Bridged networking not working because host uses mac filtering

When I follow the Cloudmin install instruction on how to set up bridged networking, I log myself out of my server.

My host explained to me that bridged networking will not work as their system will see this as mac spoofing (they use mac filtering). They recommend that I configure the virtual server through NAT so that it uses the host interface.

Is this alternative way possible with cloudmin?

How can I set this up using webmin or the command line.

Thanks a lot.

Ignatius

Status: 
Active

Comments

This can be done, although unfortunately we don't have documentation for the exact process.

Basically you have to setup your host system with a virtual bridge interface like virbr0 , and then use that as the bridge for VMs instead of br0. Then each VM has to be configured to use your host system as the default gateway, and the host has to be setup as a router.

If you have enough IPs to assign one to each VM, there is no need for NAT.

Thanks a lot:

Do you have any idea what tools could be needed to setup virtual bridge interface (or where to look for information)? Google does not yield much in this respect.

I appears that I may need bridge-utils. Is this correct?

http://www.linuxfromscratch.org/blfs/view/cvs/basicnet/bridge-utils.html

Do I need to modify/recompile the kernel to do this? how?

Will I need 2 IP's from the very beginning to set it up (without NAT)?

Do I need to create a virtual ethernet connections first (like eth0:1) and then create a bridge to it following the cloudmin instructions for br0 and eth0? I tried via webmin, but it did not work.

Any hints or guidance you could give here would be greatly appreciated.

Thanks again.

John

Unfortunately this isn't too well documented .... all I could find on Google was docs on how to remove virbr0 :-( I know some Cloudmin users have done this, but don't know off the top of my head what the exact steps are.

Would using Xen instead of KVM and reverting to CentOS 5 solve this issue?

I was trying to avoid Xen because of its much higher RAM footprint.

And by any chance, do you think that "Libvirt virtual networking" could be necessary to set this up? or could it possibly interfere with Cloudmin as it does some of the same job?

Thanks

John

Using Xen won't help here, as it behaves in basically the same way.

That said, Xen has the same or even less overhead than KVM, and in some ways is superior as it supports additional virtualization features that KVM lacks.

You mentioned that if I have enough IPs to assign one to each VM, there is no need for NAT.

Does this mean that I should associate eth:0 to multiple public IP's (eth0:1, eth0:2, eth0:3 etc.). I would then setup a virtual network and create guests with the corresponding public IP's (a routed network I guess)

But then, how would this virtual network be setup. I could provide the host IP as a gateway, but since this IP is randomly defined via DHCP, the gateway would change every time the machine reboots.

If turned eth0 into a router and defined static routes pointing to my hosts, would I still be able to reach the host?

I am very confused.

Thanks

The host IP isn't static? That certainly isn't going to work too well ..

In a normal setup, each VM and the host would get its own static IP. The host could either act as non-NAT router, or the VM IPs can be directly bridged to the same ethernet interface as the host.

You don't need to ever add eth0:N interfaces on the host, or do proxying.

Could you explain some more about what you are planning to use Cloudmin for?

This is the problem with my host. They use MAC address filtering and dhcp. There is no static IP attached to eth0 and if I want multiple IP's, I have to set them all up as virtual IP's: eth:N.

It seems to me that , each VM and the host could still get its own static IP. The host could act as non-NAT router with static routes and this could easily be done via webmin.

With libvirt providing a virtual switch and network connecting the host and the guests, it seems that this could work.

Would cloudmin accept this? Would it still complain about the absence of a bridge? Could this even work? For some reason, there is no link on which to click to create a new (kvm) guest on my machine. Is this the result of the bridge being missing.

All I am trying to do is create and manage VM's via cloudmin because I am under the impression that there will be less RAM and CPU core restrictions (better load balancing) in my own sever than in a ready made VIrtual server.

Thanks.

I don't think running Cloudmin without multiple static IPs is a good idea..

Is you aim to use this system for web hosting, or something else?

No. I do no wish to run cloudmin without multiple static IP's (i do not believe that I said anything to that effect... However, my English is poor so :-)

Yes. My aim is to use virtual machines for the web hosting of very secure applications for single clients. Having vm's makes the management and recoveries much easier... Or so I hope.

Do you have any answers or comments to the following (copied from my previous post):

Would cloudmin accept this? Would it still complain about the absence of a bridge? Could this even work? For some reason, there is no link on which to click to create a new (kvm) guest on my machine. Is this the result of the bridge being missing.

All I am trying to do is create and manage VM's via cloudmin because I am under the impression that there will be less RAM and CPU core restrictions (better load balancing) in my own sever than in a ready made VIrtual server.

Thanks.

In that case, you could use Cloudmin to create VMs that are only on a "private" bridge like virbr0, and assign them private IP addresses in the 192.168 range. You could then setup Apache proxy rules to forward requests for some URLs or paths to apps on these VMs.

Cloudmin will support this just fine - the only catch is that you need to setup the bridge manually. For docs on that, have a look at : http://wiki.libvirt.org/page/Networking

Thanks,

I am surprised that traffic should go through Apache. I never thought that I would need apache on the host (the less deamons there, the better). If the host is set up as a router. I am not sure why this would be necessary. If I had multiple static IP's I could point one of them to the host and the others to Virtual Machines via static routes in the host (setup via iptables or webmin/networking ?).

Thanks again