Lost connection to the server after adding new bridge to network configuration

Question

In a Proxmox server (Debian), I changed my network config from this:

source /etc/network/interfaces.d/*

auto lo
iface lo inet loopback

auto enp0s31f6
iface enp0s31f6 inet static
        address  88.99.69.241
        netmask  255.255.255.192
        gateway  88.99.69.193
        up route add -net 88.99.69.192 netmask 255.255.255.192 gw 88.99.69.193 dev enp0s31f6
        post-up echo 1 > /proc/sys/net/ipv4/conf/enp0s31f6/proxy_arp
# route 88.99.69.192/26 via 88.99.69.193

auto vmbr1
iface vmbr1 inet static
        address  10.3.5.1
        netmask  255.255.255.0
        bridge-ports none
        bridge-stp off
        bridge-fd 0

to this:

source /etc/network/interfaces.d/*

auto lo
iface lo inet loopback

auto enp0s31f6
iface enp0s31f6 inet static
        address  66.xx.xx.241
        netmask  255.255.255.192
        gateway  66.xx.xx.193
        up route add -net 66.xx.xx.192 netmask 255.255.255.192 gw 66.xx.xx.193 dev enp0s31f6
        post-up echo 1 > /proc/sys/net/ipv4/conf/enp0s31f6/proxy_arp
# route 66.xx.xx.192/26 via 66.xx.xx.193

auto vmbr0
iface vmbr0 inet static
       address 66.xx.xx.241
       netmask 255.255.255.255
       pointopoint 66.xx.xx.193
       gateway 66.xx.xx.193
       bridge_ports enp0s31f6
       bridge_stp off
       bridge_fd 1
       bridge_hello 2
       bridge_maxage 12

auto vmbr1
iface vmbr1 inet static
        address  10.3.5.1
        netmask  255.255.255.0
        bridge-ports none
        bridge-stp off
        bridge-fd 0

My server is on Hetzner and i want to bridge my additional Ip to one of my VM's

After rebooting I can't ping 66.xx.xx.241, can someone explain me why I cannot connect anymore?. In a bridged network the gw should be defined in vmbr0?.

I changed the network configuration based on this tutorial from hetzner :

Answer 1

You are confusing main interface and bridged interface. While using bridged interface, this interface should get the IP address and the main interface gets bridged, which mean it can not have this address as well.

So you have a first interface named enp0s31f6. This interface is en-bridged into you bridge, so it is not configured directly, but on bridge configuration : key word manual is used for this purpose :

auto enp0s31f6
    iface enp0s31f6 inet manual

Then, on your bridge setup :

auto vmbr0
iface vmbr0 inet static
    address 66.xx.xx.241
    netmask 255.255.255.255
    pointopoint 66.xx.xx.193
    gateway 66.xx.xx.193
    bridge_ports enp0s31f6
    bridge_stp off
    bridge_fd 1
    bridge_hello 2
    bridge_maxage 12

You can not have two interfaces sharing same IP address.

Secondly, you route declaration is void as it creates a route which already exists as per address and netmask configuration. Indeed, network 66.xx.xx.192/26 is directly connected (layer 2 , Ethernet and ARP resolution) and does not need any route (layer 3) extra configuration.

About routing, as the packets are in real world intercepted by your enp0s31f6 interface, but gets transmitted to your vmbr0, you will need to write the following line to you /etc/sysctl.conf file :

net.ipv4.ip_forward=1

You will need to launch the command sysctl -p to force taking this new line in account directly (without waiting next reboot).

I ma not pretty sure you need to activate the arp proxy (line post-up echo 1 > /proc/sys/net/ipv4/conf/enp0s31f6/proxy_arp). Basically, what you are doing is a ARP proxy ; however it may be implicitly implemented by the pointopoint line.

Let us know whether it helps solving your problem or not;

EDIT It is still possible to have bridge mode. You configure external interface like usually and a bridge having an ip address in a 1918 range. And then ip_forward=1.

Answer 2

Yep, this is pretty trivial and covered in lots of places: Bridged interface members shouldn't have IPs, but bridge itself rather should.