1

i'm currently stuck at setting up the bridged networking on a dedicated server to allow the KVM-guests to use ips from an extra subnet. As far as i know, the address, broadcast and gateway must always be in range of the netmask.

My original network setup (/etc/network/interfaces) looks like this:

auto eth0
iface eth0 inet static
  address      1.2.3.163
  broadcast    1.2.3.191
  netmask      255.255.255.224
  gateway      1.2.3.161

So, to allow using the device as a bridge, i changed the file like this:

auto eth0
iface eth0 inet manual

auto br0
iface br0 inet static
  address      1.2.3.163
  broadcast    1.2.3.191
  netmask      255.255.255.224
  gateway      1.2.3.161
  bridge-ports eth0

Result: Networking still available. However this is the information i got from the provider:

subnet: 9.8.7.200/29
addresses: 9.8.7.(200-207)
netmask: 255.255.255.248
gateway: 1.2.3.163
broadcast: 9.8.7.207

So the gateway as actually my main ip. However it does not exists in the current network. I've added a second bridge to my interfaces file:

auto br1
iface br1 inet static
  address      9.8.7.200
  broadcast    9.8.7.207
  netmask      255.255.255.248
  gateway      1.2.3.163
  bridge-ports eth0

The result is: i can ping 9.8.7.200, however when trying to ping via br1, no host can be resolved. The output of "route -n" is:

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         1.2.3.161       0.0.0.0         UG    0      0        0 br0
9.8.7.200       0.0.0.0         255.255.255.248 U     0      0        0 br1
1.2.3.160       0.0.0.0         255.255.255.224 U     0      0        0 br0

I'm looking forward thankfully for any assistance with this problem.

Silom
  • 111
  • 3
  • You will need to setup your KVM host as a router for this to work. See http://serverfault.com/questions/400395/linux-as-a-gateway-no-nat for more information. – Rik Schneider Aug 09 '13 at 21:52
  • Your understanding is correct. The info from the provider is wrong. The gateway for 9.8.7.200/29 cannot be 1.2.3.163. – Mark Wagner Aug 09 '13 at 23:47
  • Is that subnet routed to your dedicated server? I guess the provider just tells you this. It simple does not provide a router for that network, that has to be your machine. You might use the dedicated servers default gateway, but have to set an appropriate route on your VMs. (eg 1.2.3.161/32 -> eth0) That /might/ work, if your provider is not too picky about what ARP request it answers. And you'll have to check whether returning packets get to your dedic/vms.... But finally: Use a /routed/ setup. – Michuelnik Aug 19 '13 at 12:28

1 Answers1

0

The Gateway is wrong. It must reside within the same subnet as your IP is. otherwhise it wont work.

IP:        9.8.7.200
Netmask:   255.255.255.248 (/29)
Network:   9.8.7.200
Broadcast: 9.8.7.207   
First IP:  9.8.7.201
Last IP:   9.8.7.206

I configured my bridge the folowing way:

allow-hotplug eth0
iface eth0 inet static
        address 1.2.3.4
        netmask 255.255.255.0
        network 1.2.3.0
        broadcast 1.2.3.255
        gateway 1.2.3.1

#(as is work with openvpn interfaces)

auto tap0
iface tap0 inet manual
  pre-up openvpn --mktun --dev tap0
  post-down openvpn --rmtun --dev tap0

auto tap1
    iface tap1 inet manual
      pre-up openvpn --mktun --dev tap1
      post-down openvpn --rmtun --dev tap1

   auto br0
  iface br0 inet static
    bridge_ports tap0 tap1 
    address 10.20.30.40
    netmask 255.255.255.0
    up route add -net 192.168.1.0 netmask 255.255.255.0 gw 10.20.30.101
    up route add -net 172.16.25.0 netmask 255.255.255.0 gw 10.20.30.100
    down route del -net 192.168.1.0 netmask 255.255.255.0 gw 10.20.30.101
    down route del -net 172.16.25.0 netmask 255.255.255.0 gw 10.20.30.100

All the OpenVPN Client Networks ar routet, and can connect to the internet if they use the servres OpenVPN IP as gateway. (redirect gateway option)

Daywalker
  • 495
  • 5
  • 25
  • I talked to the provider, one of the support guys told me how it goes in a right way. The new subnet is routed to the main address form the server, thats why there is no need for a gateway to use the additional IP-addresses. example: ``Network: 88.1.1.80 Broadcast: 88.1.1.87 Usable addresses: 88.1.1.81 – 88.1.1.86 `` – Silom Aug 19 '13 at 12:07
  • So they gave You TWO Subnets where one is accessible through the other? Network A: 1.2.3.0/29 Network B: 2.3.4.0/29, and they set up a route like this route add -net 2.3.4.0/29 gw 1.2.3.1 ? Am i understanding this right? – Daywalker Aug 19 '13 at 12:11
  • Exactly, my range is between network and broadcast. EDIT: I mean it is some time ago, I just remember that what you can read on top. – Silom Aug 19 '13 at 12:14