Dear Users,
i am struggling here into a problem using/configuring VLAN connecting Virtual machines.
To access internet i need to NAT all traffic behind 11.11.11.158 from Local network. There are some other ip adresses free to allow DMZ - traffic to VMs. Therefore i want to capsule this type of traffic to a VLAN 2222 which allows VM - Creator to connect VM to addess 11.11.11.148 (or other...) This VLAN transport data between IF1 (VLAN2222) and IF6 only. Could anyone help me with the configuration? Sure - there is a need to control the traffic between VM and ISP and from Local Network to the VM...
Thank you in advance.
My scenario in a picture:
VLAN for HyperV
VLAN for HyperV
- Attachments
-
- scn1.jpg (33.43 KiB) Viewed 7408 times
Re: VLAN for HyperV
Hi.
Not sure i understand the scenario 100%, but can't you just NAT traffic from 11.11.11.148 towards IF6?
I assume you have a route looking something like this:
Route Vlan2222 11.11.11.148 LocalIP=11.11.11.158
Where .158 is the default gateway for the Virtual Linux Machine. The IP rule then looks something like this:
NAT Vlan2222 11.11.11.148 if6 all-nets service=whatever
BR
/Peter
Not sure i understand the scenario 100%, but can't you just NAT traffic from 11.11.11.148 towards IF6?
I assume you have a route looking something like this:
Route Vlan2222 11.11.11.148 LocalIP=11.11.11.158
Where .158 is the default gateway for the Virtual Linux Machine. The IP rule then looks something like this:
NAT Vlan2222 11.11.11.148 if6 all-nets service=whatever
BR
/Peter
Re: VLAN for HyperV
Hello Peter,
the idea was to connect DMZ to internet by switching without NAT. The address .158 is used for internet access of employees from (10.10.10.x network). Remaining adresses of (11.11.11.144/28-network) should be accessible through VLAN2222 from VMachines. I dont want to use NAT or SAT for connecting those machines to Internet or better from Internet. So i need a coupling between IF6 and VLAN2222 for all adresses except .158 and .145 (which is the default gtw.)
Best Regards,
Thilo
the idea was to connect DMZ to internet by switching without NAT. The address .158 is used for internet access of employees from (10.10.10.x network). Remaining adresses of (11.11.11.144/28-network) should be accessible through VLAN2222 from VMachines. I dont want to use NAT or SAT for connecting those machines to Internet or better from Internet. So i need a coupling between IF6 and VLAN2222 for all adresses except .158 and .145 (which is the default gtw.)
Best Regards,
Thilo
Re: VLAN for HyperV
...
it is maybe an easier way to bring the defaut - gateway 11.11.11.145 as PROXY to the VLAN2222 ? But how?
this should not have negative influence of existing NAT-routing between IF1 and IF6.
thanks in advance..
BR
Thilo
it is maybe an easier way to bring the defaut - gateway 11.11.11.145 as PROXY to the VLAN2222 ? But how?
this should not have negative influence of existing NAT-routing between IF1 and IF6.
thanks in advance..
BR
Thilo
Re: VLAN for HyperV
If you want to use 11.11.11.145 as default gateway for machines behind VLAN2222 you only need a route looking something like this:
Route Vlan2222 11.11.11.148 LocalIP=11.11.11.145 ProxyARP=IF6
It is the same principle if you want to assign a public IP directly on a machine behind the Clavister.
LocalIP does two things:
1. Responds to ARP queries towards this IP on VLAN2222.
2. ARP queries from the Clavister (on VLAN2222) towards 11.11.11.148 will use IP 11.11.11.145 as sender.
This way you can use 11.11.11.145 as your default gateway on the 11.11.11.148 machine.
ProxyARP is needed as the Clavister must on IF6 respond to ARP queries from the ISP towards 11.11.11.148, basically we tell the ISP that we own this IP.
For communication between 11.11.11.148 and 10.10.10.xx (and wise versa) would only need a standard allow rule if you don't want to NAT or SAT.
/Peter
Route Vlan2222 11.11.11.148 LocalIP=11.11.11.145 ProxyARP=IF6
It is the same principle if you want to assign a public IP directly on a machine behind the Clavister.
LocalIP does two things:
1. Responds to ARP queries towards this IP on VLAN2222.
2. ARP queries from the Clavister (on VLAN2222) towards 11.11.11.148 will use IP 11.11.11.145 as sender.
This way you can use 11.11.11.145 as your default gateway on the 11.11.11.148 machine.
ProxyARP is needed as the Clavister must on IF6 respond to ARP queries from the ISP towards 11.11.11.148, basically we tell the ISP that we own this IP.
For communication between 11.11.11.148 and 10.10.10.xx (and wise versa) would only need a standard allow rule if you don't want to NAT or SAT.
/Peter
Re: VLAN for HyperV
Dear Peter,
after a master explained this, it looks always easy.
I guess my thinking was too complicated. I thought bringning VM-addresses to IF6 was the right way but route the default-gateway to that VLAN does the trick instead. The meaning of that additional entries of LocalIP and DefaultGateway in routing tables was a miracle to me fromerly.
However - my problem is solved
Thank you.
after a master explained this, it looks always easy.
I guess my thinking was too complicated. I thought bringning VM-addresses to IF6 was the right way but route the default-gateway to that VLAN does the trick instead. The meaning of that additional entries of LocalIP and DefaultGateway in routing tables was a miracle to me fromerly.
However - my problem is solved
Thank you.
Re: VLAN for HyperV
Great, glad you got it working 
/Peter
/Peter