Chris Brennan wrote: > I am trying to set up a Bridge for Qemu to use. I followed the guide > at > http://gentoo-wiki.com/HOWTO:_Qemu#Using_TUN.2FTAP_interface_as_a_normal_user > but when ever the bridge starts, I loose connectivity outside of my > box :/ ... am I missing something .... > > > I've includes the output of my /etc/conf.d/net file .... ... > ## > # LAN > ## > config_eth0=( "192.168.1.2 netmask 255.255.255.0 brd 192.168.1.255" ) > routes_eth0=( "default via 192.168.1.1" ) > > ## > # Bridge > ## > bridge_br0="eth0" > config_br0=( "192.168.1.20 netmask 255.255.255.0 brd 192.168.1.255" ) > #dhcpcd_br0="-t 10" > RC_NEED_br0="net.eth0" > brctl_br0=( "setfd 0" "sethello 0" "stp off" ) > config_tap0=( "10.0.2.1 netmask 255.255.255.0" ) >
Here's my /etc/conf.d/net for bridging. # Begin ############################################################## # dynamically add devs to br0 as they are created bridge_add_tap0="br0" bridge_add_tap1="br0" bridge_add_tap2="br0" # put devs in promiscuous mode, br0 has config config_eth0=( "0.0.0.0 promisc" ) config_tap0=( "0.0.0.0 promisc" ) config_tap1=( "0.0.0.0 promisc" ) config_tap2=( "0.0.0.0 promisc" ) config_br0=( "192.168.1.2 netmask 255.255.255.0" ) routes_br0=( "default via 192.168.1.1" ) bridge_br0="eth0" # cascading deps tap* irrelevant w/o br0 and eth0 depend_tap0() { need net.br0 } depend_tap1() { need net.br0 } depend_tap2() { need net.br0 } depend_br0() { need net.eth0 } # enable proxyarping postup() { if [[ ${IFACE} == "tap0" ]] ; then echo " * Enabling Proxy ARP on ${IFACE}..." echo 1 >/proc/sys/net/ipv4/conf/tap0/proxy_arp fi if [[ ${IFACE} == "tap1" ]] ; then echo " * Enabling Proxy ARP on ${IFACE}..." echo 1 >/proc/sys/net/ipv4/conf/tap1/proxy_arp fi } # remove from bridge postdown() { if [[ ${IFACE} == "tap0" ]] ; then echo " * Removing ${IFACE} from bridge br0..." brctl delif br0 tap0 echo " * Disabling Proxy ARP on ${IFACE}..." echo 0 >/proc/sys/net/ipv4/conf/tap0/proxy_arp fi if [[ ${IFACE} == "tap1" ]] ; then echo " * Removing ${IFACE} from bridge br0..." brctl delif br0 tap1 echo " * Disabling Proxy ARP on ${IFACE}..." echo 0 >/proc/sys/net/ipv4/conf/tap1/proxy_arp fi } # End ################################################################ The key difference is that the underlying "real" devices in the bridge need to be 0.0.0.0 and in promiscuous mode. The bridge has the ip address. If you _need_ two separate subnets, you may want to use a tun and iptables or ip_forward/route. One idea you might try is what I suggested, but with br0 = subnetA, br0:1 = subnetB... Not sure it would work, but worth a try. Assuming your tap device is the end of an incoming VPN, the proxy arping is only necessary if you want the VPN client (the above script is for the VPN server) to be able to hit the internet through the server's gateway. Yeah, looking at the preup/postdown functions just now made me realize I wrote them a _long_ time ago. rewrite at your leisure... ;-) hth, Jason. -- gentoo-amd64@lists.gentoo.org mailing list