From: Herbert Poetzl (herbert_at_13thfloor.at)
Date: Fri 27 May 2005 - 11:35:19 BST
On Fri, May 27, 2005 at 12:24:12PM +0200, Herbert Poetzl wrote:
>
> Hi Gilles!
>
> here is an example setup how to accomplish your 'funny'
> routing scenario ... enjoy!
>
>
>
> +---------------------+
> | |
> | Host 1 |
> | | +-------------------+
> | 192.168.0.1/24 | | |
> | | | Host2 (FW) |
> | 172.16.0.2/16 | | |
> | 172.17.0.2/16 | | 192.168.0.2/24 |
> | | | |
> | +-----------------+ | | 172.16.0.2/16 |
> | | | | eth0.2 | 172.17.0.2/16 |
> | | Guest 1 | | 172.16.0.0/16 | |
> | | +----------------------+ |
> | | 172.16.0.1/16 | | | ` |
> | | | | | ¦ |
> | +-----------------+ | | ¦ |
> | | | ¦ rules |
> | +-----------------+ | | ¦ |
> | | | | eth0.3 | ¦ |
> | | Guest 2 | | 172.17.0.0/16 | , |
> | | +----------------------+ |
> | | 172.17.0.1/16 | | | |
> | | | | +-------------------+
> | +-----------------+ |
> | |
> +---------------------+
>
>
> Tested as two QEMU instances connected via a simple
> bridging setup on the real machine ...
>
> Bridge on Real:
> ===============
>
> ifconfig tun0 0.0.0.0 up
> ifconfig tun1 0.0.0.0 up
>
> brctl addbr br0
> brctl addif br0 tun0
> brctl addif br0 tun1
>
>
> Host 1 Setup:
> =============
>
> /* basic network setup for QEMU */
> ifconfig lo 127.0.0.1
> ifconfig eth0 hw ether 00:00:00:00:00:01
> ifconfig eth0 192.168.0.1
>
> /* create VLAN taggings */
> vconfig add eth0 2
> vconfig add eth0 3
>
> /* configure interfaces */
> ifconfig eth0.2 172.16.0.1
> ifconfig eth0.3 172.17.0.1
>
> Host 2 Setup:
> =============
>
> /* basic network setup for QEMU */
> ifconfig lo 127.0.0.1
> ifconfig eth0 hw ether 00:00:00:00:00:02
> ifconfig eth0 192.168.0.2
>
> /* create VLAN taggings */
> vconfig add eth0 2
> vconfig add eth0 3
>
> /* configure interfaces */
> ifconfig eth0.2 172.16.0.2
> ifconfig eth0.3 172.17.0.2
>
>
> Host 1 Magic:
> =============
>
> /* default gw for Guest 1 */
> ip rule add from 172.16.0.1 table 16
> ip route add default via 172.16.0.2 table 16
> ip route del 172.16.0.0/16
>
> /* default gw for Guest 2 */
> ip rule add from 172.17.0.1 table 17
> ip route add default via 172.17.0.2 table 17
> ip route del 172.17.0.0/16
>
> /* nat to avoid local table */
> iptables -t nat -A OUTPUT -d 172.17.0.1 -j DNAT --to 172.17.1.1
> iptables -t nat -A OUTPUT -d 172.16.0.1 -j DNAT --to 172.16.1.1
if you want to see the 'correct' IPs on Host 1 too,
just add the following rules:
iptables -t nat -A POSTROUTING -s 172.17.1.1 -j SNAT --to 172.17.0.1
iptables -t nat -A POSTROUTING -s 172.16.1.1 -j SNAT --to 172.16.0.1
(somehow I didn't care though)
>
> Host 2 Magic:
> =============
>
> /* enable forwarding */
> echo 1 >/proc/sys/net/ipv4/ip_forward
>
> /* nat between 172.16.1.1 and 172.16.0.1 */
> iptables -t nat -A PREROUTING -d 172.16.1.1 -j DNAT --to 172.16.0.1
> iptables -t nat -A POSTROUTING -s 172.16.0.1 -j SNAT --to 172.16.1.1
>
> /* nat between 172.17.1.1 and 172.17.0.1 */
> iptables -t nat -A PREROUTING -d 172.17.1.1 -j DNAT --to 172.17.0.1
> iptables -t nat -A POSTROUTING -s 172.17.0.1 -j SNAT --to 172.17.1.1
>
>
> _______________________________________________
> Vserver mailing list
> Vserver_at_list.linux-vserver.org
> http://list.linux-vserver.org/mailman/listinfo/vserver
_______________________________________________
Vserver mailing list
Vserver_at_list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver