Linux - how to make two bridges on one NIC?

fVY1_l · April 29, 2018, 12:23pm

Hello,

I have a problem with making two bridges on my proxmox installation.

I can’t bridge vmbr0 to vmbr1 since vmbr0 is a bridge.
And I can’t bridge physical interface to vmbr1 since it’s already bridged to vmbr0.

I need that thing to work this way because I have to have at least two different MACs on the same NIC.
(It’s because OVH is using static routing (IP is bound to MAC) )

I’ve already seached for that on the internet but I can’t find any useful tutorial nor anything that I’m able to understand and apply in my case.

nx2l · April 29, 2018, 12:56pm

If the MACs are different… why not just connect both to the same bridge?

fVY1_l · April 29, 2018, 2:29pm

What do you mean?

Something like this?

auto lo
iface lo inet loopback

iface enp0s3 inet manual

allow-hotplug enp0s3

auto vmbr0
iface vmbr0 inet static
        address  192.168.0.31
        netmask  255.255.255.0
        gateway  192.168.0.1
        bridge_ports enp0s3
        bridge_stp off
        bridge_fd 0
        bridge_vlan_aware yes

auto vmbr0:1
iface vmbr0:1 inet static
        address  192.168.0.55
        netmask  255.255.255.0
        hwaddress ether 00:11:22:33:44:55

fVY1_l · May 1, 2018, 2:53pm

Um… I still don’t have a solution to my problem : /
One possible one was to make a virtual interface and assign custom mac to that one, but I don’t know how to do that.

Jazz · May 1, 2018, 3:04pm

something like this?

auto lo
iface lo inet loopback

iface enp0s3 inet manual

iface enp0s3:1 inet manual

allow-hotplug enp0s3

auto vmbr0
iface vmbr0 inet static
        address  192.168.0.31
        netmask  255.255.255.0
        gateway  192.168.0.1
        bridge_ports enp0s3
        bridge_stp off
        bridge_fd 0
        bridge_vlan_aware yes

auto vmbr1
iface vmbr1 inet static
        bridge_ports enp0s3:1
       address ......

EDIT:

wait, you need to assign the ip addresses to the bridge or the vms?

fVY1_l · May 1, 2018, 4:39pm

The problem that I have is that I have to have second interface with custom MAC that will be visible to switch outside of my server.

SgtAwesomesauce · May 1, 2018, 8:10pm

Ideally, the solution to this would be to attach one bridge to a vlan and one to the physical adapter. I don’t know if it’s still the case, but for a while, you couldn’t connect multiple nics to a single subnet in Linux or you’d run into problems.

I’m not sure if that’s what you’re looking for though.

fVY1_l · May 1, 2018, 8:40pm

I just want to have two virtual adapters on the host with different MACs and IPs.

One of them acticng as a NAT for few containers and another one acting as a bridge for other containers that have their own MACs and IPs.

SgtAwesomesauce · May 1, 2018, 9:12pm

I think the example that @jazz gave above should work for you in this case.

I may be misunderstanding the parameters though. Let me do a little diagram to be sure we’re on the same page.

Something like this?

 + ethX
 |
 + - +  Bridge 1 (NAT) (192.168.0.102)
 |   |
 |   + VM (192.168.0.102:8080)
 |   + VM (192.168.0.102:6789)
 |   + VM (192.168.0.102:1234)
 |
 + - +  Bridge 2 (bridge) (192.168.0.103)
     |
     + VM (192.168.0.104)
     + VM (192.168.0.105)
     + VM (192.168.0.106)

nx2l · May 2, 2018, 12:23am

I like the idea of the sub interface that was said above… Why do you need two different bridges tho?

Dexter_Kane · May 2, 2018, 12:43am

With KVM you can assign the same bridge interface to multiple VMs and they will each have a unique mac address, the bridge itself does not need an IP. You don’t need to make multiple bridge interfaces.

cekim · May 2, 2018, 1:04am

macvtap in kvm behaves very nicely if you want to assign as many virtual MAC address as you like and make them visible to the outside world.

risk · May 2, 2018, 5:02am

Look at macvlan/ ipvlan. It’ll help you create a virtual network interface with a separate mac on top of same physical interface.

Marten · May 2, 2018, 7:14am

Interesting tread. Im more I want a vm with a VPN locked down so it cant leakl my ip.

fVY1_l · May 2, 2018, 10:47am

Yes, but Bridge 1 and 2 have to have different MACs.

fVY1_l · May 2, 2018, 10:48am

But I want to avoid using KVM, I know that this would be arelly easy if I’d use KVM, but I don’t want to.

Containers just suit better my usecase.

Dexter_Kane · May 2, 2018, 10:50am

Sorry, I thought you said you were using KVM

nx2l · May 2, 2018, 12:33pm

just try sub interfaces.

fVY1_l · May 27, 2018, 3:48pm

Little update on this problem:

Turns out that ovh is not limiting me to virtual MACs with additional IPs so I was able to just make subinterface of vmbr0 with different IP and make a bridge out of that.

Thanks everyone for help.