Why can't I add a loopback interface to a bridge?

Reply: Kristof Provost : "Re: Why can't I add a loopback interface to a bridge?"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: Norman Gray <gray_at_nxg.name>
Date: Wed, 13 Jul 2022 20:43:38 UTC

Greetings.

Why can't I add a loopback interface to a bridge?

I thought I should be able to do this, and the fact that I can't suggests I'm misunderstanding something significant.

If I do

    # ifconfig bridge create
    bridge0
    # ifconfig lo create
    lo1
    # ifconfig bridge0 addm lo1
    ifconfig: BRDGADD lo1: Invalid argument
    #

The only things I can find which match this error are eg <https://lists.freebsd.org/pipermail/freebsd-net/2007-December/016114.html>, from 2007, which I don't think describes my situation.

What I'm aiming to do is to set up a bridge to VNET-isolated jails, so I can subsequently selectively route and NAT packets from those jails to the rest of the network.

My mental model here is that I create an interface lo1 and then 'plug it in to the bridge', so that I can subsequently forward packets from lo1 to the real network interface.  This mental model is clearly defective, but I can't see where.

I'm also following Michael Lucas's Jails book where, in Ch.9, he describes what (I think) I'm trying to do via:

ifconfig_em1_name=”jailether”
ifconfig_jailether=”up”
cloned_interfaces=”bridge0 bridge1 lo1”
ifconfig_bridge0_name=”jailetherbridge”
ifconfig_bridge1_name=”jailprivbridge”
ifconfig_lo1_name=”jailpriv”
ifconfig_jailetherbridge=”addm jailether up”
ifconfig_jailprivbridge=”addm jailpriv up”

(He's illustrating the more intricate situation of managing two bridges, renaming as he goes, but I'm only concerned with the simpler case of doing a similar thing with one; but I can't see how what I'm doing is different from this; that book refers to FreeBSD 12, so I suppose this could be a version-specific puzzle).

The 'Advanced Networking' chapter of the handbook [1] instead describes assigning an IP address to the bridge interface, and doesn't mention the loopback interface in this context.

I'm doing this in a fresh FreeBSD 13.1-RELEASE system (I'm experimenting within a UTM/QEMU VM on macOS 12.3.1, but the same thing happens with 13.1-RELEASE on a real machine, so this isn't, as I briefly speculated, because the VM network is somehow odd).

Thanks for any illumination.

Norman


[1] https://docs.freebsd.org/en/books/handbook/advanced-networking/

-- 
Norman Gray  :  https://nxg.me.uk