You are not logged in.

Pages: 1

#1 2009-07-25 16:58:46

Butters42
Member
Registered: 2009-07-24
Posts: 1

kvm machine behind virtual bridge and firehol

My network is simple :

Internet ---<eth0>--- chef (host) ---<vnet0>--- Iroquois (vm)

chef runs archlinux, and I use libvirt, brctl and firehol to setup the bridge.
Iroquois runs debian lenny, and have to be connected to the Internet.

I want to serve web pages with the vm running apache2. Thus I used mainly this howto http://wiki.libvirt.org/page/Networking and this one Tap_Networking_with_QEMU]) to setup a bridge. Then I set up NAT with firehol.
But it just doesn't work : the vm can reach the Internet, but NAT on the port 80 doesn't work and I can't reach the vm, even from the host.

## chef ##

ifconfig

br0       Link encap:Ethernet  HWaddr 00:23:54:27:18:C6
          inet addr:82.230.254.207  Bcast:82.230.254.255  Mask:255.255.255.0
          inet6 addr: fe80::223:54ff:fe27:18c6/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:1613 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1690 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:1109943 (1.0 Mb)  TX bytes:209775 (204.8 Kb)

eth0      Link encap:Ethernet  HWaddr 00:23:54:27:18:C6
          inet6 addr: fe80::223:54ff:fe27:18c6/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:3397 errors:0 dropped:0 overruns:0 frame:0
          TX packets:3584 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:2320054 (2.2 Mb)  TX bytes:449848 (439.3 Kb)
          Interrupt:18

vnet0     Link encap:Ethernet  HWaddr D2:9A:6E:65:E7:A7
          inet6 addr: fe80::d09a:6eff:fe65:e7a7/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:63 errors:0 dropped:0 overruns:0 frame:0
          TX packets:7 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:500
          RX bytes:2862 (2.7 Kb)  TX bytes:510 (510.0 b)

brctl show

bridge name     bridge id               STP enabled     interfaces
br0             8000.0023542718c6       no              eth0
                                                        vnet0

cat /etc/firehol/firehol.conf

version 5
# Chef :
INTERNET_IF="eth0"
# Iroquois : http https ssh
IROQUOIS_IP="192.168.1.80"
IROQUOIS_IF="br0"

dnat to "${IROQUOIS_IP}" inface "${INTERNET_IF}" proto tcp dport 22
dnat to "${IROQUOIS_IP}" inface "${INTERNET_IF}" proto tcp dport 53
dnat to "${IROQUOIS_IP}" inface "${INTERNET_IF}" proto udp dport 53
dnat to "${IROQUOIS_IP}" inface "${INTERNET_IF}" proto tcp dport 80
dnat to "${IROQUOIS_IP}" inface "${INTERNET_IF}" proto tcp dport 443
dnat to "${IROQUOIS_IP}" inface "${INTERNET_IF}" proto tcp dport 8080

interface "${IROQUOIS_IF}" iroquois
        policy accept
        server all accept
        client all accept
interface "${INTERNET_IF}" internet
        protection strong 10/sec 10
        server all accept
        server ident reject with tcp-reset
        client all accept

router iroquois2internet inface "${IROQUOIS_IF}" outface "${INTERNET_IF}"
        masquerade
        route all accept
router internet2iroquois inface "${INTERNET_IF}" outface "${IROQUOIS_IF}"
        route all accept
        route ident reject with tcp-reset

## Iroquois ##
I try different IPs but I don't know what to put in the interfaces file to make it working.

How to reach my vm from the Internet ?

Last edited by Butters42 (2009-07-25 17:25:00)

Offline

Pages: 1

Board footer

Powered by FluxBB