networking – Linux rhel / centos, configure network bridge between two interfaces to communicate with secondary host (Using VMware)

Need
I have two Linux hosts. Host1 and Host2.
I need to be able to communicate with host2 on our network through a bridge built on Host1.

Problem:
br0 is pingable, but when ens161 and ens192 are both enabled, and I try to ping the br0 on Host1 I get “(!DUP)”s. I think this is caused by vmware’s pernicious mode on both port networks assigned to each vm. The main problem is, I cannot ping Host2 at all from the network.

Environment

Host1 (RHEL 7.9) has two interfaces. Want to use network-scripts to configure the interfaces.

  • ens161 – network connection to LAN – Uses vmware port-network-01
  • ens192 – network connection to host2 – Uses vmware port-network-02

Host2 (Ubuntu 18.04) has one interfaces. Want to use netplan for this interface.

  • ens160 – network connection to host1 – Uses vmware port-network-02

Host1 has the bridge set up called “br0”, and has network-script configured to give it an ip interface
Note these are virtual machines living on ESXi’s, their nics are connected to vmware port networks, each of which are on seperate vlans. Port networks are connected to a distributed switch.

Here are my network scripts

Host01 – br0

TYPE="Bridge"
DEVICE=br0
BOOTPROTO=static
ONBOOT=yes
NM_CONTROLLED="no"
PREFIX=22
IPADDR=10.10.10.10
NETMASK=255.255.255.0
GATEWAY=10.10.10.1

Host01 – ens161

DEVICE=ens-161
HWADDR=00:50:56:bd:9f:25
ONBOOT=yes
TYPE=Ethernet
IPV6INIT=no
USERCTL=no
BRIDGE=br0

Host01 – ens192

DEVICE=ens-192
HWADDR=00:50:56:bd:b3:cd
ONBOOT=yes
TYPE=Ethernet
IPV6INIT=no
USERCTL=no
BRIDGE=br0
enter code here

Here is Host2’s netplan configuration

HOST2 – ens160 (netplan yaml)

network:
    ethernets:
        ens160:
            addresses:
            - 10.10.10.11/24
            dhcp4: no
            gateway4: 10.10.10.1
    version:2

The rest below are all of Host1 the RHEL server with the bridge’s configurations:

Here is my brctl show information

bridge name     bridge id               STP enabled     interfaces
br0             8000.005056bd9f25       no              ens-161
                                                        ens-192

Here is ip -br addr show

lo               UNKNOWN        127.0.0.1/8 ::1/128
ens-161          UP             fe80::250:56ff:febd:9f25/64
ens-192          UP             fe80::250:56ff:febd:b3cd/64
br0              UP             10.10.10.10/24 fe80::250:56ff:febd:9f25/64

Here is iptables -L

Chain INPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
ACCEPT     all  --  anywhere             anywhere
INPUT_direct  all  --  anywhere             anywhere
INPUT_ZONES_SOURCE  all  --  anywhere             anywhere
INPUT_ZONES  all  --  anywhere             anywhere
DROP       all  --  anywhere             anywhere             ctstate INVALID
REJECT     all  --  anywhere             anywhere             reject-with icmp-host-prohibited

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
ACCEPT     all  --  anywhere             anywhere
FORWARD_direct  all  --  anywhere             anywhere
FORWARD_IN_ZONES_SOURCE  all  --  anywhere             anywhere
FORWARD_IN_ZONES  all  --  anywhere             anywhere
FORWARD_OUT_ZONES_SOURCE  all  --  anywhere             anywhere
FORWARD_OUT_ZONES  all  --  anywhere             anywhere
DROP       all  --  anywhere             anywhere             ctstate INVALID
REJECT     all  --  anywhere             anywhere             reject-with icmp-host-prohibited

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere
OUTPUT_direct  all  --  anywhere             anywhere

Chain FORWARD_IN_ZONES (1 references)
target     prot opt source               destination
FWDI_public  all  --  anywhere             anywhere            (goto)
FWDI_public  all  --  anywhere             anywhere            (goto)
FWDI_public  all  --  anywhere             anywhere            (goto)
FWDI_public  all  --  anywhere             anywhere            (goto)

Chain FORWARD_IN_ZONES_SOURCE (1 references)
target     prot opt source               destination

Chain FORWARD_OUT_ZONES (1 references)
target     prot opt source               destination
FWDO_public  all  --  anywhere             anywhere            (goto)
FWDO_public  all  --  anywhere             anywhere            (goto)
FWDO_public  all  --  anywhere             anywhere            (goto)
FWDO_public  all  --  anywhere             anywhere            (goto)

Chain FORWARD_OUT_ZONES_SOURCE (1 references)
target     prot opt source               destination

Chain FORWARD_direct (1 references)
target     prot opt source               destination

Chain FWDI_public (4 references)
target     prot opt source               destination
FWDI_public_log  all  --  anywhere             anywhere
FWDI_public_deny  all  --  anywhere             anywhere
FWDI_public_allow  all  --  anywhere             anywhere
ACCEPT     icmp --  anywhere             anywhere

Chain FWDI_public_allow (1 references)
target     prot opt source               destination

Chain FWDI_public_deny (1 references)
target     prot opt source               destination

Chain FWDI_public_log (1 references)
target     prot opt source               destination

Chain FWDO_public (4 references)
target     prot opt source               destination
FWDO_public_log  all  --  anywhere             anywhere
FWDO_public_deny  all  --  anywhere             anywhere
FWDO_public_allow  all  --  anywhere             anywhere

Chain FWDO_public_allow (1 references)
target     prot opt source               destination

Chain FWDO_public_deny (1 references)
target     prot opt source               destination

Chain FWDO_public_log (1 references)
target     prot opt source               destination

Chain INPUT_ZONES (1 references)
target     prot opt source               destination
IN_public  all  --  anywhere             anywhere            (goto)
IN_public  all  --  anywhere             anywhere            (goto)
IN_public  all  --  anywhere             anywhere            (goto)
IN_public  all  --  anywhere             anywhere            (goto)

Chain INPUT_ZONES_SOURCE (1 references)
target     prot opt source               destination

Chain INPUT_direct (1 references)
target     prot opt source               destination

Chain IN_public (4 references)
target     prot opt source               destination
IN_public_log  all  --  anywhere             anywhere
IN_public_deny  all  --  anywhere             anywhere
IN_public_allow  all  --  anywhere             anywhere
ACCEPT     icmp --  anywhere             anywhere

Chain IN_public_allow (1 references)
target     prot opt source               destination
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:ssh ctstate NEW,UNTRACKED

Chain IN_public_deny (1 references)
target     prot opt source               destination

Chain IN_public_log (1 references)
target     prot opt source               destination

Chain OUTPUT_direct (1 references)
target     prot opt source               destination

Trouble shooting:

  • I followed the instructions from this post. Did not seem to help. The topology is the same as mine besides the different network interface names.
    bridge network between two linux servers
  • Made sure to turn on pernicious mode and forged transmits on both port networks in vmware.
  • I stoped and disabled NetworkManager
  • I deployed a new ubuntu 18.04 system, and was able to configure the network bridge with netplan with no problems, it just worked.

Final thoughts
I know little to nothing about linux bridging, hence why I set up this lab to learn it. If I am going about this the wrong way, or not using bridges as intended, tell me. I want to make sure I understand the concepts as well as how to configure Linux bridging properly on Debian and RHEL systems.