With NM_Controlled=No in the ifcfg file, NM applet shows "Not Managed", so the ifcfg file is being read. What is the extent of interaction of NetworkManager with ifcfg files is unknown....very little information on the net. Seems Network Manager is still mostly unplublished compared to other utilities. Any pointers to literature on this or macro architecture of NM would be appreciated, as Google is not throwing up the right results.
On a separate note however, I'd still like to know how to use a bridge to route packets between two networks.....say network card having address...192.168.1.3 and a kvm based virtual network say 172.31.1.0/24needing to use this device for Internet access (through router 192.168.1.1) using a bridge? How to do it?
With regards. Sanjay.
On 06/01/2012 02:38 AM, Sanjay Arora wrote:
With NM_Controlled=No in the ifcfg file, NM applet shows "Not Managed", so the ifcfg file is being read. What is the extent of interaction of NetworkManager with ifcfg files is unknown....very little information on the net. Seems Network Manager is still mostly unplublished compared to other utilities. Any pointers to literature on this or macro architecture of NM would be appreciated, as Google is not throwing up the right results.
You're right. Documentation is sparse. https://live.gnome.org/NetworkManager/SystemSettings $ man NetworkManager $ man NetworkManager.conf less /usr/share/doc/initscripts-*/sysconfig.txt
On a separate note however, I'd still like to know how to use a bridge to route packets between two networks.....say network card having address...192.168.1.3 and a kvm based virtual network say 172.31.1.0/24needing to use this device for Internet access (through router 192.168.1.1) using a bridge? How to do it?
If your networks are on different IPv4 broadcast domains (as you describe), you don't want a bridge.
If you want bridged networking with KVM, your guests will be on the same network as the host. They'll use your existing DHCP services and routing. They can be configured according to this document: http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6-Beta/html/Virtu...
That configuration used to be reflected here: http://wiki.centos.org/HowTos/KVM ...but someone went and put in some really braindamaged instructions. That should be fixed or removed.
On Mon, Jun 4, 2012 at 10:44 PM, Gordon Messmer yinyang@eburg.com wrote:
On a separate note however, I'd still like to know how to use a bridge to route packets between two networks.....say network card having address...192.168.1.3 and a kvm based virtual network say 172.31.1.0/24needing to use this device for Internet access (through router 192.168.1.1) using a bridge? How to do it?
If your networks are on different IPv4 broadcast domains (as you describe), you don't want a bridge.
If you want bridged networking with KVM, your guests will be on the same network as the host. They'll use your existing DHCP services and routing. They can be configured according to this document: http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6-Beta/html/Virtu...
That configuration used to be reflected here: http://wiki.centos.org/HowTos/KVM ...but someone went and put in some really braindamaged instructions. That should be fixed or removed.
In case of a separate network, should it not be possible to create a dummy bridge or something and forward packets through maybe...NAT....A guy talks of this kind of thing here http://ghantoos.org/2007/10/24/kvmqemu-bridging-with-dummy-network-card/ but I don't quite understand it, because I am not familiar with /etc/network/interfaces.....seems to be ubuntu or some other linux.
I am using /etc/sys-config/network-scripts/ifcfg-xxx files. or any other forwarding system...but don't know how?
Any ideas of how to do it with separate IP addressing? The main network is out of my control and I cannot use its IP addresses.
Rgds. Sanjay.
On Fri, Jun 8, 2012 at 8:32 AM, Sanjay Arora sanjay.k.arora@gmail.com wrote:
Any ideas of how to do it with separate IP addressing? The main network is out of my control and I cannot use its IP addresses.
Bridging will require everything to have it's own IP address from the main network - which might work if it has DHCP service and available addresses. But you probably want NAT, where the guests have a private network space but outbound connections use the host's address. I've only done that with vmware and openbox so I can't help with the kvm setup but the concept should be the same.
On 06/08/2012 06:32 AM, Sanjay Arora wrote:
In case of a separate network, should it not be possible to create a dummy bridge or something and forward packets through maybe...NAT....
If you want to use NAT and keep your guests in a segregated network, that is exactly how the default install behaves. You don't have to do any network-specific configuration.
Bridged networking is only required when you *don't* want the KVM host to use NAT for the guests.
On Sat, Jun 9, 2012 at 6:59 AM, Gordon Messmer
If you want to use NAT and keep your guests in a segregated network, that is exactly how the default install behaves. You don't have to do any network-specific configuration.
But that segregated network does not have access to the Internet....or am I wrong?
On Mon, Jun 11, 2012 at 4:45 PM, Sanjay Arora sanjay.k.arora@gmail.comwrote:
On Sat, Jun 9, 2012 at 6:59 AM, Gordon Messmer
If you want to use NAT and keep your guests in a segregated network, that is exactly how the default install behaves. You don't have to do any network-specific configuration.
