[one-users] Libvirt with NAT

Ruben S. Montero rsmontero at opennebula.org
Wed Jul 25 12:38:48 PDT 2012 

Hi

I also suggest to take a look to the virtual router appliance. It is a very
simple way to provide NATing along with other network services such as
DHCP, DNS... to a VLAN.

All the information at

http://opennebula.org/documentation:rel3.6:router

Cheers

Ruben

On Wed, Jul 25, 2012 at 7:21 PM, Shankhadeep Shome <shank15217 at gmail.com>wrote:

> *whoops! in this case ib0, but the virt-manager utility will create this
> for your interface, just remember not to use dhcp.*
> *
>
> iptables -t nat -A POSTROUTING -s 172.16.100.128/25 -o ib0 -j SNAT
> --to-source 192.168.10.10*
>
>
> On Wed, Jul 25, 2012 at 1:19 PM, Shankhadeep Shome <shank15217 at gmail.com>wrote:
>
>> Yes, you need to create a regular bridge device and attach it to a tap
>> device, you can use virt-manager to create this for you, the tap device
>> will be disabled. You will also need an iptables rule to nat packets
>> to/from the bridge, again the virt-manager can do this for you.
>>
>> [vnics] -- [bridge] -- [disabled tap]
>>
>> Here is a bridge definition for infiniband devices that cannot use mac
>> bridges, created by virt-manager
>>
>> Its creating a 172.16.100.128/25 network, note. do not configure a dhcp
>> server if you want opennebula to track your IPs, all you need to do is give
>> open nebula the iprange 172.16.100.130-254 to manage and configure your
>> contextualization appropriately.
>>
>> <network>
>>   <name>ibnat0</name>
>>   <uuid>4d7e9211-3a32-8b77-90a6-3b45c8d98ddb</uuid>
>>   <bridge name='virbr1' stp='on' delay='0' />
>>   <mac address='52:54:00:8B:34:92'/>
>>   <ip address='172.16.100.129' netmask='255.255.255.128'>
>>   </ip>
>> </network>
>>
>> ifconfig -a output, this is what it looks like
>>
>> ib0       Link encap:UNSPEC  HWaddr
>> 80-00-00-48-FE-80-00-00-00-00-00-00-00-00-00-00
>>           inet addr:192.168.10.10  Bcast:192.168.10.255
>>  Mask:255.255.255.0
>>           inet6 addr: fe80::208:f104:39a:63b1/64 Scope:Link
>>           UP BROADCAST RUNNING MULTICAST  MTU:65520  Metric:1
>>           RX packets:0 errors:0 dropped:0 overruns:0 frame:0
>>           TX packets:0 errors:0 dropped:5 overruns:0 carrier:0
>>           collisions:0 txqueuelen:256
>>           RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)
>>
>> virbr1    Link encap:Ethernet  HWaddr 52:54:00:8b:34:92
>>           inet addr:172.16.100.129  Bcast:172.16.100.255
>>  Mask:255.255.255.128
>>           UP BROADCAST MULTICAST  MTU:1500  Metric:1
>>           RX packets:0 errors:0 dropped:0 overruns:0 frame:0
>>            TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
>>           collisions:0 txqueuelen:0
>>           RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)
>>
>> virbr1-nic Link encap:Ethernet  HWaddr 52:54:00:8b:34:92
>>           BROADCAST MULTICAST  MTU:1500  Metric:1
>>           RX packets:0 errors:0 dropped:0 overruns:0 frame:0
>>           TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
>>           collisions:0 txqueuelen:500
>>           RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)
>>
>> The nat rule will be something like this..
>>
>> *iptables -t nat -A POSTROUTING -s 172.16.100.128/25 -o eth0 -j SNAT
>> --to-source 192.168.10.10*
>>
>> iptables -v -L -t nat (And here is the output of that rule)
>> Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes)
>>  pkts bytes target     prot opt in     out     source
>> destination
>>
>> Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
>>  pkts bytes target     prot opt in     out     source
>> destination
>>
>> Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
>>  pkts bytes target     prot opt in     out     source
>> destination
>>
>> Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
>>  pkts bytes target     prot opt in     out     source
>> destination
>>     0     0 SNAT       all  --  any    eth0    172.16.100.128/25
>>  anywhere             to:192.168.10.10
>>
>>
>> On Wed, Jul 25, 2012 at 6:24 AM, Javier Alvarez <javier.alvarez at bsc.es>wrote:
>>
>>>  Hello,
>>>
>>> I would like to know if OpenNebula supports the use of NAT forwarding as
>>> explained in the networking page of the libvirt's wiki:
>>>
>>>
>>> http://wiki.libvirt.org/page/Networking#NAT_forwarding_.28aka_.22virtual_networks.22.29
>>>
>>> Thanks,
>>>
>>> Javi
>>>
>>> --
>>> Javier Álvarez Cid-Fuentes
>>> Grid Computing and Clusters Group
>>> Barcelona Supercomputing Center (BSC-CNS)
>>> Tel. (+34) 93 413 72 46
>>>
>>>
>>>
>>> WARNING / LEGAL TEXT: This message is intended only for the use of the
>>> individual or entity to which it is addressed and may contain information
>>> which is privileged, confidential, proprietary, or exempt from disclosure
>>> under applicable law. If you are not the intended recipient or the person
>>> responsible for delivering the message to the intended recipient, you are
>>> strictly prohibited from disclosing, distributing, copying, or in any way
>>> using this message. If you have received this communication in error,
>>> please notify the sender and destroy and delete any copies you may have
>>> received.
>>>
>>> http://www.bsc.es/disclaimer <http://www.bsc.es/disclaimer.htm>
>>>
>>> _______________________________________________
>>> Users mailing list
>>> Users at lists.opennebula.org
>>> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
>>>
>>>
>>
>
> _______________________________________________
> Users mailing list
> Users at lists.opennebula.org
> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
>
>


-- 
Ruben S. Montero, PhD
Project co-Lead and Chief Architect
OpenNebula - The Open Source Solution for Data Center Virtualization
www.OpenNebula.org | rsmontero at opennebula.org | @OpenNebula
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opennebula.org/pipermail/users-opennebula.org/attachments/20120725/f52b74ae/attachment-0003.htm>

More information about the Users mailing list