IPTABLE & IP-routed netwok solution for HOST net and VM's subnet
- by Daniel
I've got ProxmoxVE2.1 ruled KVM node on Debian and bunch of VM's guests machine.
That is how my networking looks like:
# network interface settings
auto lo
iface lo inet loopback
# device: eth0
auto eth0
iface eth0 inet static
address 175.219.59.209
gateway 175.219.59.193
netmask 255.255.255.224
post-up echo 1 > /proc/sys/net/ipv4/conf/eth0/proxy_arp
And I've got two working subnet solution
auto vmbr0
iface vmbr0 inet static
address 10.10.0.1
netmask 255.255.0.0
bridge_ports none
bridge_stp off
bridge_fd 0
post-up ip route add 10.10.0.1/24 dev vmbr0
This way I can reach internet, to resolve outside hosts, update and download everything I need but can't reach one guest VM out of any other VM's inside my network.
The second solution allows me to communicate between VM's:
auto vmbr1
iface vmbr1 inet static
address 10.10.0.1
netmask 255.255.255.0
bridge_ports none
bridge_stp off
bridge_fd 0
post-up echo 1 > /proc/sys/net/ipv4/ip_forward
post-up iptables -t nat -A POSTROUTING -s '10.10.0.0/24' -o vmbr1 -j MASQUERADE
post-down iptables -t nat -D POSTROUTING -s '10.10.0.0/24' -o vmbr1 -j MASQUERADE
I can even NAT internal addresses:
-t nat -I PREROUTING -p tcp --dport 789 -j DNAT --to-destination 10.10.0.220:345
My inexperienced mind is ready to double VM's net adapters: one for the first solution and another - for second (with slightly different adresses) but I'm pretty sure that it's a dumb way to resolve the problem and everything can be resolved via iptables/ip route rules that I can't create.
I've tried a dozen of "wizard manuals" and "howto's" to mix both solution but without success. Looking for an advice (and good reading links for networking begginers).