Promiscuous bridge for LXC Container?

Discussion in 'Proxmox VE: Installation and configuration' started by mattlach, Jun 11, 2016.

  1. mattlach

    mattlach Member

    Joined:
    Mar 23, 2016
    Messages:
    147
    Likes Received:
    12
    Hey all,

    I am trying to run ntopng in an Ubuntu 14.04LTS container on my Proxmosx host.

    I set up my switch (Procurve 1810G-24) to mirror both RX and TX of the port connected to my router, to a separate port on the switch.

    Then I connected a designated NIC (eth3) on my Proxmox box to that port.

    Judging by the very unscientific method of looking at activity leds, it appears as if traffic is indeed being correctly mirrored to the desired port.

    Next, I created a new bridge (vmbr3) and added eth3 to this bridge.

    After this, I created a new LXC container, where eth0 is connected to the normal network (VMBr0), and eth1 - configured in promiscuous mode - is connected to vmbr3, the dedicated network bridge that only has the one physical interface.

    I installed ntopng, which appears to be running properly, yet it is not receiving any of the mirrored packets.

    I'm guessing there is something I need to do in order to allow eth3 and vmbr3 on the proxmox host to promiscuously forward everything received on eth3 to the LXC container, but I am not quite sure what that might be.

    Can anyone lend me a hand?

    Thanks,
    Matt

    My /etc/network/interfaces on the Proxmox host:

    Code:
    ~# cat /etc/network/interfaces
    # network interface settings; autogenerated
    # Please do NOT modify this file directly, unless you know what
    # you're doing.
    #
    # If you want to manage part of the network configuration manually,
    # please utilize the 'source' or 'source-directory' directives to do
    # so.
    # PVE will preserve these directives, but will NOT its network
    # configuration from sourced files, so do not attempt to move any of
    # the PVE managed interfaces into external files!
    
    auto lo
    iface lo inet loopback
    
    iface eth0 inet manual
    
    iface eth1 inet manual
    
    iface eth2 inet manual
    
    iface eth3 inet manual
    
    iface eth4 inet manual
    
    iface eth5 inet manual
    
    auto bond0
    iface bond0 inet manual
        slaves eth0 eth1 eth2
        bond_miimon 100
        bond_mode 802.3ad
        bond_xmit_hash_policy layer2
        bond-lacp-rate 1
    
    auto vmbr0
    iface vmbr0 inet static
        address  10.0.1.10
        netmask  255.255.255.0
        gateway  10.0.1.1
        bridge_ports bond0
        bridge_stp off
        bridge_fd 0
    
    auto vmbr1
    iface vmbr1 inet static
        address  10.0.2.10
        netmask  255.255.255.0
        bridge_ports none
        bridge_stp off
        bridge_fd 0
    
    auto vmbr2
    iface vmbr2 inet manual
        bridge_ports eth4 eth5
        bridge_stp off
        bridge_fd 0
    
    auto vmbr3
    iface vmbr3 inet manual
        bridge_ports eth3
        bridge_stp off
        bridge_fd 0
    My /etc/network/interfaces on my LXC container:

    Code:
    $ cat /etc/network/interfaces
    auto lo
    iface lo inet loopback
    
    auto eth0
    iface eth0 inet static
        address 10.0.1.2
        netmask 255.255.255.0
        gateway 10.0.1.1
    
    auto eth1
    iface eth1 inet manual
            up ifconfig eth1 promisc up
            down ifconfig eth1 promisc down
     
    ilakech likes this.
  2. joverdijk

    joverdijk New Member

    Joined:
    Jul 7, 2018
    Messages:
    7
    Likes Received:
    0
    I am exactly running into the same issue. I do however see ARP and broadcast traffic coming through, but it looks like the 'promisc' part is being dropped before forwarding it to the container.
    Anyone?
     
  3. Stoiko Ivanov

    Stoiko Ivanov Proxmox Staff Member
    Staff Member

    Joined:
    May 2, 2018
    Messages:
    943
    Likes Received:
    74
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice