Re: [Vserver] Confused by routing

Fri, 27 May 2005 03:24:32 -0700 

Hi Gilles!

here is an example setup how to accomplish your 'funny'
routing scenario ... enjoy!



 +---------------------+
 |                     |
 |   Host 1            |
 |                     |                    +-------------------+
 |   192.168.0.1/24    |                    |                   |
 |                     |                    |   Host2 (FW)      |
 |   172.16.0.2/16     |                    |                   |
 |   172.17.0.2/16     |                    |   192.168.0.2/24  |
 |                     |                    |                   |
 | +-----------------+ |                    |   172.16.0.2/16   |
 | |                 | |    eth0.2          |   172.17.0.2/16   |
 | | Guest 1         | |    172.16.0.0/16   |                   |
 | |                 +----------------------+                   |
 | | 172.16.0.1/16   | |                    | `                 |
 | |                 | |                    | �                 |
 | +-----------------+ |                    | �                 |
 |                     |                    | � rules           |
 | +-----------------+ |                    | �                 |
 | |                 | |    eth0.3          | �                 |
 | | Guest 2         | |    172.17.0.0/16   | ,                 |
 | |                 +----------------------+                   |
 | | 172.17.0.1/16   | |                    |                   |
 | |                 | |                    +-------------------+
 | +-----------------+ |
 |                     |
 +---------------------+


Tested as two QEMU instances connected via a simple
bridging setup on the real machine ...

Bridge on Real:
===============

 ifconfig tun0 0.0.0.0 up
 ifconfig tun1 0.0.0.0 up

 brctl addbr br0
 brctl addif br0 tun0
 brctl addif br0 tun1


Host 1 Setup:
=============

 /* basic network setup for QEMU */
 ifconfig lo 127.0.0.1
 ifconfig eth0 hw ether 00:00:00:00:00:01
 ifconfig eth0 192.168.0.1

 /* create VLAN taggings */
 vconfig add eth0 2
 vconfig add eth0 3
 
 /* configure interfaces */
 ifconfig eth0.2 172.16.0.1
 ifconfig eth0.3 172.17.0.1

Host 2 Setup:
=============

 /* basic network setup for QEMU */
 ifconfig lo 127.0.0.1
 ifconfig eth0 hw ether 00:00:00:00:00:02
 ifconfig eth0 192.168.0.2

 /* create VLAN taggings */
 vconfig add eth0 2
 vconfig add eth0 3

 /* configure interfaces */
 ifconfig eth0.2 172.16.0.2 
 ifconfig eth0.3 172.17.0.2


Host 1 Magic:
=============

 /* default gw for Guest 1 */
 ip rule add from 172.16.0.1 table 16
 ip route add default via 172.16.0.2 table 16
 ip route del 172.16.0.0/16

 /* default gw for Guest 2 */
 ip rule add from 172.17.0.1 table 17
 ip route add default via 172.17.0.2 table 17
 ip route del 172.17.0.0/16
 
 /* nat to avoid local table */ 
 iptables -t nat -A OUTPUT -d 172.17.0.1 -j DNAT --to 172.17.1.1
 iptables -t nat -A OUTPUT -d 172.16.0.1 -j DNAT --to 172.16.1.1

Host 2 Magic:
=============

 /* enable forwarding */
 echo 1 >/proc/sys/net/ipv4/ip_forward

 /* nat between 172.16.1.1 and 172.16.0.1 */
 iptables -t nat -A PREROUTING -d 172.16.1.1 -j DNAT --to 172.16.0.1
 iptables -t nat -A POSTROUTING -s 172.16.0.1 -j SNAT --to 172.16.1.1

 /* nat between 172.17.1.1 and 172.17.0.1 */
 iptables -t nat -A PREROUTING -d 172.17.1.1 -j DNAT --to 172.17.0.1
 iptables -t nat -A POSTROUTING -s 172.17.0.1 -j SNAT --to 172.17.1.1


_______________________________________________
Vserver mailing list
[email protected]
http://list.linux-vserver.org/mailman/listinfo/vserver

Reply via email to