0

I have some hard time with routing between two virtual interfaces. Here is the setup.

  • 1 physical interface (eth0 192.168.1.51)
  • 1 alias interface (eth0:1 192.168.10.1)

  • 1 alias interface (eth0:2 192.168.20.1)

  • 1 virtual machine with 1 interface (eth0 192.168.10.2)

  • 1 virtual machine with 1 interface (eth0 192.168.20.2)

All I try to do is to route traffic between 192.168.20.0/24 and 192.168.10.0/24

For this purpose:

  1. on the 1st virtual machine, I add a default route to 192.168.10.1
  2. on the 2nd virtual machine, I add a default route to 192.168.20.1

On the physical machine I add routes (they are automatically added though) to the respective networks.

From virtual machine 1 I am able to ping 192.168.10.1 and 192.168.20.1, but not 192.168.20.2. Same thing from the second virtual machine -- I ping 192.168.10.1 and 20.1, but not 20.2)

The ip forwarding is activated : root@expire:~/.ovpn# sysctl -a | grep forward

net.ipv4.conf.all.forwarding = 1 net.ipv4.conf.all.mc_forwarding = 0 net.ipv4.conf.default.forwarding = 1 net.ipv4.conf.default.mc_forwarding = 0 net.ipv4.conf.docker0.forwarding = 1 net.ipv4.conf.docker0.mc_forwarding = 0 net.ipv4.conf.eth0.forwarding = 1 net.ipv4.conf.eth0.mc_forwarding = 0 net.ipv4.conf.lo.forwarding = 1 net.ipv4.conf.lo.mc_forwarding = 0 net.ipv4.conf.tun0.forwarding = 1 net.ipv4.conf.tun0.mc_forwarding = 0 net.ipv4.conf.wlan0.forwarding = 1 net.ipv4.conf.wlan0.mc_forwarding = 0 net.ipv4.ip_forward = 1

Do anyone has some hints about how to proceed.

Thanks.

PS. I would like not to use iptables

edit: eth0:1 and eth0:2 are alias interfaces and not virtual interfaces. Thanks Tero Kilkanen

Improve this question
5
  • What is the exact guest network configuration in Virtualbox? Commented Aug 24, 2016 at 15:50
  • Each virtual machine has 1 interface up -- eth0 (that is eth0 on the guests, which is not related with the eth0 on the host). The virtual machines are in bridged mode. If I ask for a DHCP lease on the guest I receive it from the same DHCP server that serves the host. The physical machine and the virtual ones are on the same ether. I configure the address of each machine statically so that each machine is on its own subnet. I want to simulate 3 subnets and demonstrate the routing between them (without masquerading) for pedagogical purposes. Does this make things more clear ? Commented Aug 25, 2016 at 3:32
  • You cannot use bridge mode when you want separate subnets, it will not work correctly. The reasons for this are too long to be described here. You want separate L2 networks where you then assign their own IPv4 subnetworks. Commented Aug 25, 2016 at 7:41
  • So I should configure hosts in routed mode ? The goal was not to use iptables. Would I be able to route packets between subnets only with the route or ip commands. Could you point me to a documentation explaining why it's not possible to route between bridged networks ? Thanks. Commented Aug 25, 2016 at 10:45
  • Yes, you need routed mode, and then apply standard IP routing. You don't need iptables. I don't know any quick guide that would explain why bridged mode cannot be used. You need to read how layer 2 and layer 3 interact, and how ARP / IP routing work. A quick rule of thumb is that you cannot have two separate IP networks in the same L2 broadcast domain without problems. Commented Aug 25, 2016 at 10:57

1 Answer 1

Reset to default
0

I don't think one can get this to work like this. eth0:N is not actually a virtual interface, it is an IP alias to a single interface.

A virtual interface is created by the hypervisor when it starts the virtual machine. For example, in one of my servers, Xen creates a virtual interface vif2.0 when starting up the virtual machine.

With your configuration, you have addresses of multiple IP networks on the same physical interface, which does not work.

So, you need to configure your networking so that each VM you have gets its own interface on the host side. You might want that the interface type is routed. Then both Host and Guest VMs get IP addresses in an IPv4 subnet.

After this you can configure normal routing on virtual machines.

Improve this answer
1
  • In fact this is a Virtualbox VM and no virtual interfaces are created on the host. The fact that disturbs me is that from the 192.168.20.2 I can ping the 192.168.10.1, which means that the packets arrive at the second interface of my host machine. The problem is that they are not forwarded to the machines in the subnetwork. In one of my tries I've got an icmp redirect errors, but wasn't able to reproduce it. Any further comments would be welcome Commented Aug 24, 2016 at 15:45

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.