Re: Questions about NetBSD and virtual networks

[Michael van Elst <mlelstv%serpens.de@localhost>]

On Sun, Oct 30, 2011 at 05:24:00PM +0100, Ib-Michael Martinsen wrote:

Hi,

> Michael van Elst writes:
> 
>  > Your guest OS knows how to reach the world via its default gateway
>  > but the world doesn't know how to reach the guest OS. Everything
>  > else on your local network including your router only knows about
>  > 192.168.0.0/24 and will fall back to their default route (probably the
>  > internet connection) to reach other networks including 192.168.1.0/24.
>  > 
>  > Your router needs to know about 192.168.1.0/24 and maybe needs a
>  > NAT configuration for it.
>  > 
>  > If you then use different networks, it is usually better to route
>  > than to switch. I.e. disable the bridge and configure ip forwarding.
> 
> I think I understand what you are saying, but this will kind of
> circumvent what I am trying to do.

It is pretty simple. If your router only knows one network (192.168.0.0/24)
then only that network will have internet access. So the question is,
why do you want a second network (192.168.1.0/24) ?


> Furthermore, the facility to add
> routes in my router (a D-Link DIR-655) has been disabled in my current
> firmware (odd choice by D-Link!) and I have not yet found a firmware
> version with this functionality.
> 
> Is there some way to establish this routing functionality on the
> NetBSD host, preferably on the bridge?

It doesn't help.

guestOS (192.168.1.2) via default route to tap-Interface (192.168.1.1)
                      via default route to router (192.168.0.1)
                      establish NAT session using your public IP (*)
                                          via your providers peer router to the 
internet.

(*) your router needs to know that it has to maintain a NAT session
for a host on 192.168.1.0/24.

internet              via your providers peer router to your public IP
                      using NAT session to translate to guestOS (*1)
                                          via local 192.168.1.0/24 route to 
your host (*2)
                                          via directly connected interface to 
guestOS

(*1) your router needs to maintain a NAT session for a host on 192.168.1.0/24
(*2) your router needs to know that it reaches the network 192.168.1.0/24
     via your host system.

None of the marked conditions are met by your router or could be
handled by a different system.

If you use only one network there is no problem.

guestOS (192.168.0.2) via default route to your router (192.168.0.1) (*)
                      establish NAT session using your public IP
                                          via your providers peer router to the 
internet.

internet              via your providers peer router to your public IP
                      using NAT session to translate to guestOS
                                          via local 192.168.0.0/24 route to 
guestOS (*)

(*) the packets are bridged between the physical network segment and
    the virtual network segment. This is transparent to IP.


> I have tried routed without any success.

RIP is a very simple protocol to handle a dynamically changing
environment. It won't do anything else than you when you add/change/delete
routes manually.


> An additional question: If eveything on my local network (except the
> guest OS) knows nothing about the 192.168.1.0/24 network, how come I
> can ssh from the host (192.168.0.3) to the guest OS (192.168.1.10)?

Your host does know about 192.168.1.0/24 because you have configured
the tap interface.


> Is that because all devices (and nothing else) on the virtual bridge
> can be seen by each other?

It is either the bridge or you have set the sysctl net.inet.ip.forwarding=1.



Greetings,
-- 
                                Michael van Elst
Internet: mlelstv%serpens.de@localhost
                                "A potential Snark may lurk in every tree."