This descibes useful things for /etc/network/interfaces

Bridge ports

auto theory
iface theory inet dhcp
    bridge_ports eth2 eth0.11


auto reichman
iface reichman inet dhcp
    pre-up ip link add link eth0 name reichman type vlan id 14 || true
    post-down ip link del reichman

Create a private virtual LAN which you can connect `tap` devices to

This creates an automatically-made lan interface, which is a bridge. It starts off with no actual devices connected to it. It gives it a static address and netmask. It then sets makes iptables rules and enables forwarding.

auto lan
iface lan inet static
    bridge_ports none
    up iptables -P FORWARD DROP
    up sysctl net.ipv4.ip_forward=1
    up iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
    up sudo iptables -A FORWARD -i lan -j ACCEPT
    up iptables -t nat -A POSTROUTING -s -j MASQUERADE

How can you use this device? Well, you can have kvm great a tap device for its machines and add them to a given bridge device.

Create this script named add-iface-to_lan. If you name it add-iface-to_DEVICE it will bridge the interface given on $1 with the bridge specified in the filename.

bridge=`echo $0 | cut -f 2 -d _`

sudo brctl addif $bridge $iface
sudo ip link set up $iface

Start kvm with these options (the macaddress part is optional, otherwise it'll be random):

kvm -net tap,script=/path/to/add-iface-to-lan -net nic,macaddr=52:54:00:12:34:56

DebianNotes/NetworkInterfaces (last edited 2010-12-20 02:43:18 by RichardDarst)