Need
I have two Linux hosts. Host1 and Host2.
I need to be able to communicate with host2 on our network through a bridge built on Host1.
Problem:
br0 is pingable, but when ens161 and ens192 are both enabled, and I try to ping the br0 on Host1 I get “(!DUP)”s. I think this is caused by vmware’s pernicious mode on both port networks assigned to each vm. The main problem is, I cannot ping Host2 at all from the network.
Environment
Host1 (RHEL 7.9) has two interfaces. Want to use network-scripts to configure the interfaces.
- ens161 – network connection to LAN – Uses vmware port-network-01
- ens192 – network connection to host2 – Uses vmware port-network-02
Host2 (Ubuntu 18.04) has one interfaces. Want to use netplan for this interface.
- ens160 – network connection to host1 – Uses vmware port-network-02
Host1 has the bridge set up called “br0”, and has network-script configured to give it an ip interface
Note these are virtual machines living on ESXi’s, their nics are connected to vmware port networks, each of which are on seperate vlans. Port networks are connected to a distributed switch.
Here are my network scripts
Host01 – br0
TYPE="Bridge"
DEVICE=br0
BOOTPROTO=static
ONBOOT=yes
NM_CONTROLLED="no"
PREFIX=22
IPADDR=10.10.10.10
NETMASK=255.255.255.0
GATEWAY=10.10.10.1
Host01 – ens161
DEVICE=ens-161
HWADDR=00:50:56:bd:9f:25
ONBOOT=yes
TYPE=Ethernet
IPV6INIT=no
USERCTL=no
BRIDGE=br0
Host01 – ens192
DEVICE=ens-192
HWADDR=00:50:56:bd:b3:cd
ONBOOT=yes
TYPE=Ethernet
IPV6INIT=no
USERCTL=no
BRIDGE=br0
enter code here
Here is Host2’s netplan configuration
HOST2 – ens160 (netplan yaml)
network:
ethernets:
ens160:
addresses:
- 10.10.10.11/24
dhcp4: no
gateway4: 10.10.10.1
version:2
The rest below are all of Host1 the RHEL server with the bridge’s configurations:
Here is my brctl show
information
bridge name bridge id STP enabled interfaces
br0 8000.005056bd9f25 no ens-161
ens-192
Here is ip -br addr show
lo UNKNOWN 127.0.0.1/8 ::1/128
ens-161 UP fe80::250:56ff:febd:9f25/64
ens-192 UP fe80::250:56ff:febd:b3cd/64
br0 UP 10.10.10.10/24 fe80::250:56ff:febd:9f25/64
Here is iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere
INPUT_direct all -- anywhere anywhere
INPUT_ZONES_SOURCE all -- anywhere anywhere
INPUT_ZONES all -- anywhere anywhere
DROP all -- anywhere anywhere ctstate INVALID
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere
FORWARD_direct all -- anywhere anywhere
FORWARD_IN_ZONES_SOURCE all -- anywhere anywhere
FORWARD_IN_ZONES all -- anywhere anywhere
FORWARD_OUT_ZONES_SOURCE all -- anywhere anywhere
FORWARD_OUT_ZONES all -- anywhere anywhere
DROP all -- anywhere anywhere ctstate INVALID
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere
OUTPUT_direct all -- anywhere anywhere
Chain FORWARD_IN_ZONES (1 references)
target prot opt source destination
FWDI_public all -- anywhere anywhere (goto)
FWDI_public all -- anywhere anywhere (goto)
FWDI_public all -- anywhere anywhere (goto)
FWDI_public all -- anywhere anywhere (goto)
Chain FORWARD_IN_ZONES_SOURCE (1 references)
target prot opt source destination
Chain FORWARD_OUT_ZONES (1 references)
target prot opt source destination
FWDO_public all -- anywhere anywhere (goto)
FWDO_public all -- anywhere anywhere (goto)
FWDO_public all -- anywhere anywhere (goto)
FWDO_public all -- anywhere anywhere (goto)
Chain FORWARD_OUT_ZONES_SOURCE (1 references)
target prot opt source destination
Chain FORWARD_direct (1 references)
target prot opt source destination
Chain FWDI_public (4 references)
target prot opt source destination
FWDI_public_log all -- anywhere anywhere
FWDI_public_deny all -- anywhere anywhere
FWDI_public_allow all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere
Chain FWDI_public_allow (1 references)
target prot opt source destination
Chain FWDI_public_deny (1 references)
target prot opt source destination
Chain FWDI_public_log (1 references)
target prot opt source destination
Chain FWDO_public (4 references)
target prot opt source destination
FWDO_public_log all -- anywhere anywhere
FWDO_public_deny all -- anywhere anywhere
FWDO_public_allow all -- anywhere anywhere
Chain FWDO_public_allow (1 references)
target prot opt source destination
Chain FWDO_public_deny (1 references)
target prot opt source destination
Chain FWDO_public_log (1 references)
target prot opt source destination
Chain INPUT_ZONES (1 references)
target prot opt source destination
IN_public all -- anywhere anywhere (goto)
IN_public all -- anywhere anywhere (goto)
IN_public all -- anywhere anywhere (goto)
IN_public all -- anywhere anywhere (goto)
Chain INPUT_ZONES_SOURCE (1 references)
target prot opt source destination
Chain INPUT_direct (1 references)
target prot opt source destination
Chain IN_public (4 references)
target prot opt source destination
IN_public_log all -- anywhere anywhere
IN_public_deny all -- anywhere anywhere
IN_public_allow all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere
Chain IN_public_allow (1 references)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh ctstate NEW,UNTRACKED
Chain IN_public_deny (1 references)
target prot opt source destination
Chain IN_public_log (1 references)
target prot opt source destination
Chain OUTPUT_direct (1 references)
target prot opt source destination
Trouble shooting:
- I followed the instructions from this post. Did not seem to help. The topology is the same as mine besides the different network interface names.
bridge network between two linux servers
- Made sure to turn on pernicious mode and forged transmits on both port networks in vmware.
- I stoped and disabled NetworkManager
- I deployed a new ubuntu 18.04 system, and was able to configure the network bridge with netplan with no problems, it just worked.
Final thoughts
I know little to nothing about linux bridging, hence why I set up this lab to learn it. If I am going about this the wrong way, or not using bridges as intended, tell me. I want to make sure I understand the concepts as well as how to configure Linux bridging properly on Debian and RHEL systems.