Linux Bridge Networking (vmnetX ethX)

Hi,

I am trying to setup Guest VMs to use a vmnet interface that is bridged to a physical nic, in order to be able to use ebtables to filter traffic going to each Guest VMs. The idea behind this is to be able to plug a dedicated server at a datacenter directly into a public switch and be able to grab public IPs but with the ability to shelter each guest VM by restricting which port/protocols are open for each Guest VM.

I found a number of messages in the forums refering the topic, but never with a clear example on how to get it going. So here is what I am doing (wrong probably):

1) Create a new vmnet interface (not bridged/host only or nat)

2) setup a linux link to it

3) create a bridge named br0

4) add both interface eth0 & vmnet0 to this bridge

5) bring the bridge up

Here is the small script that does this:

/usr/bin/vmnet-netifup -d /var/run/vmnet-netifup-vmnet0.pid /dev/vmnet0 vmnet0

ip link set vmnet0 up

brctl addbr br0

brctl addif br0 vmnet0

brctl addif br0 eth0

ifconfig br0 up

Now, I take a VM and set it to use vmnet0, boot it up. But when times come to grab an IP it is not successful.

Is there something I am missing here? I have tried setting up an IP address for the bridge br0 doing this:

ifconfig br0 10.0.0.101 netmask 255.255.255.0 up

And this works - meaning I can ping 10.0.0.101 from my lan. Nevertheless the VM is still unsuccessful at grabbing any IP via DHCP, or even when setting up a static IP showing any connectivity to the LAN network (10.0.0.x in my case).

Here is ifconfig output:

br0       Link encap:Ethernet  HWaddr 00:05:5D:FA:1E:63 

          inet addr:10.0.0.101  Bcast:10.0.0.255  Mask:255.255.255.0

          inet6 addr: fe80::205:5dff:fefa:1e63/64 Scope:Link

          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

          RX packets:81 errors:0 dropped:0 overruns:0 frame:0

          TX packets:8 errors:0 dropped:0 overruns:0 carrier:0

          collisions:0 txqueuelen:0

          RX bytes:7193 (7.0 KiB)  TX bytes:616 (616.0 b)

eth0      Link encap:Ethernet  HWaddr 00:05:5D:FA:1E:63 

          inet6 addr: fe80::205:5dff:fefa:1e63/64 Scope:Link

          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

          RX packets:335 errors:24161 dropped:24161 overruns:0 frame:59

          TX packets:4463 errors:112 dropped:0 overruns:0 carrier:0

          collisions:0 txqueuelen:1000

          RX bytes:44326 (43.2 KiB)  TX bytes:1186912 (1.1 MiB)

          Interrupt:217 Base address:0xc000 Memory:fdfff000-fdffffff

lo        Link encap:Local Loopback 

          inet addr:127.0.0.1  Mask:255.0.0.0

          inet6 addr: ::1/128 Scope:Host

          UP LOOPBACK RUNNING  MTU:16436  Metric:1

          RX packets:22838 errors:0 dropped:0 overruns:0 frame:0

          TX packets:22838 errors:0 dropped:0 overruns:0 carrier:0

          collisions:0 txqueuelen:0

          RX bytes:2992256 (2.8 MiB)  TX bytes:2992256 (2.8 MiB)

vmnet0    Link encap:Ethernet  HWaddr 00:50:56:C0:00:00 

          inet6 addr: fe80::250:56ff:fec0:0/64 Scope:Link

          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

          RX packets:39 errors:0 dropped:0 overruns:0 frame:0

          TX packets:22 errors:0 dropped:0 overruns:0 carrier:0

          collisions:0 txqueuelen:1000

          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)

Thank you in advance for enlightening my confused self...

Sébastien