Hi all, I'm having a lot of trouble with building a network for my virtualised OS's.
The server has two physical NICs for LAN and WAN. The host has IP 10.0.0.1. I use the following iptables to bridge them.
iptables -t nat -A POSTROUTING -o wan -j MASQUERADE
iptables -A FORWARD -i wan -o lan -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i lan -o wan -j ACCEPT
I now also have a virtualised Windows Server. I have told the virtual server to use the virbr01 network adapter, which I define in /etc/network/interfaces as below:
# Virtual bridge dummy
auto virbr01-dummy
iface virbr01-dummy inet manual
pre-up /sbin/ip link add virbr01-dummy type dummy
up /sbin/ip link set virbr01-dummy address 52:54:00:77:a4:d6
# Virtual bridge
auto virbr01
iface virbr01 inet static
bridge_ports virbr01-dummy
bridge_stp on
bridge_fd 2
address 10.0.1.1
netmask 255.255.255.0
From the linux host, I can ping 10.0.1.1 successfully, and for the meantime I've set the Windows guest to have a static ip of 10.0.1.2 and a default gateway of 10.0.1.1 (until I move to DHCP).
I'm now having issues connecting to the guest from the host, or the wider LAN network. The iptables I have used are below:
-A FORWARD -d 10.0.0.0/24 -o virbr01 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -s 10.0.0.0/24 -i virbr01 -j ACCEPT
-A FORWARD -i virbr01 -o virbr01 -j ACCEPT
-A POSTROUTING -s 10.0.1.0/24 ! -d 10.0.1.0/24 -j MASQUERADE
As far as I can see, this should forward my requests from the LAN DHCP range, to the virbr01 adapter. But it doesn't. Are my iptables bridging the LAN and WAN ports getting in the way?
Thanks!