Chris Brennan wrote:
> I am trying to set up a Bridge for Qemu to use. I followed the guide
> at
> http://gentoo-wiki.com/HOWTO:_Qemu#Using_TUN.2FTAP_interface_as_a_normal_user
> but when ever the bridge starts, I loose connectivity outside of my
> box :/ ... am I missing something ....
>
>
> I've includes the output of my /etc/conf.d/net file ....
...
> ##
> # LAN
> ##
> config_eth0=( "192.168.1.2 netmask 255.255.255.0 brd 192.168.1.255" )
> routes_eth0=( "default via 192.168.1.1" )
>
> ##
> # Bridge
> ##
> bridge_br0="eth0"
> config_br0=( "192.168.1.20 netmask 255.255.255.0 brd 192.168.1.255" )
> #dhcpcd_br0="-t 10"
> RC_NEED_br0="net.eth0"
> brctl_br0=( "setfd 0" "sethello 0" "stp off" )
> config_tap0=( "10.0.2.1 netmask 255.255.255.0" )
>
Here's my /etc/conf.d/net for bridging.
# Begin ##############################################################
# dynamically add devs to br0 as they are created
bridge_add_tap0="br0"
bridge_add_tap1="br0"
bridge_add_tap2="br0"
# put devs in promiscuous mode, br0 has config
config_eth0=( "0.0.0.0 promisc" )
config_tap0=( "0.0.0.0 promisc" )
config_tap1=( "0.0.0.0 promisc" )
config_tap2=( "0.0.0.0 promisc" )
config_br0=( "192.168.1.2 netmask 255.255.255.0" )
routes_br0=( "default via 192.168.1.1" )
bridge_br0="eth0"
# cascading deps tap* irrelevant w/o br0 and eth0
depend_tap0() {
need net.br0
}
depend_tap1() {
need net.br0
}
depend_tap2() {
need net.br0
}
depend_br0() {
need net.eth0
}
# enable proxyarping
postup() {
if [[ ${IFACE} == "tap0" ]] ; then
echo " * Enabling Proxy ARP on ${IFACE}..."
echo 1 >/proc/sys/net/ipv4/conf/tap0/proxy_arp
fi
if [[ ${IFACE} == "tap1" ]] ; then
echo " * Enabling Proxy ARP on ${IFACE}..."
echo 1 >/proc/sys/net/ipv4/conf/tap1/proxy_arp
fi
}
# remove from bridge
postdown() {
if [[ ${IFACE} == "tap0" ]] ; then
echo " * Removing ${IFACE} from bridge br0..."
brctl delif br0 tap0
echo " * Disabling Proxy ARP on ${IFACE}..."
echo 0 >/proc/sys/net/ipv4/conf/tap0/proxy_arp
fi
if [[ ${IFACE} == "tap1" ]] ; then
echo " * Removing ${IFACE} from bridge br0..."
brctl delif br0 tap1
echo " * Disabling Proxy ARP on ${IFACE}..."
echo 0 >/proc/sys/net/ipv4/conf/tap1/proxy_arp
fi
}
# End ################################################################
The key difference is that the underlying "real" devices in the bridge
need to be 0.0.0.0 and in promiscuous mode. The bridge has the ip
address.
If you _need_ two separate subnets, you may want to use a tun and
iptables or ip_forward/route. One idea you might try is what I
suggested, but with br0 = subnetA, br0:1 = subnetB... Not sure it would
work, but worth a try.
Assuming your tap device is the end of an incoming VPN, the proxy arping
is only necessary if you want the VPN client (the above script is for
the VPN server) to be able to hit the internet through the server's gateway.
Yeah, looking at the preup/postdown functions just now made me realize I
wrote them a _long_ time ago. rewrite at your leisure... ;-)
hth,
Jason.
--
gentoo-amd64@lists.gentoo.org mailing list
