Re: [arch-general] bridge with netctl
On Thursday 06 Mar 2014 23:01:30 arnaud gaboury wrote: On Thu, Mar 6, 2014 at 8:00 PM, arnaud gaboury arnaud.gabo...@gmail.com wrote: 1) Two new virtual interfaces are create: one that is visible to the container, and one that is visible to the host. The host now has two interfaces, which may be bridged, or it may act as a NAT router on the interface that goes to the container. The container only sees the one interface, and uses perfectly normal means to obtain an IP address. That's correct. When I boot the container, a new interface vb-dahlia appears on the host, and on the container side, i have a host0 interface. So I guess I must have a netctl br0 profile with this line : BindsToInterface=(enp7s0 vb-dhalia) It took me a while, but I have now a working bridge on Host machine, with a static IP and a working ethernet connection on container, with a static IP. Thank you for your help You're welcome, Arnaud. Glad you got it working in the end. Paul
Re: [arch-general] bridge with netctl
Am 06.03.2014 14:03, schrieb arnaud gaboury:
Dear list,
I am running a machine hortensia with a container dahlia. As the
container will be a server, I want to have one IP for hortensia and
another one for dahlia.
On hortensia, with dhcpcd.service and systemd-networkd both disabled,
I start at boot two netctl profiles.
/etc/netctl/bridge-hortensia
Description=Bridge connection to container
Interface=br0
Connection=bridge
BindsToInterfaces=()
IP=no
/etc/netctl/static-hortensia
Description='hortensia static ethernet connection'
Interface=enp7s0
Connection=ethernet
IP=static
Address=('192.168.1.87/24')
Gateway=('192.168.1.254')
DNS=('192.168.1.254')
This configuration make no sense whatsoever.
1) You create a bridge with no ports. What purpose does it serve?
2) If you want to add enp7s0 as a port, why do you have a configuration
for enp7s0? If an interface is a bridge port, it cannot be used for IP
traffic, so assigning it an IP is pointless.
signature.asc
Description: OpenPGP digital signature
Re: [arch-general] bridge with netctl
On Thursday 06 Mar 2014 14:03:54 arnaud gaboury wrote:
I am running a machine hortensia with a container dahlia. As the
container will be a server, I want to have one IP for hortensia and
another one for dahlia.
On hortensia, with dhcpcd.service and systemd-networkd both disabled,
I start at boot two netctl profiles.
/etc/netctl/bridge-hortensia
Description=Bridge connection to container
Interface=br0
Connection=bridge
BindsToInterfaces=()
IP=no
/etc/netctl/static-hortensia
Description='hortensia static ethernet connection'
Interface=enp7s0
Connection=ethernet
IP=static
Address=('192.168.1.87/24')
Gateway=('192.168.1.254')
DNS=('192.168.1.254')
Hi Arnaud. This doesn't seem right to me. The purpose of a bridge is to connect
several
interfaces together. Your bridge is not bound to any interfaces, so it's
effectively useless,
unless there's some special use of bridges I'm not familiar with.
Although I haven't played with containers much at all, I would expect it to
work in one of 2
ways:
1) Two new virtual interfaces are create: one that is visible to the container,
and one that is
visible to the host. The host now has two interfaces, which may be bridged, or
it may act
as a NAT router on the interface that goes to the container. The container only
sees the
one interface, and uses perfectly normal means to obtain an IP address.
2) No new interfaces are defined, and the host's interface is shared with the
container. In
this case, you will need to add another IP to the interface so that it'll
respond to both the
host's IP and the container's IP, and then either perform some kind of packet
filtering, or
simply ensure that the services on host and client are each configured to
respond only to
the desired IP.
Paul
Re: [arch-general] bridge with netctl
On Thu, 6 Mar 2014 14:03:54 +0100 arnaud gaboury arnaud.gabo...@gmail.com wrote: I have no idea what part of the setup is missing. I run a custom kernel, so is there any wrong configuration on it ? The kernel is moderately customized, but maybe did I disabled some needed flag ? I can't help you with your specific problem, but one thing is that you need to do, is to enable the machine to forward ip packets from one interface to another. Create something like a /etc/sysctl.d/99-sysctl.conf and add this: # Enable packet forwarding net.ipv4.ip_forward = 1 net.ipv6.conf.all.forwarding = 1 If you run a firewall like iptables you'll also have to enable packet forwarding between the interfaces in the firewall. -- Joakim
Re: [arch-general] bridge with netctl
On 06-03-2014 13:23, Paul Gideon Dann wrote: Hi Arnaud. This doesn't seem right to me. The purpose of a bridge is to connect several interfaces together. Your bridge is not bound to any interfaces, so it's effectively useless, unless there's some special use of bridges I'm not familiar with. Although for a different use I setup a bridge that doesn't bind to any interfaces, it is meant to be used by qemu later where several tap interfaces will be connected. I suppose that now systemd-nspwan might also be able to make use of a similar setup, as it seems Arnaud is trying to use, I haven't tried it myself though (and it seems to be a recently added functionality). -- Mauro Santos
Re: [arch-general] bridge with netctl
On 06-03-2014 13:03, arnaud gaboury wrote: My issue is that br0 is DOWN and can't make it up with this command: # ip link set dev br0 up This has no effect. I use a systemd service file to setup a bridge for somewhat similar purposes, the sequence of commands I use is this: /usr/sbin/brctl addbr brkvm /usr/sbin/ip addr add 192.168.56.1/24 dev brkvm /usr/sbin/ip link set dev brkvm up after that, ip a s brkvm shows: 4: brkvm: BROADCAST,MULTICAST,UP,LOWER_UP mtu 1500 qdisc noqueue state UP group default link/ether fe:83:79:56:a3:a2 brd ff:ff:ff:ff:ff:ff inet 192.168.56.1/24 scope global brkvm valid_lft forever preferred_lft forever I have never used netctl so I can't help you there, in case you are wondering the complete service file is use is: [Unit] Description=Sets up a bride for use with virtual machines. [Service] Type=oneshot ExecStart=/usr/sbin/brctl addbr brkvm ExecStart=/usr/sbin/ip addr add 192.168.56.1/24 dev brkvm ExecStart=/usr/sbin/ip link set dev brkvm up RemainAfterExit=yes [Install] WantedBy=multi-user.target -- Mauro Santos
Re: [arch-general] bridge with netctl
This configuration make no sense whatsoever. 1) You create a bridge with no ports. What purpose does it serve? 2) If you want to add enp7s0 as a port, why do you have a configuration for enp7s0? If an interface is a bridge port, it cannot be used for IP traffic, so assigning it an IP is pointless. If I understand correctly, in fact I took the set up upside down. I tried br0 --- enp7s0 when in fact the scheme is |- dev 1 enp7s0 bridge br0 | |-- dev 2 Am I correct in this scheme?
