Laptops, virtualisation, and networking
Ryan Lynch
ryan.b.lynch at gmail.com
Thu Apr 29 12:13:39 UTC 2010
On Thu, Apr 29, 2010 at 02:33, Dan Irwin <rummymobile at gmail.com> wrote:
> When I'm connected via wifi (or wired) this should work fine, as I can
> bridge the guest network interface onto the host, and let dhcp take
> care of addressing.
>
> When I VPN in, I'm connected via pptp or ipsec. I can't see the same
> bridging/dhcp working on these interfaces as wlan0 or eth0.
>
> This leaves me with a problem. How can I treat virtual machines the
> same regardless of connection method (vpn or ethernet).
>
> I'd like to know if anyone else has faced this problem, and how they solved it.
>
> I'm thinking my laptop might have to somehow advertise the existence
> of a local non-nat rfc1918 network to my vpn server using ospf or rip.
> Seems like a whole lot of overkill, not to mention the potential for
> routing shenanigans.
>
> Failing this I might have to use nat on whatever IP address my laptop
> currently has. This raises the question of which interface to nat,
> wlan0, eth0, ppp0, ppp1, tun0, etc.
>
> Last resort would be to assign two interfaces to each vm, and use the
> correct interface for the kind of connection, either ethernet or vpn.
I can't quite tell from your post, so I apologize if I'm barking up
the wrong tree, here, but is there a reason why you can't NAT the
guest network traffic through the container OS? I did this a couple of
months back, in a similar situation: My guests shared a virtual subnet
w/ an RFC 1918 address, and all the outbound traffic was NAT'd to look
like the rest of the laptop's traffic. Worked pretty well.
You'd need a start/stop script to autodetect the current upstream
gateway and add the right IPTables rules, and to tear it down again
when you stop it. I called my IPTables script from the main "network"
RC script (I wasn't using NetworkManager), but I'm pretty sure you
could use NM's scripting hooks to do the same thing. The point is,
whenever your networking situation changes, the script gets called to
replace the existing NAT settings, if they're not correct, anymore.
I would cut-n-paste the script, but I can't remember where I saved a
copy. It was pretty simple, though, just a few lines of shell script
that called 'ip addr'/'ip route' to get all the gateway info, and
parsed it into the FW rules.
-Ryan
More information about the users
mailing list