CentOS Icon CentOS Logo
CentOS Text
   
  
www.centos.org Forum Index
   CentOS 6 - Networking Support
  Network routing!

 

 Bottom   Previous Topic   Next Topic
  •  Rate Thread
      Rate this Thread
      Excellent
      Good
      Average
      Bad
      Terrible
Poster Thread
  •  rot3r
      rot3r
Network routing!
#1
Newbie
Joined: 2012/3/26
From Tehran - i.r.iran
Posts: 2
Hello everyone...
I setup our virtualization based on KVM and official RHEL 6 documentation but in networking i set every thing i made a bridged but when i add BRIDGE to my eth0 interface my server access goes away...
after research found that in hetzner datacenter that my server located packet routed based on MAC address so bridge are useless after more research i found a webpage that solve the problem but the instruction is based on debian/gentoo distrubation and i don't know how to do it in our centos 6.2 i paste the guide here ....I'm really thankful everyone that can help me....
Hetzner EQ Server + KVM and subnet
Quote:
Hetzner EQ Server + KVM and subnet Posted by mark on 2011-01-25, 02:01 under technology related Last week I have rented an EQ series server from Hetzner’s with four IPs and an additional subnet. After having installed Gentoo on that host I have wanted to assign all these IP addresses to XEN/KVM virtual servers (henceforth called “guests”). Unfortunately most tutorials on the net suggest to dedicate one as bridge gateway address. Yet I even want to not spare a single one, and came up with this: You can set up a bridge by the means of net-misc/bridge-utils without adding an interface to it. Connect your guests to that bridge. On the host, enable IP forwarding and have requests to any guest IP forwarded to that bridge. On the guests, set the host’s IP as gateway address. Without (4) no packets from the LAN, constituted by the bridge, can find their way to the Internet and by (3) vice versa. Provided following IPs (which you should change to yours): main and thus host’s IP 188.40.1.17 three additional IPs 188.40.1.43 188.40.1.44 188.40.1.51 additional subnet 178.40.1.40/27 You will have to do: On the host, install packages: view sourceprint? 1.emerge -n net-misc/bridge-utils sys-apps/iproute2 On the host, edit /etc/conf.d/net so it reads: view sourceprint? 01.modules=( "iproute2") 02. 03.# IP with mask, and gateway - as assigned by Hetzner's DHCP 04.config_eth0=( "188.40.1.17/26") 05.routes_eth0=( "default via 188.40.1.1") 06. 07.# Hetzner nameserver; could be your DNS resolver 08.dns_servers_eth0=( 09."213.133.98.98" 10."213.133.99.99" 11."213.133.100.100" 12.) 13. 14.brctl_br0=( "setfd 0" "sethello 2" "stp off") 15.config_br0=("188.40.1.17/32") 16.depend_br0() { 17.need net.eth0 18.} 19. 20.postup() { 21.if [ "${IFACE}" = "br0" ]; then 22.# repeat that line for every IP but host's IP 23.route add 188.40.1.43 br0 24.fi 25.} On the host, enable IP forwarding: view sourceprint? 1.# add "net.ipv4.ip_forward = 1" to /etc/sysctl.conf 2.sysctl -w net.ipv4.ip_forward=1 You will have to restrict forwarding to your own IPs by iptables. (See Sven Lauritzen’s blogpost for an example.) On the host, have the bridge started automatically: view sourceprint? 1.cd /etc/init.d 2.ln -s net.lo net.br0 3.rc-update add net.br0 default You could start br0 right away if you want. On every guest /etc/conf.d/net should look like: view sourceprint? 1.modules=( "iproute2" ) 2.config_eth0=( "188.40.1.43/32 peer 188.40.1.17") 3.routes_eth0=( "default via 188.40.1.17") 4.dns_servers_eth0=( 5."213.133.98.98" 6."213.133.99.99" 7."213.133.100.100" 8.) … where the first in eth0 is the guest’s IP and the other as well as the in routes_eth0 host’s. With the “peer” thing the host is reachable by that guest without having to be in the same subnet. By that you won’t waste a single IP address.
[Moderator edit: Changed code to quote tags to wrap long lines.]
Posted on: 2012/3/26 22:02
Create PDF from Post Print
Top
  •  pschaff
      pschaff
Re: Network routing!
#2
Moderator
Joined: 2006/12/13
From Tidewater, Virginia, North America
Posts: 18773
Welcome to the CentOS fora. Please see the recommended reading for new users linked in my signature, particularly the part about formatting your posts, and not using broken code and quote widgets. Also, there is no need to post what you have already linked.

