On Fri, May 27, 2005 at 12:24:12PM +0200, Herbert Poetzl wrote: > > Hi Gilles! > > here is an example setup how to accomplish your 'funny' > routing scenario ... enjoy! > > > > +---------------------+ > | | > | Host 1 | > | | +-------------------+ > | 192.168.0.1/24 | | | > | | | Host2 (FW) | > | 172.16.0.2/16 | | | > | 172.17.0.2/16 | | 192.168.0.2/24 | > | | | | > | +-----------------+ | | 172.16.0.2/16 | > | | | | eth0.2 | 172.17.0.2/16 | > | | Guest 1 | | 172.16.0.0/16 | | > | | +----------------------+ | > | | 172.16.0.1/16 | | | ` | > | | | | | ¦ | > | +-----------------+ | | ¦ | > | | | ¦ rules | > | +-----------------+ | | ¦ | > | | | | eth0.3 | ¦ | > | | Guest 2 | | 172.17.0.0/16 | , | > | | +----------------------+ | > | | 172.17.0.1/16 | | | | > | | | | +-------------------+ > | +-----------------+ | > | | > +---------------------+ > > > Tested as two QEMU instances connected via a simple > bridging setup on the real machine ... > > Bridge on Real: > =============== > > ifconfig tun0 0.0.0.0 up > ifconfig tun1 0.0.0.0 up > > brctl addbr br0 > brctl addif br0 tun0 > brctl addif br0 tun1 > > > Host 1 Setup: > ============= > > /* basic network setup for QEMU */ > ifconfig lo 127.0.0.1 > ifconfig eth0 hw ether 00:00:00:00:00:01 > ifconfig eth0 192.168.0.1 > > /* create VLAN taggings */ > vconfig add eth0 2 > vconfig add eth0 3 > > /* configure interfaces */ > ifconfig eth0.2 172.16.0.1 > ifconfig eth0.3 172.17.0.1 > > Host 2 Setup: > ============= > > /* basic network setup for QEMU */ > ifconfig lo 127.0.0.1 > ifconfig eth0 hw ether 00:00:00:00:00:02 > ifconfig eth0 192.168.0.2 > > /* create VLAN taggings */ > vconfig add eth0 2 > vconfig add eth0 3 > > /* configure interfaces */ > ifconfig eth0.2 172.16.0.2 > ifconfig eth0.3 172.17.0.2 > > > Host 1 Magic: > ============= > > /* default gw for Guest 1 */ > ip rule add from 172.16.0.1 table 16 > ip route add default via 172.16.0.2 table 16 > ip route del 172.16.0.0/16 > > /* default gw for Guest 2 */ > ip rule add from 172.17.0.1 table 17 > ip route add default via 172.17.0.2 table 17 > ip route del 172.17.0.0/16 > > /* nat to avoid local table */ > iptables -t nat -A OUTPUT -d 172.17.0.1 -j DNAT --to 172.17.1.1 > iptables -t nat -A OUTPUT -d 172.16.0.1 -j DNAT --to 172.16.1.1
if you want to see the 'correct' IPs on Host 1 too, just add the following rules: iptables -t nat -A POSTROUTING -s 172.17.1.1 -j SNAT --to 172.17.0.1 iptables -t nat -A POSTROUTING -s 172.16.1.1 -j SNAT --to 172.16.0.1 (somehow I didn't care though) > > Host 2 Magic: > ============= > > /* enable forwarding */ > echo 1 >/proc/sys/net/ipv4/ip_forward > > /* nat between 172.16.1.1 and 172.16.0.1 */ > iptables -t nat -A PREROUTING -d 172.16.1.1 -j DNAT --to 172.16.0.1 > iptables -t nat -A POSTROUTING -s 172.16.0.1 -j SNAT --to 172.16.1.1 > > /* nat between 172.17.1.1 and 172.17.0.1 */ > iptables -t nat -A PREROUTING -d 172.17.1.1 -j DNAT --to 172.17.0.1 > iptables -t nat -A POSTROUTING -s 172.17.0.1 -j SNAT --to 172.17.1.1 > > > _______________________________________________ > Vserver mailing list > Vserver@list.linux-vserver.org > http://list.linux-vserver.org/mailman/listinfo/vserver _______________________________________________ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
