At Fri, 26 Nov 2010 12:15:51 -0500 CentOS mailing list centos@centos.org wrote:
Hello,
Presently I am running CentOS release 5.5 (Final). I am looking to setup bridging as I would like to setup some KVM virtual hosts on my system as a test lab. I am following the the instruction at this site
but I cannot figure out where I am going wrong and would be thankful if someone could point me in the right direction.
Here is what I have done:
Check bridge information with the following:
~ $ modprobe -v bridge
No issues or errors
~ $ cat /proc/modules | grep bridge bidge 91889 0 - Live 0xffffffff89247000
Check to ensure forwarding is turned on:
~ $ cat /proc/sys/net/ipv4/ip_forward 1
Checked that my interface are up and running (Was sure of this but did the check anyway):
~ $ ifconfig eth0 Link encap:Ethernet HWaddr 48:5B:39:2A:07:D5 inet addr:192.168.1.100 Bcast:192.168.1.255 Mask:255.255.255.0 inet6 addr: fe80::4a5b:39ff:fe2a:7d5/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:1059 errors:0 dropped:0 overruns:0 frame:0 TX packets:1080 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:454226 (443.5 KiB) TX bytes:120584 (117.7 KiB) Interrupt:90 Base address:0x8400
lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:92 errors:0 dropped:0 overruns:0 frame:0 TX packets:92 errors:0 dropped:0 overruns:0 carrier:0[Thu Nov 25
So now I begin to create the bridge form CLI as I want to make sure everything works before committing it to the config:
brctl addbr br0 ifconfig eth0 down ifconfig br0 192.168.1.100 up ifconfig eth0 0.0.0.0 up
brctl addif br0 eth0
You need to add the physical interface(s) to the bridge interface.
You can set this up to go automagically like this:
sauron.deepsoft.com% cat /etc/sysconfig/network-scripts/ifcfg-eth0 # nVidia Corporation MCP77 Ethernet DEVICE=eth0 BOOTPROTO=static HWADDR=00:19:66:D6:ED:93 ONBOOT=yes BRIDGE=br0
sauron.deepsoft.com% cat /etc/sysconfig/network-scripts/ifcfg-br0 DEVICE=br0 TYPE=Bridge BOOTPROTO=static BROADCAST=192.168.250.255 IPADDR=192.168.250.1 NETMASK=255.255.255.0 NETWORK=192.168.250.0 ONBOOT=yes
(change as needed to match your interaces and ipaddresses, etc.)
route add default gw 192.168.1.254
I check my interfaces and routing:
~ $ ifconfig br0 Link encap:Ethernet HWaddr 00:00:00:00:00:00 inet addr:192.168.1.100 Bcast:192.168.1.255 Mask:255.255.255.0 inet6 addr: fe80::200:ff:fe00:0/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:5 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:0 (0.0 b) TX bytes:398 (398.0 b)
eth0 Link encap:Ethernet HWaddr 48:5B:39:2A:07:D5 inet6 addr: fe80::4a5b:39ff:fe2a:7d5/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:64662 errors:0 dropped:0 overruns:0 frame:0 TX packets:63301 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:17699194 (16.8 MiB) TX bytes:7958063 (7.5 MiB) Interrupt:90 Base address:0x8400
lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:211 errors:0 dropped:0 overruns:0 frame:0 TX packets:211 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:17346 (16.9 KiB) TX bytes:17346 (16.9 KiB)
~ $ route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use
Iface
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 br0 0.0.0.0 192.168.1.254 0.0.0.0 UG 0 0 0 br0
Time to test if ping works:
~ $ ping -c3 192.168.1.254 PING 192.168.1.254 (192.168.1.254) 56(84) bytes of data. ping: sendmsg: Operation not permitted ping: sendmsg: Operation not permitted ping: sendmsg: Operation not permitted
--- 192.168.1.254 ping statistics --- 3 packets transmitted, 0 received, 100% packet loss, time 2000ms
I know the firewall is causing this issue so I stop the firewall:
~ $ service iptables stop Flushing firewall rules: [ OK ] Setting chains to policy ACCEPT: nat filter [ OK ] Unloading iptables modules: [ OK ]
Time to try ping again:
~ $ ping -c3 192.168.1.254 PING 192.168.1.254 (192.168.1.254) 56(84) bytes of data. From 192.168.1.100 icmp_seq=1 Destination Host Unreachable From 192.168.1.100 icmp_seq=2 Destination Host Unreachable From 192.168.1.100 icmp_seq=3 Destination Host Unreachable
--- 192.168.1.254 ping statistics --- 3 packets transmitted, 0 received, +3 errors, 100% packet loss, time 1999ms
To back out all I needed to do was:
ifconfig br0 down brctl delbr br0 service iptables start service netowrk restart
Everything is back to normal. I cannot figure out what am I missing here? Interfaces and routing look to be setup correctly. Is there something else I need to be looking at?