But that segregated network does not have access to the Internet....or am I wrong?
I'm just jumping in and may not have read everything, but having the NAT
option will still allow Internet access to the guest if the host is setup to allow this (which is the default on most virtual hosts as far as I'm aware). But you may find it harder to access the NAT guest if you're trying to access it from another system on the same network as the host system.
You can always setup multiple NIC's on the guest.
On Mon, Jun 11, 2012 at 3:42 PM, Ross Cavanagh ross.cav@gmail.com wrote:
I'm just jumping in and may not have read everything, but having the NAT
option will still allow Internet access to the guest if the host is setup to allow this (which is the default on most virtual hosts as far as I'm aware). But you may find it harder to access the NAT guest if you're trying to access it from another system on the same network as the host system.
You can always setup multiple NIC's on the guest.
Now I wonder why I did not think of so simple an idea! Simply put in a multi-port NIC card,
Another questions...I put in another network port & I end up with 3 NICs & 3 bridges...One providing Internet access, One providing routing to virtual hosts and one providing route to ltsp network.
Now, traffic among these three networks will be routed automatically or do I have to put in some code to enable traffic between these three networks & internet access to the virtual host & ltsp network?
On Mon, Jun 11, 2012 at 3:42 PM, Ross Cavanagh ross.cav@gmail.com wrote:
I'm just jumping in and may not have read everything, but having the NAT
option will still allow Internet access to the guest if the host is setup to allow this (which is the default on most virtual hosts as far as I'm aware). But you may find it harder to access the NAT guest if you're
trying
to access it from another system on the same network as the host system.
You can always setup multiple NIC's on the guest.
Now I wonder why I did not think of so simple an idea! Simply put in a multi-port NIC card,
Another questions...I put in another network port & I end up with 3 NICs & 3 bridges...One providing Internet access, One providing routing to virtual hosts and one providing route to ltsp network.
Now, traffic among these three networks will be routed automatically or do I have to put in some code to enable traffic between these three networks & internet access to the virtual host & ltsp network?
It shouldn't be a problem, because if it's different networks, the system
will send them accordingly (as far as I'm aware). If it does come to any issues with the networks, you can always setup static routes if required.
On Mon, Jun 11, 2012 at 4:00 PM, Ross Cavanagh ross.cav@gmail.com wrote:
Now, traffic among these three networks will be routed automatically or do I have to put in some code to enable traffic between these three networks & internet access to the virtual host & ltsp network?
It shouldn't be a problem, because if it's different networks, the system
will send them accordingly (as far as I'm aware). If it does come to any issues with the networks, you can always setup static routes if required.
Thanks. I guess this problem is solved with a workaround. Good enuff for me!
On 06/11/2012 03:22 AM, Sanjay Arora wrote:
Now I wonder why I did not think of so simple an idea! Simply put in a multi-port NIC card,
Another questions...I put in another network port & I end up with 3 NICs & 3 bridges...One providing Internet access, One providing routing to virtual hosts and one providing route to ltsp network.
Now, traffic among these three networks will be routed automatically
No. Multi-homing in this fashion is complex. You will require advanced routing on all of the guests to accomplish it.
Shorewall makes this easier, but you'll need to create multiple routing tables using 'ip route', mark packets based on their destination, and then select the appropriate routing table based on firewall marks.
This is not a simple idea.
On Tue, Jun 12, 2012 at 10:43 AM, Gordon Messmer yinyang@eburg.com wrote:
No. Multi-homing in this fashion is complex. You will require advanced routing on all of the guests to accomplish it.
Shorewall makes this easier, but you'll need to create multiple routing tables using 'ip route', mark packets based on their destination, and then select the appropriate routing table based on firewall marks.
This is not a simple idea.
Since I am routing a complete class C network between two bridges, I'll have to add a ip route add script in every guest & ltsp host in rc.local
Will try this out. But can live with this....as long as it provides unfettered to & fro access to all hosts, virtual or ltsp. Thanks again.
On Tue, Jun 12, 2012 at 10:40 AM, Gordon Messmer yinyang@eburg.com wrote:
On 06/11/2012 12:45 AM, Sanjay Arora wrote:
But that segregated network does not have access to the Internet....or am I wrong?
You're wrong. The automatically created network will have internet access via NAT.
Thanks. But through NAT inward access would not be possible...right? NAT only provides outward access.
On 06/11/12 11:58 PM, Sanjay Arora wrote:
Thanks. But through NAT inward access would not be possible...right? NAT only provides outward access.
you can port forward specific protocols through NAT
On 06/11/2012 11:58 PM, Sanjay Arora wrote:
Thanks. But through NAT inward access would not be possible...right? NAT only provides outward access.
