Network issue with 2 virtual machines

N

ngibanel

New Member
Apr 30, 2016
2
0
1
33
Hello,

I already have a virtual machine with its own public ip address and I would like to set up a new VM using port forwarding from the host.

I have two public addresses:
  • X.X.X.146 for the host
  • Y.Y.Y.99 for the first virtual machine

Currently, I have the following network configuration:
  • /ect/network/interfaces (host)
Code: 
# cat /etc/network/interfaces
auto lo
iface lo inet loopback

auto vmbr0
iface vmbr0 inet static
  address  X.X.X.146
  netmask  255.255.255.224
  gateway  X.X.X.129
  bridge_ports eth0
  bridge_stp off
  bridge_fd 9
  bridge_hello 2
  bridge_maxage 12
  • /ect/network/interfaces (vm with public IP address)
Code: 
# cat /etc/network/interfaces
auto eth0
iface eth0 inet static
  address Y.Y.Y.99
  netmask 255.255.255.248
  pointopoint Y.Y.Y.97
  gateway Y.Y.Y.97
  dns-nameservers 8.8.8.8 8.8.4.4

In order to setup the port forwarding for the second virtual machine (10.0.2.15), I added a new bridge on the host like this:
Code: 
auto vmbr2
iface vmbr2 inet static
  address 10.0.2.254
  netmask 255.255.255.0
  bridge_ports none
  bridge_stp off
  bridge_fd 0
  post-up echo 1 > /proc/sys/net/ipv4/ip_forward
  post-up iptables -t nat -A POSTROUTING -s '10.0.2.0/24' -o vmbr0 -j MASQUERADE
  post-down iptables -t nat -D POSTROUTING -s '10.0.2.0/24' -o vmbr0 -j MASQUERADE
  post-up iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 2222 -j DNAT --to 10.0.2.15:22
  post-down iptables -t nat -D PREROUTING -i vmbr0 -p tcp --dport 2222 -j DNAT --to 10.0.2.15:22
and I linked my virtual machine to the vmbr2 bridge.

but it doesn't work and, as I'm a newbie with the network, I don't know what is wrong.

Any help is welcome.
Thank you in advance.
 
ngibanel said:
In order to setup the port forwarding for the second virtual machine (10.0.2.15), I added a new bridge on the host like this:
Click to expand...

AFAIU you use the built-in NAT and DHCP service. I would rather recommend to use for VMs normal bridges and define the NAT by iptables command(s) and DHCP (if necessary) by an explicit DHCP server (Debian package isc-dhcp-server).
 
Richard said:
I would rather recommend to use for VMs normal bridges.
Click to expand...
I think I was using normal bridges :)

How many bridges do I need ?
In my mind, it's something like that
Code: 
(host)
-- vmbr0 (bridges_port: eth0)  => VM1
-- vmbr1 (bridges_port: vmbr0? + iptables commands) => VM2
but maybe it's not how we do that...
 
ngibanel said:
I think I was using normal bridges :)

How many bridges do I need ?
In my mind, it's something like that
Code: 
(host)
-- vmbr0 (bridges_port: eth0)  => VM1
-- vmbr1 (bridges_port: vmbr0? + iptables commands) => VM2
Click to expand...


For the new VM which should connect to internet via NAT define a bridge without any port defined in /etc/network/interfaces resp. GUI (in fact it will have the new VM's virtual NIC as port). Then define via iptables the NAT (let's assume the new bridge is vmbr3):


Code: 
iptables -t nat -A POSTROUTING -o vmbr3 -j MASQUERADE
 
You must log in or register to reply here.
Top Bottom