[libvirt-users] Routing isolated network

Erwin Straver erwin.straver at gmail.com
Thu Jul 28 06:55:14 UTC 2016 

I want to create a network like this:


Internet -- physical router -- host (network 192.168.178.x)

                                          -- virtual machine dmz -- eth0
(connected to pyshical router)


   -- eth1 (connect to isolated network 10.0.0.x)

                                          -- virtual machine www - eth0
(connect to isolated network 10.0.0.x)

[image: network design] <http://i.stack.imgur.com/QoCz9.png>

I have a virtual host which is conntected to my physical router with eth0
and ip4 address 192.168.178.100. I create a virtual machine dmz which
connects 'direct' to my router via my physical device eth0 on the virtual
host:

<network connections='1'>
  <name>direct</name>
  <uuid>379d4687-445e-4bc6-8354-b555c7f18b15</uuid>
  <forward dev='eth0' mode='bridge'>
    <interface dev='eth0' connections='1'/>
  </forward>
</network>

On my virtual machine i create a second nic eth1 which is connected on a
virtual network virbr-local:

<network>
  <name>local</name>
  <uuid>d31b2e0d-810b-4ba0-8ac4-02bc53746142</uuid>
  <bridge name='virbr-local' stp='on' delay='0'/>
  <mac address='52:54:00:92:06:5c'/>
  <domain name='local.box'/>
  <dns>
    <forwarder addr='192.168.178.1'/>
  </dns>
  <ip address='10.0.0.1' netmask='255.0.0.0'>
    <dhcp>
      <range start='10.0.0.100' end='10.0.0.255'/>
      <host mac='52:54:00:51:31:86' ip='10.0.0.30'/>
    </dhcp>
  </ip>
  <route address='10.0.0.0' prefix='8' gateway='10.0.0.30'/>
</network>

Now I want to create a second virtual machine which connects to the
internet through the virtual machine dmz on the virbr-local subnet. Is
there a way to accomplish this kind of setup?

My routing table on the virtual host looks likes this:

Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
default         fritz.box       0.0.0.0         UG    0      0        0 eth0
10.0.0.0        *               255.0.0.0       U     0      0
0 virbr-local
10.0.0.0        10.0.0.30       255.0.0.0       UG    1      0
0 virbr-local
192.168.178.0   *               255.255.255.0   U     0      0        0 eth0

But when I want to ping an address from the www virtual machine I get a
unreachable network message. I setup a DNAT om the virtual machine dmz. But
looking witch tcpdump on eht1 there's no traffic.I appreciate some help to
setup the network. I clearly missing something.





Get a signature like this: Click here!
<http://ws-promos.appspot.com/r?rdata=eyJydXJsIjogImh0dHA6Ly93d3cud2lzZXN0YW1wLmNvbS9lbWFpbC1pbnN0YWxsP3dzX25jaWQ9NjcyMjk0MDA4JnV0bV9zb3VyY2U9ZXh0ZW5zaW9uJnV0bV9tZWRpdW09ZW1haWwmdXRtX2NhbXBhaWduPXByb21vXzU3MzI1Njg1NDg3Njk3OTIiLCAiZSI6ICI1NzMyNTY4NTQ4NzY5NzkyIn0=&u=645631606017625>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/libvirt-users/attachments/20160728/65887efd/attachment.htm>

More information about the libvirt-users mailing list