Yes, but you said that you couldn't make changes to the existing network. If that's true, then you can't add a route from the existing network to the network that you're adding for KVM guests. NAT would be your only option.
On Tue, Jun 12, 2012 at 10:09 AM, Gordon Messmer yinyang@eburg.com wrote:
On 06/11/2012 11:58 PM, Sanjay Arora wrote:
Thanks. But through NAT inward access would not be possible...right? NAT only provides outward access.
Yes, but you said that you couldn't make changes to the existing network. If that's true, then you can't add a route from the existing network to the network that you're adding for KVM guests. NAT would be your only option.
It might be easier to suggest an approach if you describe what you need to do. You can't magically make new public addresses that aren't available appear on an existing network, whether it is on real or virtual NICs. But there are ways to tunnel access to different private networks to each other or to reverse-proxy connections to a public address to a server on a private address.
On Tue, Jun 12, 2012 at 9:19 PM, Les Mikesell lesmikesell@gmail.com wrote:
It might be easier to suggest an approach if you describe what you need to do. You can't magically make new public addresses that aren't available appear on an existing network, whether it is on real or virtual NICs. But there are ways to tunnel access to different private networks to each other or to reverse-proxy connections to a public address to a server on a private address.
My machine is on LAN 192.168.1.0/24, has an IP of 192.168.1.3. This Network has GW 192.168.1.1 which is an adsl router in the office. No firewall on the router. Other LAN machines have IPs in the 192.168.1.0/24 network & I'm not allowed to use those IPs. They are reserved for LAN use.
Now My machine has a second card for LTSP Network (it is a LTSP Server) with IP 172.16.1.0/24
I want Virtual hosts on my machine so I have to have a different IP range....say 192.168.2.0/24
And I want routing among three as well as Internet access through the NATTED adsl router which has a dynamic IP.
This is my problem.
On 06/12/12 11:52 PM, Sanjay Arora wrote:
And I want routing among three as well as Internet access through thet NATTED adsl router which has a dynamic IP.
for that sort of routing to work, all the other hosts on hte 2 LANs will need to know the route to that subnet is via the NIC interfaces of the host.. this can be done via RIP or another route announcement protocol, or it can be done by statically configuring the routes on each host. the internet router will need to know that route too.
On Wed, Jun 13, 2012 at 1:52 AM, Sanjay Arora sanjay.k.arora@gmail.com wrote:
It might be easier to suggest an approach if you describe what you need to do. You can't magically make new public addresses that aren't available appear on an existing network, whether it is on real or virtual NICs. But there are ways to tunnel access to different private networks to each other or to reverse-proxy connections to a public address to a server on a private address.
My machine is on LAN 192.168.1.0/24, has an IP of 192.168.1.3. This Network has GW 192.168.1.1 which is an adsl router in the office. No firewall on the router. Other LAN machines have IPs in the 192.168.1.0/24 network & I'm not allowed to use those IPs. They are reserved for LAN use.
OK, I don't quite understand what 'reserved for LAN' use means. I'll assume it means someone else controls it and they won't cooperate if you bridge you VM's to the LAN. In most scenarios, the adsl router would give out DHCP addresses and unless you run out, bridged machines would just grab their own address and work just like a new physical machine.
Now My machine has a second card for LTSP Network (it is a LTSP Server) with IP 172.16.1.0/24
I want Virtual hosts on my machine so I have to have a different IP range....say 192.168.2.0/24
And I want routing among three as well as Internet access through the NATTED adsl router which has a dynamic IP.
This is my problem.
You still don't say what kind of access you need - or why you can't bridge on the 172.16.1.0 side which eliminates half of the problem. Outbound connections are easy - your LTSP clients probably already have that via NAT on the server, and they also should be using the server as their default gateway. If you don't want the VM guests on the same subnet, you can create a new guest-only subnet with the same setup as the LTSP side (server is default gateway and can route among all networks). So you only have a problem if you need to accept inbound connections from the LAN or internet. You probably don't have that now for the LTSP subnet. Do you need it for the VMs?
On Wed, Jun 13, 2012 at 9:12 PM, Les Mikesell lesmikesell@gmail.com wrote:
On Wed, Jun 13, 2012 at 1:52 AM, Sanjay Arora sanjay.k.arora@gmail.com wrote:
OK, I don't quite understand what 'reserved for LAN' use means. I'll assume it means someone else controls it and they won't cooperate if
Correct.
you bridge you VM's to the LAN. In most scenarios, the adsl router would give out DHCP addresses and unless you run out, bridged machines would just grab their own address and work just like a new physical machine.
True Enough but the adsl Ip range is not in my control as you have assumed correctly.