Please provide more information about your system by running "./getinfo.sh network" and showing us the output file.
_________________
Phil

Recommended reading: FAQ & Readme first ; Search hint: google "your topic site:centos.org"; Smart Questions
Posted on: 2012/3/26 23:28
Create PDF from Post Print
Top
  •  rot3r
      rot3r
Re: Network routing!
#3
Newbie
Joined: 2012/3/26
From Tehran - i.r.iran
Posts: 2
OK!i got it..
here are my result

Information for network problems.

== BEGIN uname -rmi ==
2.6.32-71.29.1.el6.x86_64 x86_64 x86_64
== END   uname -rmi ==

== BEGIN rpm -qa \*-release\* ==
epel-release-6-5.noarch
centos-release-6-2.el6.centos.7.x86_64
== END   rpm -qa \*-release\* ==

== BEGIN cat /etc/redhat-release ==
CentOS release 6.2 (Final)
== END   cat /etc/redhat-release ==

== BEGIN getenforce ==
Disabled
== END   getenforce ==

== BEGIN free -m ==
             total       used       free     shared    buffers     cached
Mem:         24153       7222      16930          0        277       5816
-/+ buffers/cache:       1128      23024
Swap:         2046          0       2046
== END   free -m ==

== BEGIN lspci -nn ==
00:00.0 Host bridge [0600]: Intel Corporation 5520/5500/X58 I/O Hub to ESI Port [8086:3405] (rev 13)
00:01.0 PCI bridge [0604]: Intel Corporation 5520/5500/X58 I/O Hub PCI Express Root Port 1 [8086:3408] (rev 13)
00:03.0 PCI bridge [0604]: Intel Corporation 5520/5500/X58 I/O Hub PCI Express Root Port 3 [8086:340a] (rev 13)
00:07.0 PCI bridge [0604]: Intel Corporation 5520/5500/X58 I/O Hub PCI Express Root Port 7 [8086:340e] (rev 13)
00:14.0 PIC [0800]: Intel Corporation 5520/5500/X58 I/O Hub System Management Registers [8086:342e] (rev 13)
00:14.1 PIC [0800]: Intel Corporation 5520/5500/X58 I/O Hub GPIO and Scratch Pad Registers [8086:3422] (rev 13)
00:14.2 PIC [0800]: Intel Corporation 5520/5500/X58 I/O Hub Control Status and RAS Registers [8086:3423] (rev 13)
00:14.3 PIC [0800]: Intel Corporation 5520/5500/X58 I/O Hub Throttle Registers [8086:3438] (rev 13)
00:1a.0 USB controller [0c03]: Intel Corporation 82801JI (ICH10 Family) USB UHCI Controller #4 [8086:3a37]
00:1a.1 USB controller [0c03]: Intel Corporation 82801JI (ICH10 Family) USB UHCI Controller #5 [8086:3a38]
00:1a.2 USB controller [0c03]: Intel Corporation 82801JI (ICH10 Family) USB UHCI Controller #6 [8086:3a39]
00:1a.7 USB controller [0c03]: Intel Corporation 82801JI (ICH10 Family) USB2 EHCI Controller #2 [8086:3a3c]
00:1c.0 PCI bridge [0604]: Intel Corporation 82801JI (ICH10 Family) PCI Express Root Port 1 [8086:3a40]
00:1c.4 PCI bridge [0604]: Intel Corporation 82801JI (ICH10 Family) PCI Express Root Port 5 [8086:3a48]
00:1d.0 USB controller [0c03]: Intel Corporation 82801JI (ICH10 Family) USB UHCI Controller #1 [8086:3a34]
00:1d.1 USB controller [0c03]: Intel Corporation 82801JI (ICH10 Family) USB UHCI Controller #2 [8086:3a35]
00:1d.2 USB controller [0c03]: Intel Corporation 82801JI (ICH10 Family) USB UHCI Controller #3 [8086:3a36]
00:1d.7 USB controller [0c03]: Intel Corporation 82801JI (ICH10 Family) USB2 EHCI Controller #1 [8086:3a3a]
00:1e.0 PCI bridge [0604]: Intel Corporation 82801 PCI Bridge [8086:244e] (rev 90)
00:1f.0 ISA bridge [0601]: Intel Corporation 82801JIR (ICH10R) LPC Interface Controller [8086:3a16]
