Bridge Networking Woes

I have tap8 and tap9 which correspond to eth0 and eth1 on a Debian Buster VM. eth0 is for the public IP and eth1 is for the private IP. tap8 is bridged to br0 which is in turn bridged to eth0 on the host. tap9 is bridged to br1 which is in turn bridged to eth1 on the host.

I have tap10 and tap11 which correspond to ether0 and ether1 on a MikroTik Router OS VM (Linux-based). tap10 is bridged to br0, which is in in turn bridged to eth0 on the host and tap11 is bridged to br1 which is in turn bridge to eth1 on the host.

I have packet captured on the guest that's running on tap10 and tap11 to confirm that packets are arriving on tap11, going out through a vpn connection on the guest, coming back in through the vpn connection on the guest and then getting sent back out through tap11. I have also confirmed on the host by wiresharking tap11 that the network traffic is functioning the way it should there as well.

I have then done a packet capture on tap9 and I do not see anything showing up there. I see the ping request packets going out on tap9, but I don't see ping responses coming back in on it.

In the guest that makes use of tap9, I also see the same mirrored behaviour when doing a wireshark capture on eth1. The guest does not make use of a firewall. I've cleared out all the firewall rules, I've killed firewalld and iptables based firewalls.

I've also tried deleting the network interfaces in cloudmin under System Configuration -> Network Interfaces and then recreated the interfaces and bindings.

None of this helps.

I have another MikroTik RouterOS guest bound to tap0 and tap1. Network traffic between tap1 and tap9 is working fine. I have completely disabled the firewall on the OS bound to tap11 as well, to no avail, just in case it was blocking outbound traffic on ether1, and that blocked traffic still shows up on tap11.

I have noticed some oddities about the guest running on tap9: 1. The ebtables scripts are only 467 bytes compared to all the other ones that are 2.4k:

#!/bin/sh
echo $1 >/kvm/taft-forward-monitoring.cloudmin.brantham.ca-eth1.tap
/sbin/brctl addif br1 $1
/bin/ip link set dev $1 up
mtu=`/bin/ip link | head -1 | grep br1: | sed -e 's/.*mtu //; s/ .*//'`
if [ "$mtu" != "" ]; then
    /bin/ip link set dev $1 mtu $mtu
fi
ebtables -D INPUT -j 1611995001197420 2>/dev/null
ebtables -D OUTPUT -j 1611995001197420 2>/dev/null
ebtables -D FORWARD -j 1611995001197420 2>/dev/null
ebtables -X 1611995001197420 2>/dev/null
true

2. The network interfaces screen under the system configuration menu looks completely different for the configuration of this Linux host vs any of the other ones. it has a default gateway options section which none of the other ones do.

I trust I've given enough information. If not, please let me know what other information you need.

Thank you.

Status: 
Active
Virtualmin version: 
0.0
Webmin version: 
1.970