Now My machine has a second card for LTSP Network (it is a LTSP Server) with IP 172.16.1.0/24
I want Virtual hosts on my machine so I have to have a different IP range....say 192.168.2.0/24
And I want routing among three as well as Internet access through the NATTED adsl router which has a dynamic IP.
This is my problem.
You still don't say what kind of access you need
Basically accessing the VMs from the Internet....ssh, vnc, rdp, ftp & so on...different needs for different vm.
- or why you can't
bridge on the 172.16.1.0 side which eliminates half of the problem. Outbound connections are easy - your LTSP clients probably already have that via NAT on the server, and they also should be using the server as their default gateway.
Yes LTSP has outward NAT access...require the same inward access there too...
If you don't want the VM guests on the same subnet, you can create a new guest-only subnet with the same setup as the LTSP side (server is default gateway and can route among all networks). So you only have a problem if you need to accept inbound connections from the LAN or internet. You probably don't have that now for the LTSP subnet. Do you need it for the VMs?
Yes to both.
On 06/14/12 10:51 PM, Sanjay Arora wrote:
True Enough but the adsl Ip range is not in my control as you have assumed correctly.
when you bridge virtual hosts to a LAN, they appear just like they are real machines plugged into the same LAN. they'll each get their own IP from the ADSL router's DHCP.
why is this a problem? are you not allowed to plug in multiple systems?
as I previously explained, if you create a separate subnet for your VMs, you'll need to route them, and ALL the hosts on the LAN including the ADSL internet gateway will need to know this route or they (and the internet) wont work for those VMs. alternately, you use NAT, and then your VM's aren't externally visible, but they can connect out to the internet (which will appear to your router like your host system is doing the connections)
On 06/14/12 10:51 PM, Sanjay Arora wrote:
You still don't say what kind of access you need
Basically accessing the VMs from the Internet....ssh, vnc, rdp, ftp& so on...different needs for different vm.
how will that work if you have no control over the ADSL internet router? the internet can only see the IP of the ADSL gateway, and can't connect to ANY systems behind it, unless that router has port forwarding setup.
On Fri, Jun 15, 2012 at 12:51 AM, Sanjay Arora sanjay.k.arora@gmail.com wrote:
You still don't say what kind of access you need
Basically accessing the VMs from the Internet....ssh, vnc, rdp, ftp & so on...different needs for different vm.
You should be able to make outbound connections that originate from the VMs through NAT. Direct inbound connections over the internet are impossible without a public address. or at least port-forwarding configured on the router - which it will probably only do to its own subnet. You could tunnel access through a VPN, though. OpenVPN on your server would be able to make an outbound connection through the nat to another site and you could route the private addresses through the VPN tunnel. Without support on the router, your VPN can only connect to pre-arranged public IP addresses. If you can get a single port (preferably UDP) forwarded on the router to your server, you would be able to connect from anywhere with an openvpn client which would be able to route for that host or for a remote site.
- or why you can't
bridge on the 172.16.1.0 side which eliminates half of the problem. Outbound connections are easy - your LTSP clients probably already have that via NAT on the server, and they also should be using the server as their default gateway.
Yes LTSP has outward NAT access...require the same inward access there too...
What about the server? Do you have any existing way set up for inward connections to it? If so, you can use a VPN or ssh port-forwarding, or reverse-proxy connections where a vpn will be the most generic. However, you have to be just as careful about firewalling such connections as at the main router you are trying to bypass. It is a bad idea to do this without support from your network administrator.
On Jun 13, 2012, at 2:52 AM, Sanjay Arora sanjay.k.arora@gmail.com wrote:
My machine is on LAN 192.168.1.0/24, has an IP of 192.168.1.3. This Network has GW 192.168.1.1 which is an adsl router in the office. No firewall on the router. Other LAN machines have IPs in the 192.168.1.0/24 network & I'm not allowed to use those IPs. They are reserved for LAN use.
Now My machine has a second card for LTSP Network (it is a LTSP Server) with IP 172.16.1.0/24
Can your VMs request IPs on this network or is it NAT'd as well?
I want Virtual hosts on my machine so I have to have a different IP range....say 192.168.2.0/24
Maybe better to use LTSP network IPs and use the 192.168 bridge interface for Internet only giving out dnsmasq IPs which are 169.X I believe?
And I want routing among three as well as Internet access through the NATTED adsl router which has a dynamic IP.
If you have 172.16 IPs on the VMs for the LTSP bridged network, then use dnsmasq to assign dynamic IPs for the Internet NAT'd bridge on the 192.168 network, set a default route out the Internet NAT'd bridged interfaces and you should get what you want.
-Ross
-
Gordon Messmer -
John R Pierce -
Les Mikesell -
Ross Cavanagh -
Ross Walker -
Sanjay Arora