[SOLVED] Linux Bridge on a public address

M

MarOwN

New Member
Nov 19, 2019
25
1
3
32
Hello everyone!

I'm looking for a way to configure a Linux Bridge card on a Debian 9 Stretch server to allow my VMs to access the internet, with the particularity that my eth0 card has a direct public address.... I have already tried many tutorials, but for the moment I have had two resets of the dedicated server, created each time after activating a bridge card, I miss and lose control on the server.... Do you have a procedure, a site, or can you explain how to make this bridge card?

Thanks to you!!!
 
Can you post what you tried to do? /etc/network/interfaces

Are you in a hosted environment? Often the hoster/Datacenter has some guides how their network environment should/can be used.
 
I don't remember the head of the content of the /etc/network/interfaces file...
I come to you after contacting my host and he does not
 
I have try this :

Code: 
 auto lo
 iface lo inet loopback
@@ -8,8 +16,15 @@
 iface eth0 inet static
     address 185.246.87.214
     netmask 255.255.255.00
     gateway  185.246.87.1
     broadcast 185.246.87.255
     network 185.246.87.0
     dns-nameservers 213.246.36.14 213.246.33.144 80.93.83.11
 # End of auto generated configuration by Ikoula

 auto vmbr0
 iface vmbr0 inet manual
     bridge-ports eth0
     bridge-stp off
     bridge-fd 0
 
If the bridge is the master of eth0, it will need to have the network configuration, try something like this:

Code: 
iface eth0 inet manual

auto vmbr0
iface vmbr0 inet static
     address 185.246.87.214
     netmask 255.255.255.0
     gateway  185.246.87.1
     broadcast 185.246.87.255
     network 185.246.87.0
     dns-nameservers 213.246.36.14 213.246.33.144 80.93.83.11
     bridge-ports eth0
     bridge-stp off
     bridge-fd 0
 
I do this...

Code: 
auto lo
iface lo inet loopback

auto eth0
iface eth0 inet manual

auto vmbr0
iface vmbr0 inet static
     address 185.246.87.214
     netmask 255.255.255.0
     gateway  185.246.87.1
     broadcast 185.246.87.255
     network 185.246.87.0
     dns-nameservers 213.246.36.14 213.246.33.144 80.93.83.11
     bridge-ports eth0
     bridge-stp off
     bridge-fd 0

but i have an error when I restart network service:
Code: 
Nov 19 14:28:13 ubypve01.ubynax-community.fr systemd[1]: networking.service: Main process exited, code=exited, status=1/FAILURE
Nov 19 14:28:13 ubypve01.ubynax-community.fr systemd[1]: Failed to start Raise network interfaces.
-- Subject: Unit networking.service has failed
-- Defined-By: systemd
-- Support: https://www.debian.org/support
--
-- Unit networking.service has failed.
--
-- The result is failed.
Nov 19 14:28:13 ubypve01.ubynax-community.fr systemd[1]: networking.service: Unit entered failed state.
Nov 19 14:28:13 ubypve01.ubynax-community.fr systemd[1]: networking.service: Failed with result 'exit-code'.
Nov 19 14:28:14 ubypve01.ubynax-community.fr kernel: IPv6: ADDRCONF(NETDEV_CHANGE): vmbr0: link becomes ready
Nov 19 14:28:15 ubypve01.ubynax-community.fr ntpd[1033]: bind(25) AF_INET6 fe80::b62e:99ff:fe69:5ceb%3#123 flags 0x11 failed: Cannot assign requested addr
Nov 19 14:28:15 ubypve01.ubynax-community.fr ntpd[1033]: unable to create socket on vmbr0 (6) for fe80::b62e:99ff:fe69:5ceb%3#123
Nov 19 14:28:15 ubypve01.ubynax-community.fr ntpd[1033]: failed to init interface for address fe80::b62e:99ff:fe69:5ceb%3
Nov 19 14:28:15 ubypve01.ubynax-community.fr ntpd[1033]: Deleting interface #5 eth0, fe80::b62e:99ff:fe69:5ceb%2#123, interface stats: received=0, sent=1,
Nov 19 14:28:17 ubypve01.ubynax-community.fr ntpd[1033]: Listen normally on 7 vmbr0 [fe80::b62e:99ff:fe69:5ceb%3]:123

And another question at the same time if the network configuration finally works thanks to your help, is it possible to run several VMs on the same IP address, that they all have access to the Internet, and that they can all listen to the ports they need (ex: The VM linux will have to listen to port 80, 443, 22, 21, .... and another port for my Windows VM...) Should I buy additional public IP addresses for each VM, or can I keep only one and configure a few things so that each VM "doesn't step on the feet of others"?

And on each VM, how do I configure their network card?

Sorry for all his questions and problems, This is my first time with a server configured directly with a public ip and not on a private network managed by me...;)
 
Last edited:
have you tried it?

