[SOLVED] Bridge Virtual Interfaces Cannot Up / Container Need Reboot after Host Networking Changed

Y

Yoga Hanggara

New Member
Apr 27, 2017
3
0
1
37
Before take down bridge interface from Host:
Code: 
root@localcloud:~# brctl show
bridge name     bridge id               STP enabled     interfaces
vmbr0           8000.0cc47ae144d0       no              eth0
                                                        veth100i1
vmbr1           8000.fe1bd11c7a6b       no              veth100i0
                                                        veth101i0
                                                        veth102i0

After have small changes vmbr1 on Host:
Code: 
root@localcloud:~# ifdown vmbr1
root@localcloud:~# brctl show
bridge name     bridge id               STP enabled     interfaces
vmbr0           8000.0cc47ae144d0       no              eth0
                                                        veth100i1

Going interface up:
Code: 
root@localcloud:~# ifup vmbr1
Waiting for vmbr1 to get ready (MAXWAIT is 2 seconds).
root@localcloud:~# brctl show
bridge name     bridge id               STP enabled     interfaces
vmbr0           8000.0cc47ae144d0       no              eth0
                                                        veth100i1
vmbr1           8000.000000000000       no

Notice that interfaces on vmbr1 doesn't coming up. So, the bridge connections fail: cannot ping from host to guest, and cannot ping within each other containers.

I have to manually change:
Code: 
root@localcloud:~# brctl addif vmbr1 veth102i0 veth101i0 veth100i0
root@localcloud:~# brctl show
bridge name     bridge id               STP enabled     interfaces
vmbr0           8000.0cc47ae144d0       no              eth0
                                                        veth100i1
vmbr1           8000.fe1bd11c7a6b       no              veth100i0
                                                        veth101i0
                                                        veth102i0

Then containers can ping guest-host and each other containers.

This is my /etc/network/interfaces on Host
Code: 
auto lo
iface lo inet loopback

allow-hotplug eth0

iface eth0 inet manual

iface eth1 inet manual

auto vmbr0
iface vmbr0 inet static
        address  xxx.xxx.xxx.xxx
        netmask  255.255.255.0
        gateway  xxx.xxx.xxx.xxx
        bridge_ports eth0
        bridge_stp off
        bridge_fd 0

auto vmbr1
iface vmbr1 inet static
        address  10.0.0.1
        netmask  255.255.255.0
        bridge_ports none
        bridge_stp off
        bridge_fd 0

On my Container:
Code: 
auto lo
iface lo inet loopback

auto eth0
iface eth0 inet static
        address 10.0.0.2
        netmask 255.255.255.0
        gateway 10.0.0.1

Proxmox VE: 4.4-13/7ea56165
 
Works as intended. If you need live changes you need to do them live (manually) without taking down the bridge.
(Alternatively on pve5 you can try to move from /etc/network/interfaces to systemd-networkd (there's no gui support for this - but we're considering adding something), it should be able to do most live changes automatically)
 
Thank you.
What/where is the best practices to apply iptables/port forwarding like this if not in /etc/network/interfaces (to prevent taking down host bridge)?

Code: 
auto vmbr1
iface vmbr1 inet static
        address  10.0.0.1
        netmask  255.255.255.0
        bridge_ports none
        bridge_stp off
        bridge_fd 0

        post-up   echo 1 > /proc/sys/net/ipv4/ip_forward
        post-down echo 0 > /proc/sys/net/ipv4/ip_forward

        post-up   iptables -t nat -A POSTROUTING -s '10.0.0.0/24' -o vmbr0 -j MASQUERADE
        post-down iptables -t nat -D POSTROUTING -s '10.0.0.0/24' -o vmbr0 -j MASQUERADE

        post-up   iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 2203 -j DNAT --to 10.0.0.3:22
        post-down iptables -t nat -D PREROUTING -i vmbr0 -p tcp --dport 2203 -j DNAT --to 10.0.0.3:22
 
Ok, i'm solving with move iptables rules to persistent/outside from /etc/network/interfaces by using iptables-persistent/iptables-save

So if want to change/create new port forwarding, i define rules within iptables, not by editing /etc/network/interfaces. No need to restart/take down bridge interfaces.
 
You must log in or register to reply here.
Top Bottom