Policy based routing on bridge for guest traffic
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty{ height:90px;width:728px;box-sizing:border-box;
}
+-----------------------------+
| +---------+ | +-------------+
| | VM(eth0)|---vnic0---br0 | | Machine B +------- external
| +---------+ |-------------- | |
| Mothership | +-------------+
+-----------------------------+
Machine A
As described in the diagram, I have two machines A and B. In machine-A, Hypervisor is running. There is one VM created in the Machine-A.
I want to setup machine-B as a proxy to redirect the non-private IP traffic from machine-A to external world and send the response back. The setup is as follows
Machine A
echo 300 Tunnel >> /etc/iproute2/rt_tables
ip rule add pref 32000 to 74.125.0.0/16 lookup Tunnel
ip tunnel add tunnel1 mode ipip local machine-A remote machine-B
ip link set tunnel1 up
ip addr add A.B.C.D/22 dev tunnel1
ip route add default dev tunnel1 table Tunnel
sysctl -w net.ipv4.conf.eth0.rp_filter=0
sysctl -w net.ipv4.conf.vnic0.rp_filter=0
sysctl -w net.ipv4.conf.br0.rp_filter=0
sysctl -w net.ipv4.conf.tunnel1.rp_filter=0
sysctl -w net.ipv4.ip_forward=1
Machine B
ip tunnel add tunnel1 mode ipip local machine-B remote machine-A
ip link set tunnel1 up
ip addr add X.Y.Z.W/22 dev tunnel1
sysctl -w net.ipv4.conf.tunnel1.rp_filter=0
sysctl -w net.ipv4.ip_forward=1
If I ping 74.125.200.100 from machine-A(host), then the traffic is going through the tunnel and receiving at the machine-B. But If I ping 74.125.200.100 from VM, the traffic is coming to br0 and not honoring policy-based routing and traffic is not getting redirected to the tunnel.
The questions are
Why is policy-baed routing not honored if the traffic originating from VM?
How to accomplish to redirect the VM traffic to Machine-B via tunnel?
networking vpn proxy routing tunnel
asked Mar 6 at 13:02
Santhosh TanguduSanthosh Tangudu
1012
add a comment |
+-----------------------------+
| +---------+ | +-------------+
| | VM(eth0)|---vnic0---br0 | | Machine B +------- external
| +---------+ |-------------- | |
| Mothership | +-------------+
+-----------------------------+
Machine A
As described in the diagram, I have two machines A and B. In machine-A, Hypervisor is running. There is one VM created in the Machine-A.
I want to setup machine-B as a proxy to redirect the non-private IP traffic from machine-A to external world and send the response back. The setup is as follows
Machine A
echo 300 Tunnel >> /etc/iproute2/rt_tables
ip rule add pref 32000 to 74.125.0.0/16 lookup Tunnel
ip tunnel add tunnel1 mode ipip local machine-A remote machine-B
ip link set tunnel1 up
ip addr add A.B.C.D/22 dev tunnel1
ip route add default dev tunnel1 table Tunnel
sysctl -w net.ipv4.conf.eth0.rp_filter=0
sysctl -w net.ipv4.conf.vnic0.rp_filter=0
sysctl -w net.ipv4.conf.br0.rp_filter=0
sysctl -w net.ipv4.conf.tunnel1.rp_filter=0
sysctl -w net.ipv4.ip_forward=1
Machine B
ip tunnel add tunnel1 mode ipip local machine-B remote machine-A
ip link set tunnel1 up
ip addr add X.Y.Z.W/22 dev tunnel1
sysctl -w net.ipv4.conf.tunnel1.rp_filter=0
sysctl -w net.ipv4.ip_forward=1
If I ping 74.125.200.100 from machine-A(host), then the traffic is going through the tunnel and receiving at the machine-B. But If I ping 74.125.200.100 from VM, the traffic is coming to br0 and not honoring policy-based routing and traffic is not getting redirected to the tunnel.
The questions are
Why is policy-baed routing not honored if the traffic originating from VM?
How to accomplish to redirect the VM traffic to Machine-B via tunnel?
networking vpn proxy routing tunnel
asked Mar 6 at 13:02
Santhosh TanguduSanthosh Tangudu
1012
add a comment |
+-----------------------------+
| +---------+ | +-------------+
| | VM(eth0)|---vnic0---br0 | | Machine B +------- external
| +---------+ |-------------- | |
| Mothership | +-------------+
+-----------------------------+
Machine A
As described in the diagram, I have two machines A and B. In machine-A, Hypervisor is running. There is one VM created in the Machine-A.
