[one-users] Libvirt with NAT

Javier Fontan jfontan at opennebula.org
Tue Aug 28 08:06:38 PDT 2012 

You have to specify it in the Virtuel network bridge parameter:

BRIDGE=virbr1

On Thu, Jul 26, 2012 at 11:35 AM, Javier Alvarez <javier.alvarez at bsc.es> wrote:
> Hello,
>
> Thanks for your replies. Just another question, once the virbr1 is created,
> how can I attach VMs to it? I mean, how the virtual network template should
> look like?
>
> Best,
>
> Javi
>
>
> On 25/07/12 21:38, Ruben S. Montero wrote:
>
> Hi
>
> I also suggest to take a look to the virtual router appliance. It is a very
> simple way to provide NATing along with other network services such as DHCP,
> DNS... to a VLAN.
>
> All the information at
>
> http://opennebula.org/documentation:rel3.6:router
>
> Cheers
>
> Ruben
>
> On Wed, Jul 25, 2012 at 7:21 PM, Shankhadeep Shome <shank15217 at gmail.com>
> wrote:
>>
>> whoops! in this case ib0, but the virt-manager utility will create this
>> for your interface, just remember not to use dhcp.
>>
>> iptables -t nat -A POSTROUTING -s 172.16.100.128/25 -o ib0 -j SNAT
>> --to-source 192.168.10.10
>>
>>
>> On Wed, Jul 25, 2012 at 1:19 PM, Shankhadeep Shome <shank15217 at gmail.com>
>> wrote:
>>>
>>> Yes, you need to create a regular bridge device and attach it to a tap
>>> device, you can use virt-manager to create this for you, the tap device will
>>> be disabled. You will also need an iptables rule to nat packets to/from the
>>> bridge, again the virt-manager can do this for you.
>>>
>>> [vnics] -- [bridge] -- [disabled tap]
>>>
>>> Here is a bridge definition for infiniband devices that cannot use mac
>>> bridges, created by virt-manager
>>>
>>> Its creating a 172.16.100.128/25 network, note. do not configure a dhcp
>>> server if you want opennebula to track your IPs, all you need to do is give
>>> open nebula the iprange 172.16.100.130-254 to manage and configure your
>>> contextualization appropriately.
>>>
>>> <network>
>>>   <name>ibnat0</name>
>>>   <uuid>4d7e9211-3a32-8b77-90a6-3b45c8d98ddb</uuid>
>>>   <bridge name='virbr1' stp='on' delay='0' />
>>>   <mac address='52:54:00:8B:34:92'/>
>>>   <ip address='172.16.100.129' netmask='255.255.255.128'>
>>>   </ip>
>>> </network>
>>>
>>> ifconfig -a output, this is what it looks like
>>>
>>> ib0       Link encap:UNSPEC  HWaddr
>>> 80-00-00-48-FE-80-00-00-00-00-00-00-00-00-00-00
>>>           inet addr:192.168.10.10  Bcast:192.168.10.255
>>> Mask:255.255.255.0
>>>           inet6 addr: fe80::208:f104:39a:63b1/64 Scope:Link
>>>           UP BROADCAST RUNNING MULTICAST  MTU:65520  Metric:1
>>>           RX packets:0 errors:0 dropped:0 overruns:0 frame:0
>>>           TX packets:0 errors:0 dropped:5 overruns:0 carrier:0
>>>           collisions:0 txqueuelen:256
>>>           RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)
>>>
>>> virbr1    Link encap:Ethernet  HWaddr 52:54:00:8b:34:92
>>>           inet addr:172.16.100.129  Bcast:172.16.100.255
>>> Mask:255.255.255.128
>>>           UP BROADCAST MULTICAST  MTU:1500  Metric:1
>>>           RX packets:0 errors:0 dropped:0 overruns:0 frame:0
>>>           TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
>>>           collisions:0 txqueuelen:0
>>>           RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)
>>>
>>> virbr1-nic Link encap:Ethernet  HWaddr 52:54:00:8b:34:92
>>>           BROADCAST MULTICAST  MTU:1500  Metric:1
>>>           RX packets:0 errors:0 dropped:0 overruns:0 frame:0
>>>           TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
>>>           collisions:0 txqueuelen:500
>>>           RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)
>>>
>>> The nat rule will be something like this..
>>>
>>> iptables -t nat -A POSTROUTING -s 172.16.100.128/25 -o eth0 -j SNAT
