Setup Ubuntu linux as a network bridge with ESXi

By Vince

I am a super Geek, so having my own ESXi server is a necessity. I have been using Vmware stuff since the company was created back in the day.

I had Dell T310 from my old business so its a perfect Vmware server. Has 4 hard disk slots, upgraded it to 16GB RAM, and two Ethernet ports. I have a small Belkin home wifi router which only has 4 gigabit ports, and I wanted to plug one more device in. What to do? Well my server has an extra gig port, its not doing anything, so why not connect that up an Ubuntu virtual machine and bridge between the two interfaces (can most likely do this in ESX, but whats the fun in that)?

The first thing to do is install an Ubuntu server VM on your ESX server. This goes without saying, but if you don’t have an ESX server you can use any Ubuntu machine as long as it has two ethernet ports (can also use a wireless interface if you want in place of ethernet, then you can bridge Wifi to hard wired).

  • First you need to setup the second network adapter within Vmware ESXi. Create a new vswitch in the wizard, and call it whatever you want.

    • This is done under your vSphere client, goto: configuration->networking->Add networking (top right corner)->choose “virtual machine”->“create a vsphere standard switch->choose the adapter->pick a network label that works for you->finish
    • If you can’t add a second adapter in here, make sure that ESXi can see both of them. Goto configuration->network adapters and there should be at least two listed.

  • Once that is added, edit the configuration of each network adapter and make sure **promiscuous mode is enabled in each ESX vswitch. ** This stopped me in my tracks originally and I spent over an hour trying to figure out why the bridge wouldn’t pass traffic properly.

    • In your vSphere client, goto: configuration->networking->click on the properties of a vswitch->click edit on the vswitch->goto security tab-> promiscuous mode change to accept.
    • DO this for BOTH vswitch’s that you have (should have at least two by this step).

  • After Ubuntu is up and running, add a new network adapter/interface to your ESX virtual machine which should show up as ETH1 when you reboot Ubuntu.

    • This is done in vSphere, under the virtual machine, in the “getting started” tab->click edit virtual machine settings->click add->select “ethernet adapter”, click next->then pick the network label of the new network you just created, click next->click finish.
    • It should now have a new interface, but the operating system (Ubuntu) needs to recognize it.

The next steps are all done as “root”, if you don’t have root then use “sudo” in front of each command.

  • The goal here is to bridge eth0 to eth1, and assign a static IP address to this new bridge interface (br0). That way both ports are on this network and you can still reach your Ubuntu VM.
    • You can make these changes in an SSH session, just make sure you can console into the VM in case something doesn’t work right.
    • In Ubuntu, edit the /etc/network/interfaces file with your favorite editor (I use vi personally) and put this config in. Change the ip and gateway to whatever your network uses. You can also use DHCP, but it doesn’t make much sense for a server unless you reserve it, but if you want to then just uncomment the dhcp line and remove everything under it (but keep the up ip line).
    • You can change eth1 to wlan0 if you want to use wireless on one side. Make sure wireless is working fine before you do that.
auto lo
iface lo inet loopback
auto eth0
iface eth0 inet manual
up ip link set $IFACE promisc on
auto eth1
iface eth1 inet manual
up ip link set $IFACE promisc on
auto br0
#iface br0 inet dhcp
iface br0 inet static
 address 192.168.1.10
 netmask 255.255.255.0
 gateway 192.168.1.1
 dns-nameservers 208.67.220.220 208.67.222.222
 bridge_stp off
 bridge_ports eth0 eth1
up ip link set $IFACE promisc on

After this is saved, you can restart networking (/etc/init.d/networking restart) or just reload the box. The VM’s reboot so fast its almost easier to make sure things start up right from the get go.

If all goes well you can still SSH in, type “ifconfig” and you will see the interfaces humming along.

***The main gotcha here is to enable promiscuous mode inside of ESXi.

Use the “brctl” command to see details of your bridge, “brctl show” is where to start.

Another way to get the same idea is to setup a local DHCP server out of eth1, and NAT / masquerade any traffic that comes in on eth1 out your eth0 interface/ip. This will work just fine if your not comfortable using a bridge, but you can’t access the device on eth1 unless you manually forward ports.