i have a private uml subnet with a tap interface
i can bring the uml and tap interface up fine
this allows me to use my droplet as a routing server and the uml as a backend server in this case for web browsing .
i can access the web fine from inside the uml with the right nat configuration on the main droplet .

i was reading up on bridging and i read that a bridge interface will join to interfaces together and if it has no ip address then it is transparent so cannot be hacked form the web .

eth0 default gw
tap1 droplet interface to uml from the droplet
eth1 interface to the droplet from the uml

i can bring up a bridge interface with iproute
i can link eth0 ( default gateway ) to the bridge and
i can link tap1 ( uml subnet to ) to the bridge

but then my routing seems to go to pot and i can no longer ping anything ???

ip link add br1 type bridge

ip link set eth0 promisc on
ip link set dev eth0 master br1

ip link set eth1 promisc on
ip link set dev eth1 master br1

ip link set dev br1 up

the commands all go through

but i can no longer ping

eth1 inside the uml from the droplet
or ping tap1 from inside the uml

some tutorials suggest adding an ip address to the bridge
but whats the point in that as it s no longer transparent

what i am missing so i can get the picture straight in my head