OVH Community, your new community space.

Vmware Host-Only + Debian Lenny Need Some Help


IainK
26-11-2009, 10:21
I got this sorted out with @dima1236 much earlier this morning.

Very similar config to @derchris's right there but I prefer not to use the host box as a gateway. Instead this is the network config we used on the guest.

Code:
auto eth0 
iface eth0 inet static 
    address 94.250.120.11 
    netmask 255.255.255.255
    gateway 94.250.120.11
Why, you may ask? Well using the gateway in this way works when you do not have access to a bash session to run /sbin/route, e.g. during an install of an OS. It also works in all distro's and Windows.

Added the following code to /etc/sysctl.conf:

Code:
net.ipv4.conf.all.rp_filter=1 
net.ipv4.icmp_echo_ignore_broadcasts=1 
net.ipv4.ip_forward=1 
net.ipv4.conf.default.proxy_arp=1
And lastly added the Failover IPs to /etc/vmware/routes.conf, one per line, then rebooted the host.
derchris
26-11-2009, 02:48
Ok, it is working the same way.
You need to make network changes to both, the host and the guest.
This has only been tested on Debian.
First the host:

Edit /etc/network/interfaces

PHP Code:
auto eth0
        iface eth0 inet static
        address HOST.IP
        netmask 255.255.255.255
        gateway x.x.x.254
        pointopoint x.x.x.254 
Add ip forward/arp to /etc/sysctl.conf

PHP Code:
net.ipv4.conf.all.rp_filter=1
net.ipv4.icmp_echo_ignore_broadcasts=1
net.ipv4.ip_forward=1
net.ipv4.conf.default.proxy_arp=1
net.ipv6.conf.all.forwarding=
Make changes to network and restart it

PHP Code:
sysctl -p
/etc/init.d/networking restart 

Now the guest:

Edit /etc/network/interfaces
PHP Code:
auto eth0
iface eth0 inet static
 address FAILOVER.IP
 gateway HOST.IP
 netmask 255.255.255.255
 pointopoint HOST.IP 
Then restart networking

PHP Code:
/etc/init.d/networking restart 
Final step is to add the route to the Host-only vmnet interface.
In my test it was vmnet1.
This needs to be done on the host again.

PHP Code:
ip route add FAILOVER.IP dev vmnet1 src HOST.IP 
Now you should be able to ping the VM, and access other hosts from the VM.
everwicked
25-11-2009, 22:27
The only complete setup that I've done with a VM on a real server is as a DMZ host. This is slightly different to what you want but you should be able adjust my iptables script to your needs. In case you haven't heard of it before (I only found out it's called DMZ when I started looking how to do it), a DMZ host is where you make a host within a LAN (in your case the VM) to appear like it's the actual box on that IP.

Here's the script:

Code:
This will work with the default VBox config – the host-only networking is on 192.168.56.x.
I’ve allowed ssh (22), VNC (5901) and VRDP (3000 – my setting) to go directly to the host. Adjust accordingly.

#!/bin/bash

HOST_IFACE=eth0
GUEST_IP=192.168.56.200
GUEST_IFACE=vboxnet0

# clear all tables
iptables -P INPUT ACCEPT
iptables -F INPUT
iptables -P OUTPUT ACCEPT
iptables -F OUTPUT
iptables -P FORWARD DROP
iptables -F FORWARD
iptables -t nat -F

# Keep following ports to host
iptables -t nat -A PREROUTING -i $HOST_IFACE -p tcp -m multiport –dports 22,5901,3000 -j ACCEPT

# The rest, route to the guest
iptables -t nat -A PREROUTING -i $HOST_IFACE -j DNAT –to-destination $GUEST_IP

# Forward all packets from already established connections
iptables -A FORWARD -m state –state ESTABLISHED,RELATED -j ACCEPT

# Allow forwarding new connections from host to guest
iptables -A FORWARD -i $HOST_IFACE -o $GUEST_IFACE -d $GUEST_IP -m state –state NEW -j ACCEPT
# Allow forwarding new connections from guest to host
iptables -A FORWARD -i $GUEST_IFACE -o $HOST_IFACE -s $GUEST_IP -m state –state NEW -j ACCEPT