# interface iface - public address interfae bridge
auto vmbr0
iface vmbr0 inet static
address 94.76.xxx.xxx
netmask 255.255.255.192
gateway 94.76.xxx.xxx
bridge_ports eth0
bridge_stp off
bridge_fd 0

# internal iface - used to bridge VMs with invalid address with NAT
auto vmbr2
iface vmbr2 inet static
address 10.0.0.1
netmask 255.255.255.0
bridge_ports none
bridge_stp off
bridge_fd 0
post-up iptables -A POSTROUTING -t nat -s '10.0.0.0/24' -o vmbr0 -j MASQUERADE
post-up iptables -A POSTROUTING -t mangle -p udp --dport bootpc -j CHECKSUM --checksum-fill
post-down iptables -D POSTROUTING -t nat -s '10.0.0.0/24' -o vmbr0 -j MASQUERADE
post-down iptables -D POSTROUTING -t mangle -p udp --dport bootpc -j CHECKSUM --checksum-fill
 
Last edited:
No, I haven't tried this method, I want to, but how do I configure the eth0 card?
 
MarOwN said:
No, I haven't tried this method, I want to, but how do I configure the eth0 card?
Click to expand...

leave eth0 alone... you will use bridge for this setup!! your public IP address will be addressed to the vmbr0, and the NAT interface bridge will be vmbr2, configure your guest to use 10.0.0.1 as default gateway (or whatever the invalid IP schema you use on your network)..
 
Code: 
# interface iface - public address interfae bridge
auto vmbr0
iface vmbr0 inet static
address 94.76.xxx.xxx
netmask 255.255.255.192
gateway 94.76.xxx.xxx
bridge_ports eth0
bridge_stp off
bridge_fd 0

# internal iface - used to bridge VMs with invalid address with NAT
auto vmbr2
iface vmbr2 inet static
address 10.0.0.1
netmask 255.255.255.0
bridge_ports none
bridge_stp off
bridge_fd 0
post-up iptables -A POSTROUTING -t nat -s '10.0.0.0/24' -o vmbr0 -j MASQUERADE
post-up iptables -A POSTROUTING -t mangle -p udp --dport bootpc -j CHECKSUM --checksum-fill
post-down iptables -D POSTROUTING -t nat -s '10.0.0.0/24' -o vmbr0 -j MASQUERADE
post-down iptables -D POSTROUTING -t mangle -p udp --dport bootpc -j CHECKSUM --checksum-fill

Just this or do you need to add :

Code: 
auto lo
iface lo inet loopback

# OR/AND

auto eth0
iface eth0 inet manual
 
below is the complete setup of /etc/network/interfaces:

auto lo
iface lo inet loopback

auto eth0
iface eth0 inet manual

# interface iface - public address interfae bridge
auto vmbr0
iface vmbr0 inet static
address 94.76.xxx.xxx
netmask 255.255.255.192
gateway 94.76.xxx.xxx
bridge_ports eth0
bridge_stp off
bridge_fd 0

# internal iface - used to bridge VMs with invalid address with NAT
auto vmbr2
iface vmbr2 inet static
address 10.0.0.1
netmask 255.255.255.0
bridge_ports none
bridge_stp off
bridge_fd 0
post-up iptables -A POSTROUTING -t nat -s '10.0.0.0/24' -o vmbr0 -j MASQUERADE
post-up iptables -A POSTROUTING -t mangle -p udp --dport bootpc -j CHECKSUM --checksum-fill
post-down iptables -D POSTROUTING -t nat -s '10.0.0.0/24' -o vmbr0 -j MASQUERADE
post-down iptables -D POSTROUTING -t mangle -p udp --dport bootpc -j CHECKSUM --checksum-fill
 
  • Like
Reactions: MarOwN
is difficult to investigate the problem just with this print screen... you may need to see other logs!!

As I can see the vmbr2 is up, maybe the problem is with eth0/vmbr0
 
What other logs do you need?

/etc/network/interfaces

Code: 
auto lo
iface lo inet loopback

auto eth0
iface eth0 inet manual

# interface iface - public address interfae bridge
auto vmbr0
iface vmbr0 inet static
address 185.246.87.214
netmask 255.255.255.0
gateway 185.246.87.1
broadcast 185.246.87.255
network 185.246.87.0
bridge_ports eth0
bridge_stp off
bridge_fd 0

# internal iface - used to bridge VMs with invalid address with NAT
auto vmbr2
iface vmbr2 inet static
address 10.0.0.1
netmask 255.255.255.0
bridge_ports none
bridge_stp off
bridge_fd 0
post-up iptables -A POSTROUTING -t nat -s '10.0.0.0/24' -o vmbr0 -j MASQUERADE
post-up iptables -A POSTROUTING -t mangle -p udp --dport bootpc -j CHECKSUM --checksum-fill
post-down iptables -D POSTROUTING -t nat -s '10.0.0.0/24' -o vmbr0 -j MASQUERADE
post-down iptables -D POSTROUTING -t mangle -p udp --dport bootpc -j CHECKSUM --checksum-fill
 
I can try to restart the server, but if the error persists I wouldn't know it, I simply couldn't connect to the server via SSH anymore... But I'm going to try
 
No, unfortunately.... A network card configuration error and I am good for an OS reinstallation by my host automatically :( ....
 
Now another question, how can I make sure that some ports are listened to by a VM, another port on another VM, etc...
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom