Ok, so even if I follow
http://ebtables.sourceforge.net/br_fw_ia/br_fw_ia.html#section7 as a loose
template for what to do; the result is the same.
I think the big problem is I've enslaved tap0 and tap1 to the bridge (now
br0) BUT each tap device makes up one end of a p-t-p link. The other end
being the eth0 device inside the UML. So am I correct in assuming that
the bridge is merely not routing traffic back to the UML's eth0 because
there is no translation between br0's tapX devices and the UML's eth0s?
How can I get these satellite devices to look like extensions of the
bridge? Is that where ebtables comes into play with MAC NAT et al?
snitm@...:~> sudo brctl showmacs br0
port no mac addr is local? ageing timer
1 00:ff:33:9f:43:45 yes 0.00
2 00:ff:91:17:3a:d5 yes 0.00
1 fe:fd:c0:a8:00:02 no 30.74
2 fe:fd:c0:a8:00:03 no 0.27
local #1 is tap0
local #2 is tap1
non-local #1 is uml0's eth0
non-local #2 is uml1's eth0
So do the bridge knows that the UMLs have the given non-local MACs but the
bridge doesn't extend to those physical devices; is there any way to
enslave these non-local devices to the bridge?
Thanks for any insight,
On Mon, Mar 22 2004 at 12:21,
Mike Snitzer <msnitzer@...> wrote:
> I used the howto at http://edeca.net/articles/bridging/ to put together
> automated scripts for managing a bridge that is used to Masquerade local
> computers to the greater internet AND allow UML tap devices to attach to
> the bridge. I have attached this script in the hope that you could
> possibly identify what I might be doing wrong. The individual UMLs are
> brought up and can reach the host machine as well as the Internet (via
> iptables MASQ). The problem is the UMLs that are attached to the bridge
> cannot reach each other. I'm not sure if I'm missing some
> ebtables/arptables magic to get this all working.
> Even if I eliminate iptables/MASQ from the equation (USE_NAT=1 in the
> attached bridge.sh) the UMLs still can't reach each other.
> Any insight into what could be wrong with my configuration would be
> greatly appreciated. I've included an email I sent to the uml user
> mailing list; hopefully it has enough details. If not ask away ;)
> ---- Forwarded message from Mike Snitzer <msnitzer@...> -----
> > From: Mike Snitzer <msnitzer@...>
> > Date: Sun, 21 Mar 2004 15:48:25 -0700
> > To: roland <for_spam@...>
> > Cc: user-mode-linux-user@...
> > Subject: [uml-user] Re: can not ping out of my uml-server
> > On Sat, Mar 20 2004 at 18:41,
> > roland <for_spam@...> wrote:
> > > furthermore - if you can use real ethernet bridging on your host (i.e. if you
> > > have bridging in the kernel and bridge-tools installed) - i would first recommend,
> > > that you test your uml with the network variant described at:
> > > http://edeca.net/articles/bridging/index.html
> > > it`s the most straightforward or "elegant" solution. no routing,arp,nat,whatever issues,
> > > just one ip per uml and easy to understand, IMHO. it has always been working well for me.
> > Roland et al,
> > I went ahead and configured bridging for my UML setup and all is well
> > except I can only ping the default route (happens to be the bridge
> > itself). I can't ping between UMLs that were added to the bridge even
> > though they are arp'ing (arp returns the UML's view of the mac, not the
> > tap device's MAC):
> > tcpdump on the bridge interface yields:
> > 15:01:08.921389 arp who-has 192.168.1.100 tell 192.168.1.101
> > 15:01:08.921640 arp reply 192.168.1.100 is-at fe:fd:c0:a8:1:64
> > ...
> > 15:32:02.868779 arp who-has 192.168.1.101 tell 192.168.1.100
> > 15:32:02.869136 arp reply 192.168.1.101 is-at fe:fd:c0:a8:1:65
> > uml0:~# ifconfig eth0 | grep -A 1 HW
> > eth0 Link encap:Ethernet HWaddr FE:FD:C0:A8:01:64
> > inet addr:192.168.1.100 Bcast:192.168.1.255 Mask:255.255.255.0
> > uml0:~# arp -a
> > ? (192.168.1.5) at 00:02:B3:1D:B6:E4 [ether] on eth0
> > ? (192.168.1.101) at FE:FD:C0:A8:01:65 [ether] on eth0
> > uml1:~# ifconfig eth0 | grep -A 1 HW
> > eth0 Link encap:Ethernet HWaddr FE:FD:C0:A8:01:65
> > inet addr:192.168.1.101 Bcast:192.168.1.255 Mask:255.255.255.0
> > uml1:~# arp -a
> > ? (192.168.1.5) at 00:02:B3:1D:B6:E4 [ether] on eth0
> > ? (192.168.1.100) at FE:FD:C0:A8:01:64 [ether] on eth0
> > Routing table for both umls:
> > Destination Gateway Genmask Flags Metric Ref Use Iface
> > 192.168.1.0 * 255.255.255.0 U 0 0 0 eth0
> > default 192.168.1.5 0.0.0.0 UG 0 0 0 eth0
> > snitm: snitm@...:~> sudo brctl showmacs uml-bridge
> > port no mac addr is local? ageing timer
> > 1 00:02:b3:1d:b6:e4 yes 0.00
> > 1 00:07:40:35:9d:8a no 24.55
> > 1 00:e0:7d:88:ad:3b no 116.87
> > 3 00:ff:56:04:f0:73 yes 0.00
> > 2 00:ff:a3:d1:48:b9 yes 0.00
> > 2 fe:fd:c0:a8:01:64 no 116.85
> > 3 fe:fd:c0:a8:01:65 no 116.85
> > So you'll notice that the bridge (192.168.1.5, ...:e4) shows the tap0
> > (...:b9) and tap1 (...:73) ethernet MAC addresses as 'local'. All this
> > said, how might I fix this so that the UMLs can reach each other over the
> > bridge?
> > Do I need to set the mac in the guest UML kernel's eth0=tuntap,tapX,<mac>
> > arg?
> > Thanks!
> > Mike
> > --
> > Mike Snitzer msnitzer@...
> > Linux Networx http://www.lnxi.com
> > -------------------------------------------------------
> > This SF.Net email is sponsored by: IBM Linux Tutorials
> > Free Linux tutorial presented by Daniel Robbins, President and CEO of
> > GenToo technologies. Learn everything from fundamentals to system
> > administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
> > _______________________________________________
> > User-mode-linux-user mailing list
> > User-mode-linux-user@...
> > https://lists.sourceforge.net/lists/listinfo/user-mode-linux-user
> ----- End forwarded message -----
Mike Snitzer msnitzer@...
Linux Networx http://www.lnxi.com