00:1f.2 SATA controller [0106]: Intel Corporation 82801JI (ICH10 Family) SATA AHCI Controller [8086:3a22]
00:1f.3 SMBus [0c05]: Intel Corporation 82801JI (ICH10 Family) SMBus Controller [8086:3a30]
02:00.0 VGA compatible controller [0300]: nVidia Corporation G98 [GeForce 8400 GS] [10de:06e4] (rev a1)
06:00.0 Ethernet controller [0200]: Realtek Semiconductor Co., Ltd. RTL8111/8168B PCI Express Gigabit Ethernet controller [10ec:8168] (rev 02)
ff:00.0 Host bridge [0600]: Intel Corporation Xeon 5500/Core i7 QuickPath Architecture Generic Non-Core Registers [8086:2c41] (rev 04)
ff:00.1 Host bridge [0600]: Intel Corporation Xeon 5500/Core i7 QuickPath Architecture System Address Decoder [8086:2c01] (rev 04)
ff:02.0 Host bridge [0600]: Intel Corporation Xeon 5500/Core i7 QPI Link 0 [8086:2c10] (rev 04)
ff:02.1 Host bridge [0600]: Intel Corporation Xeon 5500/Core i7 QPI Physical 0 [8086:2c11] (rev 04)
ff:03.0 Host bridge [0600]: Intel Corporation Xeon 5500/Core i7 Integrated Memory Controller [8086:2c18] (rev 04)
ff:03.1 Host bridge [0600]: Intel Corporation Xeon 5500/Core i7 Integrated Memory Controller Target Address Decoder [8086:2c19] (rev 04)
ff:03.4 Host bridge [0600]: Intel Corporation Xeon 5500/Core i7 Integrated Memory Controller Test Registers [8086:2c1c] (rev 04)
ff:03.1 Host bridge [0600]: Intel Corporation Xeon 5500/Core i7 Integrated Memory Controller Target Address Decoder [8086:2c19] (rev 04)
ff:03.4 Host bridge [0600]: Intel Corporation Xeon 5500/Core i7 Integrated Memory Controller Test Registers [8086:2c1c] (rev 04)
ff:04.0 Host bridge [0600]: Intel Corporation Xeon 5500/Core i7 Integrated Memory Controller Channel 0 Control Registers [8086:2c20] (rev 04)
ff:04.1 Host bridge [0600]: Intel Corporation Xeon 5500/Core i7 Integrated Memory Controller Channel 0 Address Registers [8086:2c21] (rev 04)
ff:04.2 Host bridge [0600]: Intel Corporation Xeon 5500/Core i7 Integrated Memory Controller Channel 0 Rank Registers [8086:2c22] (rev 04)
ff:04.3 Host bridge [0600]: Intel Corporation Xeon 5500/Core i7 Integrated Memory Controller Channel 0 Thermal Control Registers [8086:2c23] (rev 04)
ff:05.0 Host bridge [0600]: Intel Corporation Xeon 5500/Core i7 Integrated Memory Controller Channel 1 Control Registers [8086:2c28] (rev 04)
ff:05.1 Host bridge [0600]: Intel Corporation Xeon 5500/Core i7 Integrated Memory Controller Channel 1 Address Registers [8086:2c29] (rev 04)
ff:05.2 Host bridge [0600]: Intel Corporation Xeon 5500/Core i7 Integrated Memory Controller Channel 1 Rank Registers [8086:2c2a] (rev 04)
ff:05.3 Host bridge [0600]: Intel Corporation Xeon 5500/Core i7 Integrated Memory Controller Channel 1 Thermal Control Registers [8086:2c2b] (rev 04)
ff:06.0 Host bridge [0600]: Intel Corporation Xeon 5500/Core i7 Integrated Memory Controller Channel 2 Control Registers [8086:2c30] (rev 04)
ff:06.1 Host bridge [0600]: Intel Corporation Xeon 5500/Core i7 Integrated Memory Controller Channel 2 Address Registers [8086:2c31] (rev 04)
ff:06.2 Host bridge [0600]: Intel Corporation Xeon 5500/Core i7 Integrated Memory Controller Channel 2 Rank Registers [8086:2c32] (rev 04)
ff:06.3 Host bridge [0600]: Intel Corporation Xeon 5500/Core i7 Integrated Memory Controller Channel 2 Thermal Control Registers [8086:2c33] (rev 04)
== END   lspci -nn ==

