Re: Laptops, virtualisation, and networking

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, Apr 29, 2010 at 02:33, Dan Irwin <rummymobile@xxxxxxxxx> wrote:
> When I'm connected via wifi (or wired) this should work fine, as I can
> bridge the guest network interface onto the host, and let dhcp take
> care of addressing.
>
> When I VPN in, I'm connected via pptp or ipsec. I can't see the same
> bridging/dhcp working on these interfaces as wlan0 or eth0.
>
> This leaves me with a problem. How can I treat virtual machines the
> same regardless of connection method (vpn or ethernet).
>
> I'd like to know if anyone else has faced this problem, and how they solved it.
>
> I'm thinking my laptop might have to somehow advertise the existence
> of a local non-nat rfc1918 network to my vpn server using ospf or rip.
> Seems like a whole lot of overkill, not to mention the potential for
> routing shenanigans.
>
> Failing this I might have to use nat on whatever IP address my laptop
> currently has. This raises the question of which interface to nat,
> wlan0, eth0, ppp0, ppp1, tun0, etc.
>
> Last resort would be to assign two interfaces to each vm, and use the
> correct interface for the kind of connection, either ethernet or vpn.

I can't quite tell from your post, so I apologize if I'm barking up
the wrong tree, here, but is there a reason why you can't NAT the
guest network traffic through the container OS? I did this a couple of
months back, in a similar situation: My guests shared a virtual subnet
w/ an RFC 1918 address, and all the outbound traffic was NAT'd to look
like the rest of the laptop's traffic. Worked pretty well.

You'd need a start/stop script to autodetect the current upstream
gateway and add the right IPTables rules, and to tear it down again
when you stop it. I called my IPTables script from the main "network"
RC script (I wasn't using NetworkManager), but I'm pretty sure you
could use NM's scripting hooks to do the same thing. The point is,
whenever your networking situation changes, the script gets called to
replace the existing NAT settings, if they're not correct, anymore.

I would cut-n-paste the script, but I can't remember where I saved a
copy. It was pretty simple, though, just a few lines of shell script
that called 'ip addr'/'ip route' to get all the gateway info, and
parsed it into the FW rules.

-Ryan
-- 
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora Magazine]     [Fedora News]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux