Virtual Machine routing On Ubuntu
mike at dev-zero.net
Sat Jun 19 01:40:32 MDT 2010
Charles Curley wrote:
> On Thu, 17 Jun 2010 19:45:50 -0600
> Richard Esplin <richard-lists at esplins.org> wrote:
>> What virtualization software (hypervisor) are you using? VMWare,
>> VirtualBox, KVM, Xen?
>> How did you set up the NIC in the hypervisor? NAT vs bridged vs
> It says here, "Forwarding: NAT to any physical device".
>> In Virtualbox I set up two NICs, one as NAT and one as host-only in
>> order to make my VM available to other VMs, the host, and enable
>> access to the outside world while still protecting it from the host's
>> physical network.
> What's the difference between NAT and host-only?
> I assume that in this context NAT means Network Address Translation,
> i.e. the host acts as a firewall and does NATting.
> The software I'm using is libvirt 0.7.0.
> I also see that from a VM I can ping the host's virtual interface, i.e.
> the IF on the virtual network. I can also ping its physical IF, which
> is on a separate network
>> On Thursday, June 17, 2010 18:32:17 Charles Curley
>> <charlescurley at charlescurley.com> wrote:
>>> I have several VMs on a Ubuntu 9.10 host, and they have networking
>>> set up. I can ssh in to them from the host, but not from other
>>> machines, in spite of having the route set up correctly on the
>>> other machines.
>>> I also notice that I can get updates on the VMs (yum, apt, etc.) but
>>> not web pages from the outside world. But I can get web pages from
>>> the host.
>>> So something is filtering the virtual network. What is it and how
>>> do I control it?
are you using a gui or wrapper around libvirt to manage your VMs or are
you using the libvirt tools directly? can you see the XML domain
definitions for the VMs? if so, how is the networking configured for the
VMs and on the host? what is the full command line that was used to
invoke the qemu process? `cat /proc/<pid of vm qemu process>/cmdline` to
as i understand it, the difference between a 'NAT' configuration and a
'host-only' configuration is that the necessary stuff for the host to
perform NAT is done during the network configuration where host-only
doesn't. so in host-only, there are no routes configured for the vms to
reach outside networks automatically.
from your description, it almost sounds like you are configuring
multiple networks. one for each vm and then doing routing on the host
between the vms. if this is how it is done, is ip forwarding enabled on
the host? `cat /proc/sys/net/ipv4/ip_forward` to check. it sounds like
it might not be since you are having trouble getting to the outside
world from your vms. my next guess would be that there are rules in the
iptables firewall that are preventing FORWARD traffic from getting
between the hosts.
these links may also help you in your quest.
hope that helps
More information about the PLUG