== BEGIN lsusb ==
./getinfo.sh: line 86: lsusb: command not found
== END   lsusb ==

== BEGIN rpm -qa kmod\* kmdl\* ==
== END   rpm -qa kmod\* kmdl\* ==

== BEGIN ifconfig -a ==
br0       Link encap:Ethernet  HWaddr 16:BD:43:A9:86:DC
          inet addr:188.40.134.199  Bcast:188.40.134.255  Mask:255.255.255.255
          inet6 addr: fe80::14bd:43ff:fea9:86dc/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:13 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:0 (0.0 b)  TX bytes:830 (830.0 b)

eth0      Link encap:Ethernet  HWaddr 40:61:86:2B:8B:D2
          inet addr:188.40.134.199  Bcast:188.40.134.255  Mask:255.255.255.255
          inet6 addr: fe80::4261:86ff:fe2b:8bd2/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:1349799 errors:0 dropped:0 overruns:0 frame:0
          TX packets:2044006 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:95342255 (90.9 MiB)  TX bytes:2969691023 (2.7 GiB)
          Interrupt:30 Base address:0xe000

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:157344 errors:0 dropped:0 overruns:0 frame:0
          TX packets:157344 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:23890463 (22.7 MiB)  TX bytes:23890463 (22.7 MiB)

virbr0    Link encap:Ethernet  HWaddr 52:54:00:F7:3E:8A
          inet addr:192.168.122.1  Bcast:192.168.122.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)

virbr0-nic Link encap:Ethernet  HWaddr 52:54:00:F7:3E:8A
          BROADCAST MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:500
          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)

== END   ifconfig -a ==

== BEGIN brctl show ==
bridge name     bridge id               STP enabled     interfaces
br0             8000.000000000000       no
virbr0          8000.525400f73e8a       yes             virbr0-nic
== END   brctl show ==

== BEGIN route -n ==
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
188.40.134.193  0.0.0.0         255.255.255.255 UH    0      0        0 eth0
188.40.134.193  0.0.0.0         255.255.255.255 UH    0      0        0 br0
192.168.122.0   0.0.0.0         255.255.255.0   U     0      0        0 virbr0
169.254.0.0     0.0.0.0         255.255.0.0     U     1002   0        0 eth0
169.254.0.0     0.0.0.0         255.255.0.0     U     1003   0        0 br0
0.0.0.0         188.40.134.193  0.0.0.0         UG    0      0        0 eth0
== END   route -n ==

== BEGIN cat /etc/resolv.conf ==
### Hetzner Online AG installimage
# nameserver config
nameserver 213.133.99.99
nameserver 213.133.100.100
nameserver 213.133.98.98
== END   cat /etc/resolv.conf ==

== BEGIN grep net /etc/nsswitch.conf ==
#networks:   nisplus [NOTFOUND=return] files
#netmasks:   nisplus [NOTFOUND=return] files
netmasks:   files
networks:   files
netgroup:   nisplus
== END   grep net /etc/nsswitch.conf ==

== BEGIN chkconfig --list | grep -Ei 'network|wpa' ==
network         0:off   1:off   2:on    3:on    4:on    5:on    6:off
== END   chkconfig --list | grep -Ei 'network|wpa' ==


as a web designer:it's best practice to put hover tooltip for your button in your editor....
Posted on: 2012/3/28 9:41
Create PDF from Post Print
Top
  •  pschaff
      pschaff
Re: Network routing!
#4
Moderator
Joined: 2006/12/13
From Tidewater, Virginia, North America
Posts: 18773
Quote:

rot3r wrote:
...
== BEGIN uname -rmi ==
2.6.32-71.29.1.el6.x86_64 x86_64 x86_64
== END uname -rmi ==

Somewhat OT: Thats a very old CentOS-6.0 series kernel. Apparently you either have not updated everything, or are still running an obsolete kernel. A "yum update" and reboot are recommended.

