Re: Questions about NetBSD and virtual networks

To: Michael van Elst <mlelstv%serpens.de@localhost>
Subject: Re: Questions about NetBSD and virtual networks
From: Ib-Michael Martinsen <i.m.martinsen%gmail.com@localhost>
Date: Sun, 30 Oct 2011 22:39:37 +0100

Michael van Elst writes:
 > On Sun, Oct 30, 2011 at 05:24:00PM +0100, Ib-Michael Martinsen wrote:
 > 
 > Hi,
 > 
 > > Michael van Elst writes:
 > > 
 > >  > Your guest OS knows how to reach the world via its default gateway
 > >  > but the world doesn't know how to reach the guest OS. Everything
 > >  > else on your local network including your router only knows about
 > >  > 192.168.0.0/24 and will fall back to their default route (probably the
 > >  > internet connection) to reach other networks including 192.168.1.0/24.
 > >  > 
 > >  > Your router needs to know about 192.168.1.0/24 and maybe needs a
 > >  > NAT configuration for it.
 > >  > 
 > >  > If you then use different networks, it is usually better to route
 > >  > than to switch. I.e. disable the bridge and configure ip forwarding.
 > > 
 > > I think I understand what you are saying, but this will kind of
 > > circumvent what I am trying to do.
 > 
 > It is pretty simple. If your router only knows one network (192.168.0.0/24)
 > then only that network will have internet access. So the question is,
 > why do you want a second network (192.168.1.0/24) ?

I would like my virtual servers to run on a dedicated network
different from my ordinary LAN network. At the same time it would be
convenient with internet access from the virtual servers.

 > > Furthermore, the facility to add
 > > routes in my router (a D-Link DIR-655) has been disabled in my current
 > > firmware (odd choice by D-Link!) and I have not yet found a firmware
 > > version with this functionality.
 > > 
 > > Is there some way to establish this routing functionality on the
 > > NetBSD host, preferably on the bridge?
 > 
 > It doesn't help.
 > 
 > guestOS (192.168.1.2) via default route to tap-Interface (192.168.1.1)
 >                       via default route to router (192.168.0.1)
 >                       establish NAT session using your public IP (*)
 >                                        via your providers peer router to the 
 > internet.
 > 
 > (*) your router needs to know that it has to maintain a NAT session
 > for a host on 192.168.1.0/24.
 > 
 > internet              via your providers peer router to your public IP
 >                       using NAT session to translate to guestOS (*1)
 >                                        via local 192.168.1.0/24 route to 
 > your host (*2)
 >                                        via directly connected interface to 
 > guestOS
 > 
 > (*1) your router needs to maintain a NAT session for a host on 192.168.1.0/24
 > (*2) your router needs to know that it reaches the network 192.168.1.0/24
 >      via your host system.
 > 
 > None of the marked conditions are met by your router or could be
 > handled by a different system.

When you say it that way I am almost convinced :-)

So to setup a physical LAN and one or more virtual LANs on a single
host, you will have to use NAT to enable the VLAN servers to access
the host gateway (and the internet)?

 > If you use only one network there is no problem.
 > 
 > guestOS (192.168.0.2) via default route to your router (192.168.0.1) (*)
 >                       establish NAT session using your public IP
 >                                        via your providers peer router to the 
 > internet.
 > 
 > internet              via your providers peer router to your public IP
 >                       using NAT session to translate to guestOS
 >                                        via local 192.168.0.0/24 route to 
 > guestOS (*)
 > 
 > (*) the packets are bridged between the physical network segment and
 >     the virtual network segment. This is transparent to IP.

Yes, I have verified this.

 > > I have tried routed without any success.
 > 
 > RIP is a very simple protocol to handle a dynamically changing
 > environment. It won't do anything else than you when you add/change/delete
 > routes manually.

Of course. Silly me!

 > > An additional question: If eveything on my local network (except the
 > > guest OS) knows nothing about the 192.168.1.0/24 network, how come I
 > > can ssh from the host (192.168.0.3) to the guest OS (192.168.1.10)?
 > 
 > Your host does know about 192.168.1.0/24 because you have configured
 > the tap interface.
 > 
 > 
 > > Is that because all devices (and nothing else) on the virtual bridge
 > > can be seen by each other?
 > 
 > It is either the bridge or you have set the sysctl net.inet.ip.forwarding=1.

I don't have net.inet.ip.forwarding=1, so it must be the bridge then.

Thank you for taking the time to answer my questions.

Kind regards
  Ib-Michael
-- 
Email: i.m.martinsen(at)gmail.com
Running NetBSD/i386 v5.1

Follow-Ups:
- Re: Questions about NetBSD and virtual networks
  - From: Michael van Elst

References:
- Questions about NetBSD and virtual networks
  - From: Ib-Michael Martinsen
- Re: Questions about NetBSD and virtual networks
  - From: Michael van Elst
- Re: Questions about NetBSD and virtual networks
  - From: Ib-Michael Martinsen
- Re: Questions about NetBSD and virtual networks
  - From: Michael van Elst

Prev by Date: Re: netbsd on lenovo T410s
Next by Date: Re: Questions about NetBSD and virtual networks
Previous by Thread: Re: Questions about NetBSD and virtual networks
Next by Thread: Re: Questions about NetBSD and virtual networks
Indexes:

Home | Main Index | Thread Index | Old Index