I have access to an openstack account where I can create Linux 14.04 VMs. I have created two network interfaces.
"public-net" which is connected to the internet through a router
"private-net" which is not exposed the internet
Now, I have created one VM, named "GATEWAY" which is connected to both the network interfaces and it has two internet address on eth0 (10.70.0.6) and eth1 (10.90.0.1). eth0 is exposed to the internet and eth1 is for the private network. The GATEWAY VM has a public ip-address on eth0.
Now I have created one more VM, named "AGENT" on private-net interface. ip address is 10.90.0.7 and make the default gateway as 10.90.0.1 (GATEWAY vm machine)
As the private VM is not exposed to any router so we can not have internet access to the VM. To enable internet access I have added a NAT rule on the GATEWAY vm as below:
sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
This will change the source address of all internet packets leaving the host GATEWAY as the address of the GATEWAY machine. Also, set the ipv4 packet forwarding=1 in the GATEWAY machine.
I can ping any external address from the GATEWAY machine but not from the internal agent machine. Not to mention that this private AGENT machine does not have internet access too.
Can anyone please help me set up the gateway VM such a way so that I can use it as a router and bring internet access to the private machines.
This is how my routing table looks like in AGENT machine:
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 10.90.0.1 0.0.0.0 UG 0 0 0 eth0
10.90.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
169.254.169.254 10.90.0.2 255.255.255.255 UGH 0 0 0 eth0
192.168.122.0 0.0.0.0 255.255.255.0 U 0 0 0 virbr0
Here I am adding my tcpdump for icmp ping on both the intefaces.
eth1: interface connecting to private network.
18:43:39.309771 IP host-10-90-0-7.openstacklocal > 172.217.3.14: ICMP echo request, id 2395, seq 1, length 64
18:43:39.355430 IP 172.217.3.14 > host-10-90-0-7.openstacklocal: ICMP echo reply, id 2395, seq 1, length 64
18:43:40.318637 IP host-10-90-0-7.openstacklocal > 172.217.3.14: ICMP echo request, id 2395, seq 2, length 64
18:43:40.364178 IP 172.217.3.14 > host-10-90-0-7.openstacklocal: ICMP echo reply, id 2395, seq 2, length 64
eth0: interface connecting to the internet.
18:43:39.309796 IP host-10-70-0-6.openstacklocal > 172.217.3.14: ICMP echo request, id 2395, seq 1, length 64
18:43:39.355396 IP 172.217.3.14 > host-10-70-0-6.openstacklocal: ICMP echo reply, id 2395, seq 1, length 64
18:43:40.318679 IP host-10-70-0-6.openstacklocal > 172.217.3.14: ICMP echo request, id 2395, seq 2, length 64
18:43:40.364154 IP 172.217.3.14 > host-10-70-0-6.openstacklocal: ICMP echo reply, id 2395, seq 2, length 64
18:43:41.326618 IP host-10-70-0-6.openstacklocal > 172.217.3.14: ICMP echo request, id 2395, seq 3, length 64
Here I can see, ping respons is coming from the external address and its travelling both the intefaces. Even though it's being received by the eth1 to the private VM, its saying ping lost 100% packets.
--------- ------------------- ------------- ------------
INTERNET |----| openstack-router| --10.70.0.1 --------10.70.0.6(NIC eth0) --| GATEWAY-VM |-- 10.90.0.1(NIC eth1) ---------10.90.0.7(NIC eth0) --| AGENT-VM |
--------- ------------------- ------------- ------------
No comments:
Post a Comment