# setup masquerading
iptables -t nat -A POSTROUTING -o $HOST_IFACE -j MASQUERADE
If you get stuck, you can e-mail me... everwicked (at) yahoo (dot) gr
derchris
25-11-2009, 22:24
I haven't done it with VMware, but with Xen.
Will test it shortly if it will work the same way, and then post back.
dima1236
25-11-2009, 21:49
i have tried your solution and can't get it to work properly (but prolly because i didn't do it right) ,
with OVH help on vmware it doesn't seem to work either

Quote Originally Posted by everwicked
Yes dima, we already covered that and I offered a different solution.
everwicked
25-11-2009, 18:22
Yes dima, we already covered that and I offered a different solution.
dima1236
25-11-2009, 16:11
And the second you click "Apply" your server will go offline ,
OVH is using sort of MAC Filtering in order to not use VLAN for each customer (Too much ips for nothing) , because else you could use unused ip's freely and do whatever you want.

Quote Originally Posted by everwicked
It should be a case of setting the VM to bridged networking and assigning the IP on your VM to the failover IP.
dima1236
25-11-2009, 16:09
I have added you on my msn which is dima1236@mail.ru,

Thanks.

Quote Originally Posted by IainK
@dima1236: do you have a MSN messenger login? or AIM? If you do add me, my email on both is iainkay [at] me [dot] com
everwicked
25-11-2009, 13:25
Quote Originally Posted by Myatu
That's what "Host Only" and "NAT" networking does, yes.
Correct if I'm wrong but NAT would only allow outwards connections (from guest to the Internet) while host-only networking would only provide connectivity to the host.

So he would need host-only + iptables to route traffic from the failover IP to the guest and back.
Myatu
25-11-2009, 13:20
That's what "Host Only" and "NAT" networking does, yes.
everwicked
25-11-2009, 12:59
Well in that case, he could just assign the failover IP as a secondary IP on eth0:1 on the host and route all traffic to the VM local IP with iptables.
derchris
25-11-2009, 12:55
Because that is a known fact to all OVH users.
The server will be blocked on the switch level as it will only aloow one MAC.
Myatu
25-11-2009, 12:54
OVH currently does not allow multiple MAC addresses emanating from a single server. It considers this a security issue (ie, spoofing a MAC address to gain access to someone else's server) and will lock your server out from the network until resolved.

Bridging requires virtual network adapters that have their own MAC address, which will be transmitted to the network. And so, OVH will notice more than one MAC address and you will loose your connection. For this reason, you should use "Host Only" or "NAT / Proxy ARP" networking.

That's why.
everwicked
25-11-2009, 12:44
Actually, I have. But I didn't like it much so I used VirtualBox in the end.

I wasn't aware that we had free IPs included so I set it up as a DMZ host.

You never said *why* it doesn't work though.
derchris
25-11-2009, 12:15
Quote Originally Posted by everwicked
It should be a case of setting the VM to bridged networking and assigning the IP on your VM to the failover IP.
I can see you never played with VM on the OVH network.
Bridge mode is not (yet) working, and you need to setup Host-only networking.
everwicked
25-11-2009, 12:09
It should be a case of setting the VM to bridged networking and assigning the IP on your VM to the failover IP.
IainK
25-11-2009, 02:19
@dima1236: do you have a MSN messenger login? or AIM? If you do add me, my email on both is xxxxxxx [at] xx [dot] xxx
dima1236
25-11-2009, 02:14
Hello Guys,
I have installed a clean non OVH debian lenny on my SP mini box,
i have also installed Vmware Server 2.0 and everything is great until the point where i want to add my Failover IP to the GUEST on the vmware,
i have looked online and tried OVH guide but all result with no luck and tons of OS reinstalls,

can anybody point me to very detailed 100% working guide ? or is willing to help me and ill pay him ?

thanks in advance.