Network bridge

This article discusses how to setup a network bridge in order to connect two portions of a network together.

Introduction
A network bridge can be used to connect two independent network segments at layer 2 level (much like a network switch). Common applications include transparent proxying, transparent filtering (using iptables) and saving money on hardware as some mainboards come with two PHY interfaces. In this article, eth0 and eth1 will be the network interfaces used but of course they can be replaced by whatever interface names are present on a system.

In order to create a bridge on Linux a special bridging device is created (brX) that contains at least two network devices as ports (e.g. ethX or pppX). As the bridge works on layer 2, no IP addresses are needed on the port devices — on a typical setup, the bridging device itself will receive the IP (e.g. via DHCP).

Installation
Install the package to have access to the utilities needed to manage the bridge device:

You need to do this with a console connection. You'll probably lose the ability to ssh into the box, if you are working on one of the ports being affected.

Make certain the physical ethernet interfaces you are working on are not in /etc/conf.d/ as symbolic links as part of your original install: rc-update delete net.enp1s0 boot rc-update delete net.enp2s0 boot rm /etc/init.d/net/enp2s0 rm /etc/init.d/net/enp1s0

It's always best to learn how to do things first by hand, then you can automate it. brctl has been around forever. This is a layer 2 connection you are creating, and as such, you do not need IP addresses assigned to the physical ports. brctl .. shows you all the nice commands available to you. Now create a bridge with no interfaces assigned (yet): brctl addbr br0

Add the two interfaces to the bridge: brctl addif br0 enp1s0 brctl addif br0 enp2s0

See what you've done: brctl show

Note that stp does not get turned on, unless you specify that that is what you want.

OpenRC
First, the bridge device must be added to the file. As an example, bridge configuration with DHCP:

More documentation can be found by reading

Next, create the init script by linking to  and start the interface as follows:

Finally, to make sure the bridge is automatically set up on subsequent boots add the newly generated init script to the system's default run level:

systemd
As of systemd 210 and up, a special service called systemd-networkd is available for network configuration. This service can handle bridge construction.

The basic procedure of creating a network configuration with systemd-networkd is creating several and  files.

First, create a bridge. With systemd-networkd this is as simple as creating a new file:

After the bridge definition is created, assign the interfaces to the bridge:

Multiple interfaces can be matched and attached to the bridge.

Notice that this bridge is still not active. Activation can be achieved by creating a definition to use the bridge.

Static
Defining a gateway is only necessary if one intends to use the physical network interface as access to another network. When using the bridge as a private network, omit it as systemd-networkd will add the bridge as a default route when the Gateway option is set.

Do remember to enable and start the systemd-networkd service.

External resources

 * Official Linux network bridge documentation.
 * Generic Linux network bridge how-to.
 * Article on the inofficial gentoo wiki with VLAN and IPtables examples.
 * Creating a bridge with NetworkManager.