[one-users] Libvirt with NAT

Shankhadeep Shome shank15217 at gmail.com
Wed Jul 25 10:21:49 PDT 2012 

*whoops! in this case ib0, but the virt-manager utility will create this
for your interface, just remember not to use dhcp.*
*

iptables -t nat -A POSTROUTING -s 172.16.100.128/25 -o ib0 -j SNAT
--to-source 192.168.10.10*

On Wed, Jul 25, 2012 at 1:19 PM, Shankhadeep Shome <shank15217 at gmail.com>wrote:

> Yes, you need to create a regular bridge device and attach it to a tap
> device, you can use virt-manager to create this for you, the tap device
> will be disabled. You will also need an iptables rule to nat packets
> to/from the bridge, again the virt-manager can do this for you.
>
> [vnics] -- [bridge] -- [disabled tap]
>
> Here is a bridge definition for infiniband devices that cannot use mac
> bridges, created by virt-manager
>
> Its creating a 172.16.100.128/25 network, note. do not configure a dhcp
> server if you want opennebula to track your IPs, all you need to do is give
> open nebula the iprange 172.16.100.130-254 to manage and configure your
> contextualization appropriately.
>
> <network>
>   <name>ibnat0</name>
>   <uuid>4d7e9211-3a32-8b77-90a6-3b45c8d98ddb</uuid>
>   <bridge name='virbr1' stp='on' delay='0' />
>   <mac address='52:54:00:8B:34:92'/>
>   <ip address='172.16.100.129' netmask='255.255.255.128'>
>   </ip>
> </network>
>
> ifconfig -a output, this is what it looks like
>
> ib0       Link encap:UNSPEC  HWaddr
> 80-00-00-48-FE-80-00-00-00-00-00-00-00-00-00-00
>           inet addr:192.168.10.10  Bcast:192.168.10.255  Mask:255.255.255.0
>           inet6 addr: fe80::208:f104:39a:63b1/64 Scope:Link
>           UP BROADCAST RUNNING MULTICAST  MTU:65520  Metric:1
>           RX packets:0 errors:0 dropped:0 overruns:0 frame:0
>           TX packets:0 errors:0 dropped:5 overruns:0 carrier:0
>           collisions:0 txqueuelen:256
>           RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)
>
> virbr1    Link encap:Ethernet  HWaddr 52:54:00:8b:34:92
>           inet addr:172.16.100.129  Bcast:172.16.100.255
>  Mask:255.255.255.128
>           UP BROADCAST MULTICAST  MTU:1500  Metric:1
>           RX packets:0 errors:0 dropped:0 overruns:0 frame:0
>           TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
>           collisions:0 txqueuelen:0
>           RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)
>
> virbr1-nic Link encap:Ethernet  HWaddr 52:54:00:8b:34:92
>           BROADCAST MULTICAST  MTU:1500  Metric:1
>           RX packets:0 errors:0 dropped:0 overruns:0 frame:0
>           TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
>           collisions:0 txqueuelen:500
>           RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)
>
> The nat rule will be something like this..
>
> *iptables -t nat -A POSTROUTING -s 172.16.100.128/25 -o eth0 -j SNAT
> --to-source 192.168.10.10*
>
> iptables -v -L -t nat (And here is the output of that rule)
> Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes)
>  pkts bytes target     prot opt in     out     source
> destination
>
> Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
>  pkts bytes target     prot opt in     out     source
> destination
>
> Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
>  pkts bytes target     prot opt in     out     source
> destination
>
> Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
>  pkts bytes target     prot opt in     out     source
> destination
>     0     0 SNAT       all  --  any    eth0    172.16.100.128/25
>  anywhere             to:192.168.10.10
>
>
> On Wed, Jul 25, 2012 at 6:24 AM, Javier Alvarez <javier.alvarez at bsc.es>wrote:
>
>>  Hello,
>>
>> I would like to know if OpenNebula supports the use of NAT forwarding as
>> explained in the networking page of the libvirt's wiki:
>>
>>
>> http://wiki.libvirt.org/page/Networking#NAT_forwarding_.28aka_.22virtual_networks.22.29
>>
>> Thanks,
>>
>> Javi
>>
>> --
>> Javier Álvarez Cid-Fuentes
>> Grid Computing and Clusters Group
>> Barcelona Supercomputing Center (BSC-CNS)
>> Tel. (+34) 93 413 72 46
>>
>>
>>
>> WARNING / LEGAL TEXT: This message is intended only for the use of the
>> individual or entity to which it is addressed and may contain information
>> which is privileged, confidential, proprietary, or exempt from disclosure
>> under applicable law. If you are not the intended recipient or the person
>> responsible for delivering the message to the intended recipient, you are
>> strictly prohibited from disclosing, distributing, copying, or in any way
>> using this message. If you have received this communication in error,
>> please notify the sender and destroy and delete any copies you may have
>> received.
>>
>> http://www.bsc.es/disclaimer <http://www.bsc.es/disclaimer.htm>
>>
>> _______________________________________________
>> Users mailing list
>> Users at lists.opennebula.org
>> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opennebula.org/pipermail/users-opennebula.org/attachments/20120725/3b68410d/attachment-0002.htm>

More information about the Users mailing list