Add br0 to Ubuntu desktop using nmcli

addbr0ubunmcli.md

Add a bridge interface to Ubuntu desktop using nmcli

Had to do this for some advanced networking with KVM, and couldn't figure out how to do it using the Nework Manager gui. Did find an article later that showed how to do it with nmtui, but it's so much easier to record what you did when using the cli.

In the examples below "eth0" is the name of my physical interface. By default on Ubuntu and most distributions that will almost certainly be different, for example: "eno1", "ens1", or "enp2s0".

To see what everything looks like before starting:

$ nmcli con show

I renamed "Wired Connection 1' to the name of my physical interface:

$ sudo nmcli con mod 'Wired Connection 1' con-name eth0

So let's start out by creating the bridge itself:

$ nmcli con add ifname br0 type bridge con-name br0

Now add the physical interface as its slave:

$ nmcli con add type bridge-slave ifname eth0 master br0

Disable STP:

$ nmcli con mod br0 bridge.stp no

Now down the physical interface:

$ nmcli con down eth0

For this machine I want a static address:

$ nmcli con mod br0 ipv4.addresses 10.1.1.16/24
$ nmcli con mod br0 ipv4.gateway 10.1.1.1
$ nmcli con mod br0 ipv4.dns '10.1.1.1,8.8.8.8,8.8.4.4'

Don't forget to set your search domain:

$ nmcli con mod br0 ipv4.dns-search 'example.com'

Then tell Network Manager this will be a manual connection:

$ nmcli con mod br0 ipv4.method manual

Finally, bring up the new bridge interface:

$ nmcli con up br0

Run nmcli device show to confirm your changes, and then restart NetworkManager (sudo systemctl restart NetworkManager.service) to make sure the configuration sticks.

I wrote a variant of the above script where I replace machine-specific names with environment variables in order to make it clear what needs to be changed. I also tried to write code to automagically infer what the variables should be given a default ethernet connection, but that code could be improve to be more robust:

# Show relevant tables, make sure the following code
# infers correct values
sudo nmcli con show --active

# Infer the name of the physical ethernet interface name
ETHERNET_IFACE=$(ip route | grep default | awk '{print $5}')

# Infer the ip of the router gateway
HOST_IP=$(ip route get 1.1.1.1 | grep -oP 'src \K\S+')

# Infer the current IP of the ethernet interface
ROUTER_GATEWAY_IP=$(ip route get 1.1.1.1 | grep -oP 'via \K\S+')

# Infer the nmcli connection name of the ethernet interface
CONN_NAME=$(ETHERNET_IFACE=$ETHERNET_IFACE python -c "if 1:
    # Parse the output of nmcli con show into a table
    import subprocess, re, os
    bs, nl = chr(92), chr(10)
    data = subprocess.check_output('sudo nmcli con show', shell=True).decode('utf8')
    lines = data.rstrip().split(nl)
    header = lines[0]
    positions = [m.start() for m in re.finditer(bs + 'S+', header)] + [len(header)]
    table = [{
        header[idx1:idx2].strip(): line[idx1:idx2].strip()
        for idx1, idx2 in zip(positions[:-1], positions[1:])
    } for line in lines[1:]]
    ethernet_device = os.environ.get('ETHERNET_IFACE')
    found = None
    for row in table:
        if row['DEVICE'] == ethernet_device:
            found = row['NAME']
    if found is not None:
        print(found)
    else:
        print(f'ERROR: NOT FOUND: {ethernet_device!r}')
        import pandas as pd
        print(pd.DataFrame(table).to_string())
")
echo "CONN_NAME = $CONN_NAME"

# Options for making the bridge
BRIDGE_CONN_NAME=br0
BRIDGE_IFNAME=br0
MAIN_DNS=$ROUTER_GATEWAY_IP
BACKUP_DNS1=8.8.8.8
BACKUP_DNS2=8.8.8.4

echo "
Variables:
    ETHERNET_IFACE    = $ETHERNET_IFACE
    HOST_IP           = $HOST_IP
    ROUTER_GATEWAY_IP = $ROUTER_GATEWAY_IP
    CONN_NAME         = $CONN_NAME

    BRIDGE_CONN_NAME=$BRIDGE_CONN_NAME
    BRIDGE_IFNAME=$BRIDGE_IFNAME

    MAIN_DNS=$MAIN_DNS
    BACKUP_DNS1=$BACKUP_DNS1
    BACKUP_DNS2=$BACKUP_DNS2
"

# Create the bridge
nmcli con add ifname "$BRIDGE_IFNAME" type bridge con-name "$BRIDGE_CONN_NAME"
# Not sure if the argument should be an ifname or conn name after master
nmcli con add type bridge-slave ifname "$ETHERNET_IFACE" master "$BRIDGE_IFNAME"

# Disable STP (Spanning Tree Protocol)
nmcli con mod "$BRIDGE_CONN_NAME" bridge.stp no

# Down the physical interface
nmcli con down "$CONN_NAME"

# Setup static IP addresses
nmcli con mod "$BRIDGE_CONN_NAME" ipv4.addresses "$HOST_IP/24"
nmcli con mod "$BRIDGE_CONN_NAME" ipv4.gateway "$ROUTER_GATEWAY_IP"
nmcli con mod "$BRIDGE_CONN_NAME" ipv4.dns "$MAIN_DNS,$BACKUP_DNS1,$BACKUP_DNS2"

# Set the connection to be manual (might want to use DHCP instead?)
nmcli con mod "$BRIDGE_CONN_NAME" ipv4.method manual

# set your search domain (not sure what the right approach is here)
nmcli con mod "$BRIDGE_CONN_NAME" ipv4.dns-search 'example.com'
nmcli con mod "$BRIDGE_CONN_NAME" ipv4.dns-search 'lan'
nmcli con mod "$BRIDGE_CONN_NAME" ipv4.dns-search ''

# Prevent the ethernet iface from automatically creating a new connection
# otherwise, it will reset if the bridge goes down
nmcli con mod "$ETHERNET_IFACE" connection.autoconnect no

# Bring up the new bridge interaface
nmcli con up "$BRIDGE_CONN_NAME"

# Show changes
nmcli device show

# Restart the service
sudo systemctl restart NetworkManager.service

I will edit the above code if anyone points out corrections or how to make things better.

Hi All,
Thanks for this.
My concern is this; I have read many tutorials, they only talk about the virt-manager bridge mode when the host machine is connected to the physical network via Ethernet. In my case, my PC is permanently connected via Wi-Fi. Would there be a possibility to connect the VMs in bridge mode with virt-manager.

Thanks in advance!

In my case, my PC is permanently connected via Wi-Fi. Would there be a possibility to connect the VMs in bridge mode with virt-manager.

You can try to add the wifi interface instead of wired connection.

nmcli con add type bridge-slave ifname {your-wifi-interface} master br0