For certain cases one might wish to create bridged network interfaces.
A great example would be when hosting containerized environments and VMs.
The following examples will cover a rather rarely explained case of bridging. Which is very specific to container hosts/hypervisors like LXC and KVM.
For information about more common bridging and NATing, please check resources like:
To follow this example you are required to login as user root.
If you don't have the password of the root user you can use sudo instead.
Debian/Ubuntu:
There is only one step to the installation:
apt-get update; apt-get upgrade -y; apt-get install bridge-utils
Debian/Ubuntu:
nano /etc/network/interfaces
auto bridge0
iface bridge0 inet static
bridge_ports none
bridge_fd 0
bridge_maxwait 0
address <Interface IP address, like 192.168.10.1>
netmask <Subnet mask, like 255.255.255.0>
Debian/Ubuntu:
You need to keep in mind that after setting a NAT rule for a specific port you don't have to set any FILTER rule for this port, as NAT is processed before FILTER.
nano /etc/iptables.up.rules
*filter :FORWARD ACCEPT [0:0] :INPUT DROP [0:0] :OUTPUT ACCEPT [0:0]
To
*filter :FORWARD DROP [0:0] :INPUT DROP [0:0] :OUTPUT ACCEPT [0:0]
# Forward bridge0 > eth0 -A FORWARD -i bridge0 -o eth0 -j ACCEPT # Forward eth0 > bridge0 -A FORWARD -i eth0 -o bridge0 -j ACCEPT # Forward bridge0 > bridge0 -A FORWARD -i bridge0 -o bridge0 -j ACCEPT
# Default SNAT eth0 -A POSTROUTING -s <Interface IP network, like 192.168.10.0>/<Subnet, like 24> -j SNAT --to-source <Host main IP address>
# Default SNAT eth0 -A POSTROUTING -s <Interface IP network, like 192.168.10.0>/<Subnet, like 24> -j MASQUERADE
To add a port-forward rule, use the following template:
# DNAT for HTTP -A PREROUTING -p tcp -m tcp -d <Host main IP address> --dport 80 -j DNAT --to-destination <Container/VM IP address, like 192.168.10.2>:80