Quote:

...

== BEGIN route -n ==
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
188.40.134.193 0.0.0.0 255.255.255.255 UH 0 0 0 eth0
188.40.134.193 0.0.0.0 255.255.255.255 UH 0 0 0 br0
192.168.122.0 0.0.0.0 255.255.255.0 U 0 0 0 virbr0
169.254.0.0 0.0.0.0 255.255.0.0 U 1002 0 0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 1003 0 0 br0
0.0.0.0 188.40.134.193 0.0.0.0 UG 0 0 0 eth0
== END route -n ==

I am admittedly out of my depth here as I don't use KVM or bridges, but I believe that the IP address should be assigned to br0 and not to eth0. Hopefully someone with more knowledge in this domain can comment. Some of the upstream docs and information may be helpful.

Quote:

...
as a web designer:it's best practice to put hover tooltip for your button in your editor....

OT: If that's in reference to the CentOS web site - there are lots of things that fall short of best practices and modern infrastructure. Hopefully one day we'll get get Website Ver2 AKA "Website 2.0", but we've been waiting for years already.
_________________
Phil

Recommended reading: FAQ & Readme first ; Search hint: google "your topic site:centos.org"; Smart Questions
Posted on: 2012/3/28 18:32
Create PDF from Post Print
Top
  •  jlehtone
      jlehtone
Re: Network routing!
#5
Professional Board Member
Joined: 2007/12/11
From Finland
Posts: 1329
Quote:
pschaff wrote:
I am admittedly out of my depth here as I don't use KVM or bridges, but I believe that the IP address should be assigned to br0 and not to eth0. Hopefully someone with more knowledge in this domain can comment.

That is correct. eth0 is a member of the br0 and does not need any address. Let br0 and only br0 have that public address.

There actually isn't "bridged network". The eth0-br0 is an interface just to outside. The virbr0 is more like a virtual LAN that presumably connect the guest and host. Name "virbr0" looks like it is the "default" network created by libvirt.

If libvirt is used, the guest configuration can be used to bind the NIC of the guest directly to the br0. Then there would be a bridged network, but then the guest would need a public IP.

Title of the thread is routing, so lets route. Remove the br0 entirely and let the eth0 to keep the address. I presume that the guest gets IP in 192.168.122.0/24 from "DHCP", and its gateway is 192.168.122.1. (Have to presume, for only host-side info has been shown so far.) The "DHCP" is actually dnsmasq process spawned by libvirtd. Therefore, the guest should be able to connect to the host (192.168.122.1) and vice versa. dnsmasq will do NAT too. I'm quite sure the libvirt offers the configuration options for this, even in the "virt-manager" tool.

I did last week install a guest into a Fedora host, and I didn't activate routing nor tamper iptables myself. The virt-manager & libvirt did. The host routes and SNAT's packets that originate from the 192.168.122.0/24 and go out from eth0. It just works.


Summary:
1. Remove the br0.
2. Fire up 'virt-manager'
2a. Set the "default network" to NAT mode (or whatever it is called).
2b. Change type of the NIC of the guest (or remove&add).
Posted on: 2012/3/28 20:41
Create PDF from Post Print
Top
 Top   Previous Topic   Next Topic

 

 You cannot start a new topic.
 You can view topic.
 You cannot reply to posts.
 You cannot edit your posts.
 You cannot delete your posts.
 You cannot add new polls.
 You cannot vote in polls.
 You cannot attach files to posts.
 You cannot post without approval.




"Linux" is a registered trademark of Linus Torvalds. | All other trademarks are property of their respective owners. | All other content is Copyright @ 2004-2009 by the CentOS Project or "each individual contributor (forums, comments, etc.) unless otherwise assigned".| Theme based on a theme by 7dana.com