LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 08-23-2019, 05:37 AM   #1
Brian Lu
LQ Newbie
 
Registered: May 2008
Location: Taipei
Posts: 9

Rep: Reputation: 0
Question Is it possible to make macvlan work with bridge?


Hi All
I am building a network topology,and I need to make macvlan work with bridge.

eth0 is connected to ISP link with subnet 100.100.100.0/24
eth1 is connected to my PC with PC's IP= 100.100.100.40
================================================================
Case1:
/sbin/brctl addbr br0
/sbin/brctl stp br0 on
/sbin/brctl addif br0 eth0
/sbin/brctl addif br0 eth1
/sbin/ifconfig br0 up

/sbin/ip addr add 100.100.100.45/24 dev br0
/sbin/ip route add 100.100.100.1 dev br0

/sbin/ip route add 100.100.100.1 dev br0 table 1001
/sbin/ip route add default via 100.100.100.1 dev br0 table 1001

/sbin/iptables -w -t nat -A POSTROUTING -m comment --comment "do SNAT" -o br0 -j SNAT --to-s 100.100.100.45

PC 's traffic can go to internet with NATed IP 100.100.100.45 , but it is not what I want...I want to use macvlan,it is easy to calcute the bandwidth usage.
================================================================
Case2:
/sbin/brctl addbr br0
/sbin/brctl stp br0 on
/sbin/brctl addif br0 eth0
/sbin/brctl addif br0 eth1
/sbin/ifconfig br0 up

/sbin/ip link add link br0 br0_2 address 00:00:00:6B:E7:E0 type macvlan
/sbin/ifconfig br0_2 up

/sbin/ip addr add 100.100.100.45/24 dev br0_2
/sbin/ip route add 100.100.100.1 dev br0_2

/sbin/ip route add 100.100.100.1 dev br0_2 table 1001
/sbin/ip route add default via 100.100.100.1 dev br0_2 table 1001

/sbin/iptables -w -t nat -A POSTROUTING -m comment --comment "do SNAT" -o br0_2 -j SNAT --to-s 100.100.100.45

PC's traffic can go to internet and can't do NAT to 100.100.100.45.
PC can only use 100.100.100.40 to access internet
I want traffic can go through br0_2 and do nat to 100.100.100.45 , is it possible?
================================================================Case3:
/sbin/ip link add link eth0 eth0_5 address 00:00:00:c4:75:9e type macvlan
/sbin/ifconfig eth0_5 up
/sbin/ip link add link eth1 eth1_4 address 00:00:00:5e:bb:4e type macvlan
/sbin/ifconfig eth1_4 up

/sbin/brctl addbr br0
/sbin/brctl stp br0 on
/sbin/brctl addif br0 eth0_5
/sbin/brctl addif br0 eth1_4
/sbin/ifconfig br0 up

/sbin/ip addr add 100.100.100.45/24 dev br0
/sbin/ip route add 100.100.100.1 dev br0

/sbin/ip route add 100.100.100.1 dev br0 table 1001
/sbin/ip route add default via 100.100.100.1 dev br0 table 1001

/sbin/iptables -w -t nat -A POSTROUTING -m comment --comment "do SNAT" -o br0 -j SNAT --to-s 100.100.100.45

PC's traffic can not go to internet .
I want traffic can go through br0 to access internet and do nat to 100.100.100.45 , is it possible?
 
Old 08-28-2019, 02:29 PM   #2
nini09
Senior Member
 
Registered: Apr 2009
Posts: 1,718

Rep: Reputation: 143Reputation: 143
Your case is very weird.
For case 1, why do you use bridge? The routing mode should cover your case.
 
Old 09-04-2019, 02:04 AM   #3
Brian Lu
LQ Newbie
 
Registered: May 2008
Location: Taipei
Posts: 9

Original Poster
Rep: Reputation: 0
Hi nini09
I want to create a DMZ Zone on my linux router(the role is like a firewall+L3 switch) which can make servers be accessed from internet directly.
But if servers in DMZ Zone to access internet,I need the servers to do SNAT to other IPs.

Internet <=> Linux Router do Bridge <=> LAN Servers
 
Old 09-05-2019, 02:40 PM   #4
nini09
Senior Member
 
Registered: Apr 2009
Posts: 1,718

Rep: Reputation: 143Reputation: 143
Normally in bridge mode, packet doesn't go to layer 3, IP layer. Just in layer 2, MAC layer. So iptable tool didn't work.
You can try following command to force packet to go through layer 3.
net.bridge.bridge-nf-call-iptables=1
net.bridge.bridge-nf-call-arptables=0
 
  


Reply

Tags
bridge, iptables, linux, snat, virtual network


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
LXC in macvlan mode fails to ping gateway andrew036 Linux - Virtualization and Cloud 0 06-23-2014 04:44 AM
macvlan on host, macvtap guest, routing via host gives error nikunjmaster Linux - Virtualization and Cloud 0 01-01-2014 06:44 PM
[SOLVED] Assigning dynamic IP addresses on aliases using macvlan? magpiesally Linux - Networking 5 07-30-2013 02:26 AM
[SOLVED] To bridge or not to bridge (network) Adol Linux - Newbie 2 02-03-2012 09:03 AM
LXer: RC6 To Be Flipped On For Sandy Bridge, Ivy Bridge LXer Syndicated Linux News 0 12-11-2011 06:12 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 02:47 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration