Re: [tlug] Any iptables wizards around?

[Andreas Kieckens <akieckens@example.com>]

To Timothy Trahan:
br0 has an ip addres from 192.168.0.0/16. Only the VMs are in 10.1.0.0/24
ip forwarding is enabled. Both in /proc/sys/net/ipv4/ip_forward and /etc/sysctl.conf
Unfortunately masquerade won't work in this case since it uses one external ip for all of 10.1.0.0/24. I want to have each machine to have its own unique external ip.

To Attila Kinali:
I have tried setting up eth0:1 and eth0:2 to answer the arp request. This causes any requests to the external addresses to be handled directly by the host. In other words, if I ssh into a VM's external ip, I end up logging into the host. It works if I set those up inside of the VMs but I need to be able to do this from the host OS.

I will look into running an ARP daemon.

~Andreas Kieckens
Author of www.rivercityretro.org. You should read it!
Founder of www.gametrip.org. A gamer's travel guide.

Twitter: @Metallion98.
Linkedin: Public profile.

On 03/25/2011 05:13 PM, Attila Kinali wrote:

On Fri, 25 Mar 2011 15:56:14 +0900
Andreas Kieckens <akieckens@example.com> wrote:

Does anyone know how to solve this? Perhaps through virtual interfaces? 
If possible, I would like to handle this on the host OS without 
tinkering with the VM's internal network settings.

The problem is not with iptables, but rather that you are nating to
an IP that the host doesn't respond to. Hence the ARP requests for
those IPs remain unanswered.

There are two ways to get around this:

1) Run an arp daemon that answers those requests
2) set up eth0:1 and eth0:2 with the external IPs of the VMs

Though, far easier would be, to connect br0 directly to eth0
and give the VMs those two external IPs

			Attila Kinali