<div dir="ltr"><div><table style="margin:0px;padding:0px;border:0px;font-size:13px;border-collapse:collapse;color:rgb(36,39,41);font-family:arial,"helvetica neue",helvetica,sans-serif;line-height:16.9px"><tbody style="margin:0px;padding:0px;border:0px"><tr style="margin:0px;padding:0px;border:0px"><td class="inbox-inbox-postcell" style="margin:0px;padding:0px;border:0px;vertical-align:top"><div style="margin:0px;padding:0px;border:0px"><div class="inbox-inbox-post-text" style="margin:0px 0px 5px;padding:0px;border:0px;font-size:15px;width:660px;word-wrap:break-word;line-height:1.3"><p style="margin:0px 0px 1em;padding:0px;border:0px;clear:both"><br class="inbox-inbox-Apple-interchange-newline">I want to create a network like this:</p><p style="margin:0px 0px 1em;padding:0px;border:0px;clear:both"><br></p><p style="margin:0px 0px 1em;padding:0px;border:0px;clear:both">Internet -- physical router -- host (network 192.168.178.x) </p><p style="margin:0px 0px 1em;padding:0px;border:0px;clear:both">                                          -- virtual machine dmz -- eth0 (connected to pyshical router)</p><p style="margin:0px 0px 1em;padding:0px;border:0px;clear:both">                                                                               -- eth1 (connect to isolated network 10.0.0.x)</p><p style="margin:0px 0px 1em;padding:0px;border:0px;clear:both">                                          -- virtual machine www - eth0 (connect to isolated network 10.0.0.x)</p><p style="margin:0px 0px 1em;padding:0px;border:0px;clear:both"><a href="http://i.stack.imgur.com/QoCz9.png" rel="nofollow" style="margin:0px;padding:0px;border:0px;color:rgb(16,120,165);text-decoration:none"><img alt="network design" style="margin: 0px; padding: 0px; border: 0px; border-image-source: initial; border-image-slice: initial; border-image-width: initial; border-image-outset: initial; border-image-repeat: initial; max-width: 100%;" src="http://i.stack.imgur.com/QoCz9.png"></a></p><p style="margin:0px 0px 1em;padding:0px;border:0px;clear:both">I have a virtual host which is conntected to my physical router with eth0 and ip4 address 192.168.178.100. I create a virtual machine dmz which connects 'direct' to my router via my physical device eth0 on the virtual host:</p><pre style="margin-top:0px;margin-bottom:1em;padding:5px;border:0px;font-size:13px;width:auto;max-height:600px;overflow:auto;font-family:consolas,menlo,monaco,"lucida console","liberation mono","dejavu sans mono","bitstream vera sans mono","courier new",monospace,sans-serif;word-wrap:normal;background-color:rgb(239,240,241)"><code style="margin:0px;padding:0px;border:0px;font-family:consolas,menlo,monaco,"lucida console","liberation mono","dejavu sans mono","bitstream vera sans mono","courier new",monospace,sans-serif;white-space:inherit"><network connections='1'>
  <name>direct</name>
  <uuid>379d4687-445e-4bc6-8354-b555c7f18b15</uuid>
  <forward dev='eth0' mode='bridge'>
    <interface dev='eth0' connections='1'/>
  </forward>
</network>
</code></pre><p style="margin:0px 0px 1em;padding:0px;border:0px;clear:both">On my virtual machine i create a second nic eth1 which is connected on a virtual network virbr-local:</p><pre style="margin-top:0px;margin-bottom:1em;padding:5px;border:0px;font-size:13px;width:auto;max-height:600px;overflow:auto;font-family:consolas,menlo,monaco,"lucida console","liberation mono","dejavu sans mono","bitstream vera sans mono","courier new",monospace,sans-serif;word-wrap:normal;background-color:rgb(239,240,241)"><code style="margin:0px;padding:0px;border:0px;font-family:consolas,menlo,monaco,"lucida console","liberation mono","dejavu sans mono","bitstream vera sans mono","courier new",monospace,sans-serif;white-space:inherit"><network>
  <name>local</name>
