[PVE-User] NAT issues

Samir Faci (Dev) dev at esamir.com
Mon Oct 22 23:02:07 CEST 2012 

First of all, thank you everyone for the help on this issue.

I just wanted to dump my final config here for anyone who's trying to have
the same behavior.

My host machine has a single physical network card, eth0.


auto vmbr0
iface vmbr0 inet static
	address 192.168.1.200
	netmask 255.255.255.0
	gateway 192.168.1.1
        bridge_ports eth0
        bridge_stp off
        bridge_fd 0



iface vmbr1 inet static
	address 10.10.10.1
	netmask 255.255.255.0
        bridge_ports none
        bridge_stp off
        bridge_fd 0

        post-up echo 1 > /proc/sys/net/ipv4/ip_forward
        post-up   iptables -t nat -A POSTROUTING -s '10.10.10.0/24' -o
vmbr0 -j MASQUERADE
        post-down iptables -t nat -D POSTROUTING -s '10.10.10.0/24' -o
vmbr0 -j MASQUERADE

I'm not concerned with dhcp, so I'll be assigning IPs on vmbr1 network
manually, and I set the /etc/resolv.conf to point
to my network's internal DNS servers.

Once that's all set, I have basic NAT behavior working, as well as
internet access on all my NATted machines.

Network config for a guest VM:

auto eth0
iface eth0 inet static
   address 10.10.10.101
   netmask 255.255.255.0
   network 10.10.10.0
   broadcast 10.10.10.255
   gateway 10.10.10.1

my next step will be to have a 'service' VM to handle DNS/DHCP but
that's an improvement for the future.


--
Samir




On Sat, Oct 20, 2012 at 7:02 AM, Flavio Stanchina
<flavio.stanchina at ies.it> wrote:
> On 19/10/2012 18:09, Samir Faci (Dev) wrote:
>> I didn't realize that QEmu segregated each NAT-ted VM into it's own
>> network.  That makes more sense, and it does explain
>> why multiple machines with different mac address would get the same IP
>> address.
>>
>> Though I was surprised at the fact that creating multiple nic on the
>> same VM still assigned the same IP address to both
>> interfaces.
>
> Unless you explicitly configure a different subnet, yes. Remember, each one
> is a completely distinct virtual network, bu they are all configured in the
> same way. It wouldn't make much sense to have multiple NATed network
> interfaces in the same VM, even if you configure them differently.
>
> What you probably want in your setup is multiple bridges not associated
> with a physical interface, each on its own private subnet, with a firewall
> on the host handling forwarding between them. In this way you can configure
> if and how each VM sees the rest of your network or other VMs.
>
> --
> Flavio Stanchina
> Informatica e Servizi
> Trento - Italy
> _______________________________________________
> pve-user mailing list
> pve-user at pve.proxmox.com
> http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user

More information about the pve-user mailing list