>>> --to-source 192.168.10.10
>>>
>>> iptables -v -L -t nat (And here is the output of that rule)
>>> Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes)
>>>  pkts bytes target     prot opt in     out     source
>>> destination
>>>
>>> Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
>>>  pkts bytes target     prot opt in     out     source
>>> destination
>>>
>>> Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
>>>  pkts bytes target     prot opt in     out     source
>>> destination
>>>
>>> Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
>>>  pkts bytes target     prot opt in     out     source
>>> destination
>>>     0     0 SNAT       all  --  any    eth0    172.16.100.128/25
>>> anywhere             to:192.168.10.10
>>>
>>>
>>> On Wed, Jul 25, 2012 at 6:24 AM, Javier Alvarez <javier.alvarez at bsc.es>
>>> wrote:
>>>>
>>>> Hello,
>>>>
>>>> I would like to know if OpenNebula supports the use of NAT forwarding as
>>>> explained in the networking page of the libvirt's wiki:
>>>>
>>>>
>>>> http://wiki.libvirt.org/page/Networking#NAT_forwarding_.28aka_.22virtual_networks.22.29
>>>>
>>>> Thanks,
>>>>
>>>> Javi
>>>>
>>>> --
>>>> Javier Álvarez Cid-Fuentes
>>>> Grid Computing and Clusters Group
>>>> Barcelona Supercomputing Center (BSC-CNS)
>>>> Tel. (+34) 93 413 72 46
>>>>
>>>>
>>>>
>>>> WARNING / LEGAL TEXT: This message is intended only for the use of the
>>>> individual or entity to which it is addressed and may contain information
>>>> which is privileged, confidential, proprietary, or exempt from disclosure
>>>> under applicable law. If you are not the intended recipient or the person
>>>> responsible for delivering the message to the intended recipient, you are
>>>> strictly prohibited from disclosing, distributing, copying, or in any way
>>>> using this message. If you have received this communication in error, please
>>>> notify the sender and destroy and delete any copies you may have received.
>>>>
>>>> http://www.bsc.es/disclaimer
>>>>
>>>> _______________________________________________
>>>> Users mailing list
>>>> Users at lists.opennebula.org
>>>> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
>>>>
>>>
>>
>>
>> _______________________________________________
>> Users mailing list
>> Users at lists.opennebula.org
>> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
>>
>
>
>
> --
> Ruben S. Montero, PhD
> Project co-Lead and Chief Architect
> OpenNebula - The Open Source Solution for Data Center Virtualization
> www.OpenNebula.org | rsmontero at opennebula.org | @OpenNebula
>
>
>
> --
> Javier Álvarez Cid-Fuentes
> Grid Computing and Clusters Group
> Barcelona Supercomputing Center (BSC-CNS)
> Tel. (+34) 93 413 72 46
>
>
>
> WARNING / LEGAL TEXT: This message is intended only for the use of the
> individual or entity to which it is addressed and may contain information
> which is privileged, confidential, proprietary, or exempt from disclosure
> under applicable law. If you are not the intended recipient or the person
> responsible for delivering the message to the intended recipient, you are
> strictly prohibited from disclosing, distributing, copying, or in any way
> using this message. If you have received this communication in error, please
> notify the sender and destroy and delete any copies you may have received.
>
> http://www.bsc.es/disclaimer
>
> _______________________________________________
> Users mailing list
> Users at lists.opennebula.org
> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
>



-- 
Javier Fontán Muiños
Project Engineer
OpenNebula - The Open Source Toolkit for Data Center Virtualization
www.OpenNebula.org | jfontan at opennebula.org | @OpenNebula

More information about the Users mailing list