Re: [arch-general] bridge with netctl
On Thursday 06 Mar 2014 16:14:19 arnaud gaboury wrote: This configuration make no sense whatsoever. 1) You create a bridge with no ports. What purpose does it serve? 2) If you want to add enp7s0 as a port, why do you have a configuration for enp7s0? If an interface is a bridge port, it cannot be used for IP traffic, so assigning it an IP is pointless. If I understand correctly, in fact I took the set up upside down. I tried br0 --- enp7s0 when in fact the scheme is |- dev 1 enp7s0 bridge br0 | |-- dev 2 Am I correct in this scheme? What do you mean by dev 1 and dev 2? Paul
Re: [arch-general] bridge with netctl
I can't help you with your specific problem, but one thing is that you need to do, is to enable the machine to forward ip packets from one interface to another. Create something like a /etc/sysctl.d/99-sysctl.conf and add this: # Enable packet forwarding net.ipv4.ip_forward = 1 net.ipv6.conf.all.forwarding = 1 It is. gabx@hortensia ➤➤ ~ % cat /etc/sysctl.d/30-ipforward.conf net.ipv4.ip_forward=1 net.ipv6.conf.default.forwarding=1 net.ipv6.conf.all.forwarding=1
Re: [arch-general] bridge with netctl
Am 06.03.2014 16:19, schrieb Paul Gideon Dann: If I understand correctly, in fact I took the set up upside down. I tried br0 --- enp7s0 when in fact the scheme is |- dev 1 enp7s0 bridge br0 | |-- dev 2 Am I correct in this scheme? What do you mean by dev 1 and dev 2? Independently of what dev1 and dev2 are, the answer is 'no'. signature.asc Description: OpenPGP digital signature
Re: [arch-general] bridge with netctl
To say it out in a manner as straight as possible, you have to include every device that the bridge should have any effect on in your bridge. And if you still think a device doesn't go in there, I'd have to listen to your reason and read up if that is actually valid. No, include all those devices already and let us move on.
Re: [arch-general] bridge with netctl
Op 6 mrt. 2014 14:15 schreef Thomas Bächler tho...@archlinux.org het volgende: Am 06.03.2014 14:03, schrieb arnaud gaboury: Dear list, I am running a machine hortensia with a container dahlia. As the container will be a server, I want to have one IP for hortensia and another one for dahlia. On hortensia, with dhcpcd.service and systemd-networkd both disabled, I start at boot two netctl profiles. [...] 1) You create a bridge with no ports. What purpose does it serve? 2) If you want to add enp7s0 as a port, why do you have a configuration for enp7s0? If an interface is a bridge port, it cannot be used for IP traffic, so assigning it an IP is pointless. In fact: make enp7so a port of br0 and then you can use the bridge as the network interface for Hortensia. For either static or dhcp: use the bridge device. Ip forwarding: a bridge is a OSI layer 2 device, not a router, so ip forwording can be turned off (Ip is layer 3). As for Dahlia; i don't know exactly how containers work in Linux, but i guess you'll need to configure some virtual network device and then add that to the bridge. My best guess would be to look up how this is done with LXC. mvg, Guus
Re: [arch-general] bridge with netctl
2014-03-06 18:40 GMT+01:00 Guus Snijders gsnijd...@gmail.com: Op 6 mrt. 2014 14:15 schreef Thomas Bächler tho...@archlinux.org het volgende: [...] As for Dahlia; i don't know exactly how containers work in Linux, but i guess you'll need to configure some virtual network device and then add that to the bridge. My best guess would be to look up how this is done with LXC. Actually, the man page for systemd-nspawn explains it nicely. Look for the options network-veth and network-bridge mvg, Guus
Re: [arch-general] bridge with netctl
On Thu, Mar 6, 2014 at 8:00 PM, arnaud gaboury arnaud.gabo...@gmail.com wrote: 1) Two new virtual interfaces are create: one that is visible to the container, and one that is visible to the host. The host now has two interfaces, which may be bridged, or it may act as a NAT router on the interface that goes to the container. The container only sees the one interface, and uses perfectly normal means to obtain an IP address. That's correct. When I boot the container, a new interface vb-dahlia appears on the host, and on the container side, i have a host0 interface. So I guess I must have a netctl br0 profile with this line : BindsToInterface=(enp7s0 vb-dhalia) It took me a while, but I have now a working bridge on Host machine, with a static IP and a working ethernet connection on container, with a static IP. Thank you for your help
