At Fri, 26 Nov 2010 12:15:51 -0500 CentOS mailing list <centos at centos.org> wrote: > > Hello, > > Presently I am running CentOS release 5.5 (Final). I am looking to setup > bridging as I would like to setup some KVM virtual hosts on my system as a > test lab. I am following the the instruction at this site > > > http://tldp.org/HOWTO/BRIDGE-STP-HOWTO/index.html > > but I cannot figure out where I am going wrong and would be thankful if > someone could point me in the right direction. > > Here is what I have done: > > Check bridge information with the following: > > > ~ $ modprobe -v bridge > > No issues or errors > > > ~ $ cat /proc/modules | grep bridge > > bidge 91889 0 - Live 0xffffffff89247000 > > Check to ensure forwarding is turned on: > > > ~ $ cat /proc/sys/net/ipv4/ip_forward > > 1 > > Checked that my interface are up and running > (Was sure of this but did the check anyway): > > > ~ $ ifconfig > > eth0 Link encap:Ethernet HWaddr 48:5B:39:2A:07:D5 > > inet addr:192.168.1.100 Bcast:192.168.1.255 Mask:255.255.255.0 > > inet6 addr: fe80::4a5b:39ff:fe2a:7d5/64 Scope:Link > > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > > RX packets:1059 errors:0 dropped:0 overruns:0 frame:0 > > TX packets:1080 errors:0 dropped:0 overruns:0 carrier:0 > > collisions:0 txqueuelen:1000 > > RX bytes:454226 (443.5 KiB) TX bytes:120584 (117.7 KiB) > > Interrupt:90 Base address:0x8400 > > > > lo Link encap:Local Loopback > > inet addr:127.0.0.1 Mask:255.0.0.0 > > inet6 addr: ::1/128 Scope:Host > > UP LOOPBACK RUNNING MTU:16436 Metric:1 > > RX packets:92 errors:0 dropped:0 overruns:0 frame:0 > > TX packets:92 errors:0 dropped:0 overruns:0 carrier:0[Thu Nov 25 > > So now I begin to create the bridge form CLI as I want to make sure everything > works before committing it to the config: > > > brctl addbr br0 > > ifconfig eth0 down > > ifconfig br0 192.168.1.100 up > > ifconfig eth0 0.0.0.0 up brctl addif br0 eth0 You need to add the physical interface(s) to the bridge interface. You can set this up to go automagically like this: sauron.deepsoft.com% cat /etc/sysconfig/network-scripts/ifcfg-eth0 # nVidia Corporation MCP77 Ethernet DEVICE=eth0 BOOTPROTO=static HWADDR=00:19:66:D6:ED:93 ONBOOT=yes BRIDGE=br0 sauron.deepsoft.com% cat /etc/sysconfig/network-scripts/ifcfg-br0 DEVICE=br0 TYPE=Bridge BOOTPROTO=static BROADCAST=192.168.250.255 IPADDR=192.168.250.1 NETMASK=255.255.255.0 NETWORK=192.168.250.0 ONBOOT=yes (change as needed to match your interaces and ipaddresses, etc.) > > route add default gw 192.168.1.254 > > I check my interfaces and routing: > > > ~ $ ifconfig > > br0 Link encap:Ethernet HWaddr 00:00:00:00:00:00 > > inet addr:192.168.1.100 Bcast:192.168.1.255 Mask:255.255.255.0 > > inet6 addr: fe80::200:ff:fe00:0/64 Scope:Link > > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > > RX packets:0 errors:0 dropped:0 overruns:0 frame:0 > > TX packets:5 errors:0 dropped:0 overruns:0 carrier:0 > > collisions:0 txqueuelen:0 > > RX bytes:0 (0.0 b) TX bytes:398 (398.0 b) > > > > eth0 Link encap:Ethernet HWaddr 48:5B:39:2A:07:D5 > > inet6 addr: fe80::4a5b:39ff:fe2a:7d5/64 Scope:Link > > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > > RX packets:64662 errors:0 dropped:0 overruns:0 frame:0 > > TX packets:63301 errors:0 dropped:0 overruns:0 carrier:0 > > collisions:0 txqueuelen:1000 > > RX bytes:17699194 (16.8 MiB) TX bytes:7958063 (7.5 MiB) > > Interrupt:90 Base address:0x8400 > > > > lo Link encap:Local Loopback > > inet addr:127.0.0.1 Mask:255.0.0.0 > > inet6 addr: ::1/128 Scope:Host > > UP LOOPBACK RUNNING MTU:16436 Metric:1 > > RX packets:211 errors:0 dropped:0 overruns:0 frame:0 > > TX packets:211 errors:0 dropped:0 overruns:0 carrier:0 > > collisions:0 txqueuelen:0 > > RX bytes:17346 (16.9 KiB) TX bytes:17346 (16.9 KiB) > > > > ~ $ route -n > > Kernel IP routing table > > Destination Gateway Genmask Flags Metric Ref Use > Iface > > 192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 br0 > > 0.0.0.0 192.168.1.254 0.0.0.0 UG 0 0 0 br0 > > Time to test if ping works: > > > ~ $ ping -c3 192.168.1.254 > > PING 192.168.1.254 (192.168.1.254) 56(84) bytes of data. > > ping: sendmsg: Operation not permitted > > ping: sendmsg: Operation not permitted > > ping: sendmsg: Operation not permitted > > > > --- 192.168.1.254 ping statistics --- > > 3 packets transmitted, 0 received, 100% packet loss, time 2000ms > > I know the firewall is causing this issue so I stop the firewall: > > > ~ $ service iptables stop > > Flushing firewall rules: [ OK ] > > Setting chains to policy ACCEPT: nat filter [ OK ] > > Unloading iptables modules: [ OK ] > > Time to try ping again: > > > ~ $ ping -c3 192.168.1.254 > > PING 192.168.1.254 (192.168.1.254) 56(84) bytes of data. > > From 192.168.1.100 icmp_seq=1 Destination Host Unreachable > > From 192.168.1.100 icmp_seq=2 Destination Host Unreachable > > From 192.168.1.100 icmp_seq=3 Destination Host Unreachable > > > > --- 192.168.1.254 ping statistics --- > > 3 packets transmitted, 0 received, +3 errors, 100% packet loss, time 1999ms > > To back out all I needed to do was: > > > ifconfig br0 down > > brctl delbr br0 > > service iptables start > > service netowrk restart > > Everything is back to normal. I cannot figure out what am I missing here? > Interfaces and routing look to be setup correctly. Is there something else I > need to be looking at? > > -- Robert Heller -- 978-544-6933 / heller at deepsoft.com Deepwoods Software -- http://www.deepsoft.com/ () ascii ribbon campaign -- against html e-mail /\ www.asciiribbon.org -- against proprietary attachments