Arch Linux

hleung

Member

Registered: 2011-01-10

Posts: 20

Website

Bridge Interface breaks Internet in VM Network

Hi,

I'm planning to setup a mini-PC as a router like in this Arch Router Config. As a first test using VirtualBox, I created 2 virtual machines. One acts as a router (VMRouter), and the other one like a normal computer (VMPC). VMRouter had 2 network interfaces: NAT with DHCP, and LAN (internal network) with Static IP. VMPC connects to VMRouter to LAN.  After some time, I managed to get it to work.

Now, I'm setting up VMRouter with 3 network interfaces: NAT (enp0s3), LAN (enp0s8), LAN_as_WLAN (enp0s9).  I created 2 other VMs, one connects to LAN and the other to LAN_as_WLAN.  Instead of writing iptables for individual network interface, I thought of creating a bridged network between enp0s8 and enp0s9.

Here is NAT profile:

/etc/netctl/wan_profile

Description='WAN Profile'
Interface=enp0s3
Connection=ethernet
IP=dhcp

Here is Bridge profile:

/etc/netctl/brg_profile

Description='Bridge Profile'
Interface=br0
Connection=bridge
BindsToInterfaces=(enp0s8 enp0s9)
IP=static
Address=('192.168.23.10/24')

SkipForwardingDelay=yes
SkipNoCarrier=yes

Next is forwarding

/etc/sysctl.d/30-ipforward.conf

net.ipv4.ip_forward=1
net.ipv6.conf.default.forwarding=1
net.ipv6.conf.all.forwarding=1

For iptables:

iptables -t nat -A POSTROUTING -o enp0s3 -j MASQUERADE
iptables -A FORWARD -i br0 -o enp0s3 -j ACCEPT
iptables -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -J ACCEPT

Finally, DHCP Server

/etc/dhcpd.conf

option domain-name-servers 8.8.8.8, 8.8.4.4;
option subnet-mask 255.255.255.0;
option routers 192.169.23.10;
subnet 192.168.23.0 netmask 255.255.255.0 {
   range 192.168.23.150 192.168.23.200;
}

/etc/systemd/system/dhcpd4@service

[Unit]
Description=IPv4 DHCP Server on %I
Wants=network-online.target
After=network-online.target

[Service]
Type=forking
PIDFile=/run/dhcpd4.pid
ExecStart=/usr/bin/dhcpd -4 -q -pf /run/dhcpd4.pid %I
KillSignal=SIGINT

[Install]
WantedBy=multi-user.target

Finally, I started the procedure as follows:

sudo netctl start wan_profile
sudo netctl start brg_profile
sudo systemctl start systemd-networkd-wait-online
sudo systemctl start dhcpd4@br0.service

I tried to ping Google from the VMPCs but was unsuccessful. I thought there was a problem with the forwarding and the routing.  To my surprise, my VMRouter was not connected to the internet either.  Using the command "ip address", I can see enp0s3 is up, both enp0s8 and enp0s9 are bridged to br0 (and br0 is also up with the assigned static IP).

I rebooted VMRouter and verified the internet connection after executing every command.  The only time VMRouter is connected to the internet is starting my wan_profile.  As soon as I start brg_profile, VMRouter is cut off from the internet.

I read wiki's Internet Sharing and wiki's Dhcpd but I can't figure it out.  Did I do something wrong when I configured the bridge interface that would cause the internet to drop as soon as I activate brg_profile?

Thank for any help.

---

Everyone has their own belief, and that belief becomes their own religion.
My bible = "Rapture for the Geeks " by Richard Dooling

Lone_Wolf

Forum Moderator

From: Netherlands, Europe

Registered: 2005-10-04

Posts: 11,923

Re: Bridge Interface breaks Internet in VM Network

I wouldn't use systemd-networkd-wait-online.service with network manage tools like netcl & dhcpcd. (systemd-networkd is bad at cooperating with other network managers, possibly with the exception of NetworkManager )

DESCRIPTION
       systemd-networkd-wait-online is a oneshot system service (see systemd.service(5)), that waits for the network to be configured. By
       default, it will wait for all links it is aware of and which are managed by systemd-networkd.service(8) to be fully configured or
       failed, and for at least one link to be online. Here, online means that the link's operational state is equal or higher than
       "degraded". The threshold can be configured by --operational-state= option.

Try again without the systemd-networkd-wait-online part .

---

Disliking systemd intensely, but not satisfied with alternatives so focusing on taming systemd.

(A works at time B)  && (time C > time B ) ≠  (A works at time C)

hleung

Member

Registered: 2011-01-10

Posts: 20

Website

Re: Bridge Interface breaks Internet in VM Network

After much frustration, I rebuilt VMRouter with 3 network interfaces from scratch.  Somehow, this time, it connects to the Internet no problem.

However, my VMPCs connected to this VMRouter still can't ping anything. I verified the IP addresses on my VMPCs and they are properly allocated. I even tried to ping VMRouter's IP 192.168.23.10 and they are all 100% packet loss.

$>ping -c4 www.google.com
ping: www.google.com: Temporary failure in name resolution

$>ping -c4 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.

--- 8.8.8.8 ping statistics ---
4 packets transmitted, 0 received, 100% packet loss, time 114ms

I wouldn't use systemd-networkd-wait-online.service with network manage tools like netcl & dhcpcd. (systemd-networkd is bad at cooperating with other network managers, possibly with the exception of NetworkManager )

DESCRIPTION
       systemd-networkd-wait-online is a oneshot system service (see systemd.service(5)), that waits for the network to be configured. By
       default, it will wait for all links it is aware of and which are managed by systemd-networkd.service(8) to be fully configured or
       failed, and for at least one link to be online. Here, online means that the link's operational state is equal or higher than
       "degraded". The threshold can be configured by --operational-state= option.

Try again without the systemd-networkd-wait-online part .

I have removed systemd-networkd-wait-online. There's no difference.

---

Everyone has their own belief, and that belief becomes their own religion.
My bible = "Rapture for the Geeks " by Richard Dooling

Lone_Wolf

Forum Moderator

From: Netherlands, Europe

Registered: 2005-10-04

Posts: 11,923

Re: Bridge Interface breaks Internet in VM Network

Let's try to get the network situation clear .

You have these devices : internet gateway router (IGR) , host pc, VMrouter  , 1 or more VMclients

Is VMrouter on the same LAN as IGR and host ?

Your description suggests the VMclients are in a separate LAN and can see the VMrouter but not host or IGR ?

---

Disliking systemd intensely, but not satisfied with alternatives so focusing on taming systemd.

(A works at time B)  && (time C > time B ) ≠  (A works at time C)

hleung

Member

Registered: 2011-01-10

Posts: 20

Website

Re: Bridge Interface breaks Internet in VM Network

I have an IGR and a Windows Host PC.  Inside my Host PC, I have created a VM Network composed of VMRouter and 2 VM Clients.  I have linked a diagram:

I'm trying to bridge enp0s8 and enp0s9 together under br0 with a static IP of 192.168.23.10.  My VM Clients seem to see VMRouter (because they both have IP address in the range defined in the dhcpd.conf above), but they both cannot ping anything (not Google, not VMRouter's IP, not the other VM Client's IP).

---

Everyone has their own belief, and that belief becomes their own religion.
My bible = "Rapture for the Geeks " by Richard Dooling