LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (https://www.linuxquestions.org/questions/linux-networking-3/)
-   -   Is it possible to make macvlan work with bridge? (https://www.linuxquestions.org/questions/linux-networking-3/is-it-possible-to-make-macvlan-work-with-bridge-4175659658/)

Brian Lu 08-23-2019 05:37 AM
Is it possible to make macvlan work with bridge?
 
Hi All
I am building a network topology,and I need to make macvlan work with bridge.

eth0 is connected to ISP link with subnet 100.100.100.0/24
eth1 is connected to my PC with PC's IP= 100.100.100.40
================================================================
Case1:
/sbin/brctl addbr br0
/sbin/brctl stp br0 on
/sbin/brctl addif br0 eth0
/sbin/brctl addif br0 eth1
/sbin/ifconfig br0 up

/sbin/ip addr add 100.100.100.45/24 dev br0
/sbin/ip route add 100.100.100.1 dev br0

/sbin/ip route add 100.100.100.1 dev br0 table 1001
/sbin/ip route add default via 100.100.100.1 dev br0 table 1001

/sbin/iptables -w -t nat -A POSTROUTING -m comment --comment "do SNAT" -o br0 -j SNAT --to-s 100.100.100.45

PC 's traffic can go to internet with NATed IP 100.100.100.45 , but it is not what I want...I want to use macvlan,it is easy to calcute the bandwidth usage.
================================================================
Case2:
/sbin/brctl addbr br0
/sbin/brctl stp br0 on
/sbin/brctl addif br0 eth0
/sbin/brctl addif br0 eth1
/sbin/ifconfig br0 up

/sbin/ip link add link br0 br0_2 address 00:00:00:6B:E7:E0 type macvlan
/sbin/ifconfig br0_2 up

/sbin/ip addr add 100.100.100.45/24 dev br0_2
/sbin/ip route add 100.100.100.1 dev br0_2

/sbin/ip route add 100.100.100.1 dev br0_2 table 1001
/sbin/ip route add default via 100.100.100.1 dev br0_2 table 1001

/sbin/iptables -w -t nat -A POSTROUTING -m comment --comment "do SNAT" -o br0_2 -j SNAT --to-s 100.100.100.45

PC's traffic can go to internet and can't do NAT to 100.100.100.45.
PC can only use 100.100.100.40 to access internet
I want traffic can go through br0_2 and do nat to 100.100.100.45 , is it possible?
================================================================Case3:
/sbin/ip link add link eth0 eth0_5 address 00:00:00:c4:75:9e type macvlan
/sbin/ifconfig eth0_5 up
/sbin/ip link add link eth1 eth1_4 address 00:00:00:5e:bb:4e type macvlan
/sbin/ifconfig eth1_4 up

/sbin/brctl addbr br0
/sbin/brctl stp br0 on
/sbin/brctl addif br0 eth0_5
/sbin/brctl addif br0 eth1_4
/sbin/ifconfig br0 up

/sbin/ip addr add 100.100.100.45/24 dev br0
/sbin/ip route add 100.100.100.1 dev br0

/sbin/ip route add 100.100.100.1 dev br0 table 1001
/sbin/ip route add default via 100.100.100.1 dev br0 table 1001

/sbin/iptables -w -t nat -A POSTROUTING -m comment --comment "do SNAT" -o br0 -j SNAT --to-s 100.100.100.45

PC's traffic can not go to internet .
I want traffic can go through br0 to access internet and do nat to 100.100.100.45 , is it possible?

nini09 08-28-2019 02:29 PM
Your case is very weird.
For case 1, why do you use bridge? The routing mode should cover your case.

Brian Lu 09-04-2019 02:04 AM
Hi nini09
I want to create a DMZ Zone on my linux router(the role is like a firewall+L3 switch) which can make servers be accessed from internet directly.
But if servers in DMZ Zone to access internet,I need the servers to do SNAT to other IPs.

Internet <=> Linux Router do Bridge <=> LAN Servers

nini09 09-05-2019 02:40 PM
Normally in bridge mode, packet doesn't go to layer 3, IP layer. Just in layer 2, MAC layer. So iptable tool didn't work.
You can try following command to force packet to go through layer 3.
net.bridge.bridge-nf-call-iptables=1
net.bridge.bridge-nf-call-arptables=0


All times are GMT -5. The time now is 08:59 AM.