  <uuid>d31b2e0d-810b-4ba0-8ac4-02bc53746142</uuid>
  <bridge name='virbr-local' stp='on' delay='0'/>
  <mac address='52:54:00:92:06:5c'/>
  <domain name='local.box'/>
  <dns>
    <forwarder addr='192.168.178.1'/>
  </dns>
  <ip address='10.0.0.1' netmask='255.0.0.0'>
    <dhcp>
      <range start='10.0.0.100' end='10.0.0.255'/>
      <host mac='52:54:00:51:31:86' ip='10.0.0.30'/>
    </dhcp>
  </ip>
  <route address='10.0.0.0' prefix='8' gateway='10.0.0.30'/>
</network>
</code></pre><p style="margin:0px 0px 1em;padding:0px;border:0px;clear:both">Now I want to create a second virtual machine which connects to the internet through the virtual machine dmz on the virbr-local subnet. Is there a way to accomplish this kind of setup?</p><p style="margin:0px 0px 1em;padding:0px;border:0px;clear:both">My routing table on the virtual host looks likes this:</p><pre style="margin-top:0px;margin-bottom:1em;padding:5px;border:0px;font-size:13px;width:auto;max-height:600px;overflow:auto;font-family:consolas,menlo,monaco,"lucida console","liberation mono","dejavu sans mono","bitstream vera sans mono","courier new",monospace,sans-serif;word-wrap:normal;background-color:rgb(239,240,241)"><code style="margin:0px;padding:0px;border:0px;font-family:consolas,menlo,monaco,"lucida console","liberation mono","dejavu sans mono","bitstream vera sans mono","courier new",monospace,sans-serif;white-space:inherit">Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
default         fritz.box       0.0.0.0         UG    0      0        0 eth0
10.0.0.0        *               255.0.0.0       U     0      0        0 virbr-local
10.0.0.0        10.0.0.30       255.0.0.0       UG    1      0        0 virbr-local
192.168.178.0   *               255.255.255.0   U     0      0        0 eth0
</code></pre><p style="margin:0px 0px 1em;padding:0px;border:0px;clear:both"><span style="line-height:1.3">But when I want to ping an address from the www virtual machine I get a unreachable network message. </span><span style="line-height:1.3">I setup a DNAT om the virtual machine dmz. But looking witch tcpdump on eht1 there's no traffic.</span><span style="line-height:1.3">I appreciate some help to setup the network. I clearly missing something.</span></p></div></div></td></tr></tbody></table></div><div><br></div><div><br></div><div><br></div><br><br><div id="WISESTAMP_SIG_c68eb9569d91cad3d5408a1b4278086e" href="http://WISESTAMP_SIG_c68eb9569d91cad3d5408a1b4278086e"><div><div style="max-width:600px;direction:ltr" class="main_html date__2016_07_26___07_30"> <div class="html wisestamp_app main_sig" id="tp1s" style="max-width:470px;margin:8px 8px 8px 0"> <table border="0" cellspacing="0" cellpadding="0" width="470" style="width:470px"> <tbody><tr valign="top"> <td style="text-align:initial;font:14px Arial;color:#646464;padding:0 10px"> <div> </div> <div style="color:#8d8d8d;font-size:13px;padding:5px 0"> </div> </td> </tr> </tbody></table> </div> <div href="http://WS_promo" id="WS_promo" style="width:auto;padding-top:2px;font-size:10px;border-top-width:1px;border-top-style:solid;border-top-color:rgb(238,238,238);margin-top:10px;display:table;direction:ltr;line-height:normal;border-spacing:initial"> <img src="http://ws-promos.appspot.com/ga/pixel.png?dont_count=1&e=5732568548769792" style="display:block"> <div class="promo-placeholder" style="padding-top:2px"> <span style="color:rgb(111,111,111)">Get a signature like this:</span> <a href="http://ws-promos.appspot.com/r?rdata=eyJydXJsIjogImh0dHA6Ly93d3cud2lzZXN0YW1wLmNvbS9lbWFpbC1pbnN0YWxsP3dzX25jaWQ9NjcyMjk0MDA4JnV0bV9zb3VyY2U9ZXh0ZW5zaW9uJnV0bV9tZWRpdW09ZW1haWwmdXRtX2NhbXBhaWduPXByb21vXzU3MzI1Njg1NDg3Njk3OTIiLCAiZSI6ICI1NzMyNTY4NTQ4NzY5NzkyIn0=&u=645631606017625" style="color:rgb(165,3,16);font-weight:bold">Click here!</a> </div> </div></div></div></div></div>