[one-users] Libvirt with NAT

Javier Alvarez javier.alvarez at bsc.es
Thu Jul 26 02:35:38 PDT 2012


Hello,

Thanks for your replies. Just another question, once the virbr1 is 
created, how can I attach VMs to it? I mean, how the virtual network 
template should look like?

Best,

Javi

On 25/07/12 21:38, Ruben S. Montero wrote:
> Hi
>
> I also suggest to take a look to the virtual router appliance. It is a 
> very simple way to provide NATing along with other network services 
> such as DHCP, DNS... to a VLAN.
>
> All the information at
>
> http://opennebula.org/documentation:rel3.6:router
>
> Cheers
>
> Ruben
>
> On Wed, Jul 25, 2012 at 7:21 PM, Shankhadeep Shome 
> <shank15217 at gmail.com <mailto:shank15217 at gmail.com>> wrote:
>
>     *whoops! in this case ib0, but the virt-manager utility will
>     create this for your interface, just remember not to use dhcp.*
>     *
>     *
>     *
>     iptables -t nat -A POSTROUTING -s 172.16.100.128/25
>     <http://172.16.100.128/25> -o ib0 -j SNAT --to-source 192.168.10.10*
>
>
>     On Wed, Jul 25, 2012 at 1:19 PM, Shankhadeep Shome
>     <shank15217 at gmail.com <mailto:shank15217 at gmail.com>> wrote:
>
>         Yes, you need to create a regular bridge device and attach it
>         to a tap device, you can use virt-manager to create this for
>         you, the tap device will be disabled. You will also need an
>         iptables rule to nat packets to/from the bridge, again the
>         virt-manager can do this for you.
>
>         [vnics] -- [bridge] -- [disabled tap]
>
>         Here is a bridge definition for infiniband devices that cannot
>         use mac bridges, created by virt-manager
>
>         Its creating a 172.16.100.128/25 <http://172.16.100.128/25>
>         network, note. do not configure a dhcp server if you want
>         opennebula to track your IPs, all you need to do is give open
>         nebula the iprange 172.16.100.130-254 to manage and configure
>         your contextualization appropriately.
>
>         <network>
>         <name>ibnat0</name>
>         <uuid>4d7e9211-3a32-8b77-90a6-3b45c8d98ddb</uuid>
>         <bridge name='virbr1' stp='on' delay='0' />
>           <mac address='52:54:00:8B:34:92'/>
>           <ip address='172.16.100.129' netmask='255.255.255.128'>
>         </ip>
>         </network>
>
>         ifconfig -a output, this is what it looks like
>
>         ib0 Link encap:UNSPEC  HWaddr
>         80-00-00-48-FE-80-00-00-00-00-00-00-00-00-00-00
>         inet addr:192.168.10.10  Bcast:192.168.10.255  Mask:255.255.255.0
>         inet6 addr: fe80::208:f104:39a:63b1/64 Scope:Link
>         UP BROADCAST RUNNING MULTICAST  MTU:65520  Metric:1
>         RX packets:0 errors:0 dropped:0 overruns:0 frame:0
>         TX packets:0 errors:0 dropped:5 overruns:0 carrier:0
>         collisions:0 txqueuelen:256
>         RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)
>
>         virbr1  Link encap:Ethernet  HWaddr 52:54:00:8b:34:92
>         inet addr:172.16.100.129  Bcast:172.16.100.255
>          Mask:255.255.255.128
>         UP BROADCAST MULTICAST  MTU:1500  Metric:1
>         RX packets:0 errors:0 dropped:0 overruns:0 frame:0
>                   TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
>         collisions:0 txqueuelen:0
>         RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)
>
>         virbr1-nic Link encap:Ethernet  HWaddr 52:54:00:8b:34:92
>         BROADCAST MULTICAST  MTU:1500  Metric:1
>         RX packets:0 errors:0 dropped:0 overruns:0 frame:0
>         TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
>         collisions:0 txqueuelen:500
>         RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)
>
>         The nat rule will be something like this..
>
>         *iptables -t nat -A POSTROUTING -s 172.16.100.128/25
>         <http://172.16.100.128/25> -o eth0 -j SNAT
>         --to-source 192.168.10.10*
>
>         iptables -v -L -t nat (And here is the output of that rule)
>         Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes)
>          pkts bytes target     prot opt in     out source            
>           destination
>
>         Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
>          pkts bytes target     prot opt in     out source            
>           destination
>
>         Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
>          pkts bytes target     prot opt in     out source            
>           destination
>
>         Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
>          pkts bytes target     prot opt in     out source            
>           destination
>             0 0 SNAT       all  --  any    eth0 172.16.100.128/25
>         <http://172.16.100.128/25>  anywhere             to:192.168.10.10
>
>
>         On Wed, Jul 25, 2012 at 6:24 AM, Javier Alvarez
>         <javier.alvarez at bsc.es <mailto:javier.alvarez at bsc.es>> wrote:
>
>             Hello,
>
>             I would like to know if OpenNebula supports the use of NAT
>             forwarding as explained in the networking page of the
>             libvirt's wiki:
>
>             http://wiki.libvirt.org/page/Networking#NAT_forwarding_.28aka_.22virtual_networks.22.29
>
>             Thanks,
>
>             Javi
>
>             -- 
>             Javier Álvarez Cid-Fuentes
>             Grid Computing and Clusters Group
>             Barcelona Supercomputing Center (BSC-CNS)
>             Tel.(+34) 93 413 72 46  <tel:%28%2B34%29%2093%20413%2072%2046>
>
>
>
>             WARNING / LEGAL TEXT: This message is intended only for
>             the use of the individual or entity to which it is
>             addressed and may contain information which is privileged,
>             confidential, proprietary, or exempt from disclosure under
>             applicable law. If you are not the intended recipient or
>             the person responsible for delivering the message to the
>             intended recipient, you are strictly prohibited from
>             disclosing, distributing, copying, or in any way using
>             this message. If you have received this communication in
>             error, please notify the sender and destroy and delete any
>             copies you may have received.
>
>             http://www.bsc.es/disclaimer
>             <http://www.bsc.es/disclaimer.htm>
>
>             _______________________________________________
>             Users mailing list
>             Users at lists.opennebula.org <mailto:Users at lists.opennebula.org>
>             http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
>
>
>
>
>     _______________________________________________
>     Users mailing list
>     Users at lists.opennebula.org <mailto:Users at lists.opennebula.org>
>     http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
>
>
>
>
> -- 
> Ruben S. Montero, PhD
> Project co-Lead and Chief Architect
> OpenNebula - The Open Source Solution for Data Center Virtualization
> www.OpenNebula.org <http://www.OpenNebula.org> | 
> rsmontero at opennebula.org <mailto:rsmontero at opennebula.org> | @OpenNebula


-- 
Javier Álvarez Cid-Fuentes
Grid Computing and Clusters Group
Barcelona Supercomputing Center (BSC-CNS)
Tel. (+34) 93 413 72 46



WARNING / LEGAL TEXT: This message is intended only for the use of the
individual or entity to which it is addressed and may contain
information which is privileged, confidential, proprietary, or exempt
from disclosure under applicable law. If you are not the intended
recipient or the person responsible for delivering the message to the
intended recipient, you are strictly prohibited from disclosing,
distributing, copying, or in any way using this message. If you have
received this communication in error, please notify the sender and
destroy and delete any copies you may have received.

http://www.bsc.es/disclaimer
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opennebula.org/pipermail/users-opennebula.org/attachments/20120726/388e2720/attachment-0003.htm>


More information about the Users mailing list