Hi, Usually this is scenario is implemented as follows:
1.- Create a **private** network for the VMs. Basically bridging it to the private physical switch. 2.- Create a **public** network, with a set of valid public IP's bridge to the public network 3.- Configure a virtual router VM. This router will have configured iptables to support NAT, and do the port forwarding you need (it may also have running DHCP and/or DNSmasq services). The virtual router will have two NICs one in the **private** and another one in the **public** network. 4.- The VMs will have only one NIC in the private network, and the virtual router as the default gateway. The may be also using the DCHP server to get all this configuration data. This procedure may seem too cumbersome but it only requires the virtual router appliance which is fairly straightforward. Note that: 1.- You do need access to any switch (the VLAN's may be configured before hand to setup the private and public networks) (We use two different hw switches for these) 2.- If the private networks are dynamically created this setup can be easily replicated for multiple users (isolating this VMs....) Hope this helps. Cheers Ruben On Thu, May 10, 2012 at 4:17 PM, Sean Abbott <seabb...@akamai.com> wrote: > Hello, > > I'm in a situation where I have 3 hosts, 3 "public" IPs, and no control > or access to the physical switches in my environment. > > I have KVM virtual machines using the default libvirt NAT/IP > masquerading which works fine for accessing the internet, but falls > short as soon as a machine is instantiated on one of the nodes that is > not the master. My VM ended up in an "unknown" state and I wasn't able > to recover. > > My goal is to have all my virtual machines be able to communicate with > each other, and have a single virtual machine accessible from the > outside via a forwarded port. Also, all virtual machines should be able > to reach the internet via IP masquerading. > > Should this be working with the setup I have? Or if not, is there a > setup that might be able to provide this for me, given the restrictions > I have? open vswitch looks like it might work, but they concentrate > pretty heavily on using vlan tags and working with the physical > infrastructure, whereas I would just need to configure it to forward > messages to specific IP addresses somehow... > > Thanks! > > sean > _______________________________________________ > Users mailing list > Users@lists.opennebula.org > http://lists.opennebula.org/listinfo.cgi/users-opennebula.org -- Ruben S. Montero, PhD Project co-Lead and Chief Architect OpenNebula - The Open Source Solution for Data Center Virtualization www.OpenNebula.org | rsmont...@opennebula.org | @OpenNebula _______________________________________________ Users mailing list Users@lists.opennebula.org http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
