Love you guys. Cheers!

    Thanked by (1)poisson

    Cheap dedis are my drug, and I'm too far gone to turn back.

  • I am glad the network demon daemon has been exorcised with a reinstall incantation.

    Thanked by (1)CamoYoshi

    Deals and Reviews: LowEndBoxes Review | Avoid dodgy providers with The LEBRE Whitelist | Free hosting (with conditions): Evolution-Host, NanoKVM, FreeMach, ServedEZ | Get expert copyediting and copywriting help at The Write Flow

  • comicomi OG
    edited February 2020

    Since we're talking bridges, have anyone encountered this with Debian 10 (Proxmox) bridges:

    eno1
    static address
    
    vmbr0
    private address
    vm plugged here
    

    no routing.
    Forwarding, proxy arp enabled, iptables checked.
    As soon as I do this:

    vmbr0
    static address
    eno1 is plugged here
    
    vmbr1
    private address
    vm plugged here
    

    routing starts working.

    Proxmox documentation doesn't understand either
    https://pve.proxmox.com/wiki/Network_Configuration

    Anyone knows what's the catch?

  • WSSWSS OGRetired

    @CamoYoshi NetworkManager is the devil and should be abolished.

    @comi There are some oddities I ran into with Proxmox the last time I tried; proxy arp worked, but it wouldn't work with eth0 as the primary and the bridge- you basically just had to bridge. This is pretty common if it's the same physical interface. It can be due to the ethernet driver or other things - since Linux is a hodgepodge of both good-and-barely-working code, I never bothered to look further after finding a working solution.

    Thanked by (3)Harambe Falzo comi

    My pronouns are like/subscribe.

  • @WSS said:
    @CamoYoshi NetworkManager is the devil and should be abolished.

    Yeah for the most part it can be annoying but I generally know how to work around its... idiosyncrasies, so I'll live. :)

    Cheap dedis are my drug, and I'm too far gone to turn back.

  • @WSS said: I never bothered to look further after finding a working solution.

    But muh purfekshonism... :O

Sign In or Register to comment.