Routing isolated network

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 


I want to create a network like this:


Internet -- physical router -- host (network 192.168.178.x) 

                                          -- virtual machine dmz -- eth0 (connected to pyshical router)

                                                                               -- eth1 (connect to isolated network 10.0.0.x)

                                          -- virtual machine www - eth0 (connect to isolated network 10.0.0.x)

network design

I have a virtual host which is conntected to my physical router with eth0 and ip4 address 192.168.178.100. I create a virtual machine dmz which connects 'direct' to my router via my physical device eth0 on the virtual host:

<network connections='1'>
  <name>direct</name>
  <uuid>379d4687-445e-4bc6-8354-b555c7f18b15</uuid>
  <forward dev='eth0' mode='bridge'>
    <interface dev='eth0' connections='1'/>
  </forward>
</network>

On my virtual machine i create a second nic eth1 which is connected on a virtual network virbr-local:

<network>
  <name>local</name>
  <uuid>d31b2e0d-810b-4ba0-8ac4-02bc53746142</uuid>
  <bridge name='virbr-local' stp='on' delay='0'/>
  <mac address='52:54:00:92:06:5c'/>
  <domain name='local.box'/>
  <dns>
    <forwarder addr='192.168.178.1'/>
  </dns>
  <ip address='10.0.0.1' netmask='255.0.0.0'>
    <dhcp>
      <range start='10.0.0.100' end='10.0.0.255'/>
      <host mac='52:54:00:51:31:86' ip='10.0.0.30'/>
    </dhcp>
  </ip>
  <route address='10.0.0.0' prefix='8' gateway='10.0.0.30'/>
</network>

Now I want to create a second virtual machine which connects to the internet through the virtual machine dmz on the virbr-local subnet. Is there a way to accomplish this kind of setup?

My routing table on the virtual host looks likes this:

Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
default         fritz.box       0.0.0.0         UG    0      0        0 eth0
10.0.0.0        *               255.0.0.0       U     0      0        0 virbr-local
10.0.0.0        10.0.0.30       255.0.0.0       UG    1      0        0 virbr-local
192.168.178.0   *               255.255.255.0   U     0      0        0 eth0

But when I want to ping an address from the www virtual machine I get a unreachable network message. I setup a DNAT om the virtual machine dmz. But looking witch tcpdump on eht1 there's no traffic.I appreciate some help to setup the network. I clearly missing something.
Get a signature like this: Click here! 
_______________________________________________
libvirt-users mailing list
libvirt-users@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvirt-users
[Index of Archives]     [Virt Tools]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [KDE Users]

  Powered by Linux