I'm setting up 2 internal networks for use by my VPS guests.
The vlan's are configured on vm-host running oVirt 3.5 on Centos 6.6, and on the firewall pfSense.
What I want to achieve is to use pfSense as the only firewall, controlling traffic to and between all internal networks. iptables is off on all servers.
I have tried several configurations, but there is no connectin between vm-host or guests and firewall.
vm-host has ip-forward enabled, default gw is interface "ovirtmgmt". vm-host can not reach firewalls vlan ip's.
Firewall can't reach vm-host on any vlan-ip.
Connection between guests and host is ok, guests can not reach each other.
The second nic on vm-host, which holds the vlan-s, is not, and cannot be, assigned an ip. The oVirt system removes any direct or bridged ip configuration on this physical interface.
Pinging from vm-host to it's own vlan interfaces works, not to firewalls:
Code:
[root@virt1 ~]# ping 192.168.20.2
PING 192.168.20.2 (192.168.20.2) 56(84) bytes of data.
64 bytes from 192.168.20.2: icmp_seq=1 ttl=64 time=0.025 ms
64 bytes from 192.168.20.2: icmp_seq=2 ttl=64 time=0.027 ms
[root@virt1 ~]# ping 192.168.20.1
PING 192.168.20.1 (192.168.20.1) 56(84) bytes of data.
^C
--- 192.168.20.1 ping statistics ---
3 packets transmitted, 0 received, 100% packet loss, time 2631ms
Info & config's:
Code:
Vm-host:
INT1 vlan tag=2 192.168.20.2/24
OPT1 vlan tag=3 172.16.30.2/24
ovirtmgmt (bridge on em1) 192.168.19.4/24
p4p1 (second nic, not assigned)
Code:
root@virt1 ~]# ifconfig
INT1 Link encap:Ethernet HWaddr 64:66:B3:05:15:F8
inet addr:192.168.20.2 Bcast:192.168.20.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:532 errors:0 dropped:0 overruns:0 frame:0
TX packets:239 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:45291 (44.2 KiB) TX bytes:20763 (20.2 KiB)
OPT1 Link encap:Ethernet HWaddr 64:66:B3:05:15:F8
inet addr:172.16.30.2 Bcast:172.16.30.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:670 errors:0 dropped:0 overruns:0 frame:0
TX packets:14 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:24621 (24.0 KiB) TX bytes:812 (812.0 b)
em1 Link encap:Ethernet HWaddr D4:AE:52:C5:C1:83
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:34908 errors:0 dropped:0 overruns:0 frame:0
TX packets:43395 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:6526329 (6.2 MiB) TX bytes:11819994 (11.2 MiB)
Interrupt:16
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:224330 errors:0 dropped:0 overruns:0 frame:0
TX packets:224330 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:84212135 (80.3 MiB) TX bytes:84212135 (80.3 MiB)
ovirtmgmt Link encap:Ethernet HWaddr D4:AE:52:C5:C1:83
inet addr:192.168.19.4 Bcast:192.168.19.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:34786 errors:0 dropped:0 overruns:0 frame:0
TX packets:41364 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:5891821 (5.6 MiB) TX bytes:11511252 (10.9 MiB)
p4p1 Link encap:Ethernet HWaddr 64:66:B3:05:15:F8
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:4917 errors:0 dropped:0 overruns:0 frame:0
TX packets:1260 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:308400 (301.1 KiB) TX bytes:72745 (71.0 KiB)
p4p1.2 Link encap:Ethernet HWaddr 64:66:B3:05:15:F8
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:42 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:4340 (4.2 KiB)
p4p1.3 Link encap:Ethernet HWaddr 64:66:B3:05:15:F8
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:670 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:33777 (32.9 KiB)
vnet0 Link encap:Ethernet HWaddr FE:1A:4A:58:EF:01
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:670 errors:0 dropped:0 overruns:0 frame:0
TX packets:10 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:500
RX bytes:34001 (33.2 KiB) TX bytes:644 (644.0 b)
vnet1 Link encap:Ethernet HWaddr FE:1A:4A:58:EF:00
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:532 errors:0 dropped:0 overruns:0 frame:0
TX packets:235 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:500
RX bytes:52739 (51.5 KiB) TX bytes:20595 (20.1 KiB)
Code:
[root@virt1 ~]# ip route
192.168.20.0/24 dev INT1 proto kernel scope link src 192.168.20.2
192.168.19.0/24 dev ovirtmgmt proto kernel scope link src 192.168.19.4
172.16.30.0/24 dev OPT1 proto kernel scope link src 172.16.30.2
169.254.0.0/16 dev p4p1 scope link metric 1003
169.254.0.0/16 dev ovirtmgmt scope link metric 1009
169.254.0.0/16 dev OPT1 scope link metric 1017
169.254.0.0/16 dev INT1 scope link metric 1019
default via 192.168.19.1 dev ovirtmgmt
Code:
pfSense:
INT1 vlan 2 on IF BRIDGE, wired connection to "ovirtmgmt" 192.168.20.2/24
OPT1 vlan 3 on IF OPT1, wired connection to "p4p1" 172.16.30.2/24