I want to setup machine-B as a proxy to redirect the non-private IP traffic from machine-A to external world and send the response back. The setup is as follows
Machine A
echo 300 Tunnel >> /etc/iproute2/rt_tables
ip rule add pref 32000 to 74.125.0.0/16 lookup Tunnel
ip tunnel add tunnel1 mode ipip local machine-A remote machine-B
ip link set tunnel1 up
ip addr add A.B.C.D/22 dev tunnel1
ip route add default dev tunnel1 table Tunnel
sysctl -w net.ipv4.conf.eth0.rp_filter=0
sysctl -w net.ipv4.conf.vnic0.rp_filter=0
sysctl -w net.ipv4.conf.br0.rp_filter=0
sysctl -w net.ipv4.conf.tunnel1.rp_filter=0
sysctl -w net.ipv4.ip_forward=1
Machine B
ip tunnel add tunnel1 mode ipip local machine-B remote machine-A
ip link set tunnel1 up
ip addr add X.Y.Z.W/22 dev tunnel1
sysctl -w net.ipv4.conf.tunnel1.rp_filter=0
sysctl -w net.ipv4.ip_forward=1
If I ping 74.125.200.100 from machine-A(host), then the traffic is going through the tunnel and receiving at the machine-B. But If I ping 74.125.200.100 from VM, the traffic is coming to br0 and not honoring policy-based routing and traffic is not getting redirected to the tunnel.
The questions are
Why is policy-baed routing not honored if the traffic originating from VM?
How to accomplish to redirect the VM traffic to Machine-B via tunnel?
networking vpn proxy routing tunnel
asked Mar 6 at 13:02
Santhosh TanguduSanthosh Tangudu
1012
+-----------------------------+
| +---------+ | +-------------+
| | VM(eth0)|---vnic0---br0 | | Machine B +------- external
| +---------+ |-------------- | |
| Mothership | +-------------+
+-----------------------------+
Machine A
As described in the diagram, I have two machines A and B. In machine-A, Hypervisor is running. There is one VM created in the Machine-A.
I want to setup machine-B as a proxy to redirect the non-private IP traffic from machine-A to external world and send the response back. The setup is as follows
Machine A
echo 300 Tunnel >> /etc/iproute2/rt_tables
ip rule add pref 32000 to 74.125.0.0/16 lookup Tunnel
ip tunnel add tunnel1 mode ipip local machine-A remote machine-B
ip link set tunnel1 up
ip addr add A.B.C.D/22 dev tunnel1
ip route add default dev tunnel1 table Tunnel
sysctl -w net.ipv4.conf.eth0.rp_filter=0
sysctl -w net.ipv4.conf.vnic0.rp_filter=0
sysctl -w net.ipv4.conf.br0.rp_filter=0
sysctl -w net.ipv4.conf.tunnel1.rp_filter=0
sysctl -w net.ipv4.ip_forward=1
Machine B
ip tunnel add tunnel1 mode ipip local machine-B remote machine-A
ip link set tunnel1 up
ip addr add X.Y.Z.W/22 dev tunnel1
sysctl -w net.ipv4.conf.tunnel1.rp_filter=0
sysctl -w net.ipv4.ip_forward=1
If I ping 74.125.200.100 from machine-A(host), then the traffic is going through the tunnel and receiving at the machine-B. But If I ping 74.125.200.100 from VM, the traffic is coming to br0 and not honoring policy-based routing and traffic is not getting redirected to the tunnel.
The questions are
Why is policy-baed routing not honored if the traffic originating from VM?
How to accomplish to redirect the VM traffic to Machine-B via tunnel?
networking vpn proxy routing tunnel
networking vpn proxy routing tunnel
asked Mar 6 at 13:02
Santhosh TanguduSanthosh Tangudu
1012
asked Mar 6 at 13:02
Santhosh TanguduSanthosh Tangudu
1012
edited Mar 7 at 11:01
Santhosh Tangudu
asked Mar 6 at 13:02
Santhosh TanguduSanthosh Tangudu
1012
asked Mar 6 at 13:02
Santhosh TanguduSanthosh Tangudu
1012
asked Mar 6 at 13:02
Santhosh TanguduSanthosh Tangudu
1012
1012
add a comment |
add a comment |
0
active
oldest
votes
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "3"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1411793%2fpolicy-based-routing-on-bridge-for-guest-traffic%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
0
active
oldest
votes
0
active
oldest
votes
active
oldest
votes
active
oldest
votes
Thanks for contributing an answer to Super User!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1411793%2fpolicy-based-routing-on-bridge-for-guest-traffic%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
