LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 01-27-2015, 05:25 AM   #1
pingu
Senior Member
 
Registered: Jul 2004
Location: Skuttunge SWEDEN
Distribution: Debian preferably
Posts: 1,350

Rep: Reputation: 127Reputation: 127
Problem setting up VLAN between firewall and oVirt host


I'm setting up 2 internal networks for use by my VPS guests.
The vlan's are configured on vm-host running oVirt 3.5 on Centos 6.6, and on the firewall pfSense.
What I want to achieve is to use pfSense as the only firewall, controlling traffic to and between all internal networks. iptables is off on all servers.

I have tried several configurations, but there is no connectin between vm-host or guests and firewall.
vm-host has ip-forward enabled, default gw is interface "ovirtmgmt". vm-host can not reach firewalls vlan ip's.
Firewall can't reach vm-host on any vlan-ip.
Connection between guests and host is ok, guests can not reach each other.

The second nic on vm-host, which holds the vlan-s, is not, and cannot be, assigned an ip. The oVirt system removes any direct or bridged ip configuration on this physical interface.

Pinging from vm-host to it's own vlan interfaces works, not to firewalls:
Code:
[root@virt1 ~]# ping 192.168.20.2
PING 192.168.20.2 (192.168.20.2) 56(84) bytes of data.
64 bytes from 192.168.20.2: icmp_seq=1 ttl=64 time=0.025 ms
64 bytes from 192.168.20.2: icmp_seq=2 ttl=64 time=0.027 ms

[root@virt1 ~]# ping 192.168.20.1
PING 192.168.20.1 (192.168.20.1) 56(84) bytes of data.
^C
--- 192.168.20.1 ping statistics ---
3 packets transmitted, 0 received, 100% packet loss, time 2631ms
Info & config's:
Code:
 
Vm-host:
INT1 vlan tag=2	 192.168.20.2/24
OPT1 vlan tag=3  172.16.30.2/24
ovirtmgmt (bridge on em1)	192.168.19.4/24	
p4p1 (second nic, not assigned)
Code:
root@virt1 ~]# ifconfig 
INT1      Link encap:Ethernet  HWaddr 64:66:B3:05:15:F8  
          inet addr:192.168.20.2  Bcast:192.168.20.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:532 errors:0 dropped:0 overruns:0 frame:0
          TX packets:239 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:45291 (44.2 KiB)  TX bytes:20763 (20.2 KiB)

OPT1      Link encap:Ethernet  HWaddr 64:66:B3:05:15:F8  
          inet addr:172.16.30.2  Bcast:172.16.30.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:670 errors:0 dropped:0 overruns:0 frame:0
          TX packets:14 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:24621 (24.0 KiB)  TX bytes:812 (812.0 b)

em1       Link encap:Ethernet  HWaddr D4:AE:52:C5:C1:83  
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:34908 errors:0 dropped:0 overruns:0 frame:0
          TX packets:43395 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:6526329 (6.2 MiB)  TX bytes:11819994 (11.2 MiB)
          Interrupt:16 

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:224330 errors:0 dropped:0 overruns:0 frame:0
          TX packets:224330 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:84212135 (80.3 MiB)  TX bytes:84212135 (80.3 MiB)

ovirtmgmt Link encap:Ethernet  HWaddr D4:AE:52:C5:C1:83  
          inet addr:192.168.19.4  Bcast:192.168.19.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:34786 errors:0 dropped:0 overruns:0 frame:0
          TX packets:41364 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:5891821 (5.6 MiB)  TX bytes:11511252 (10.9 MiB)

p4p1      Link encap:Ethernet  HWaddr 64:66:B3:05:15:F8  
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:4917 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1260 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:308400 (301.1 KiB)  TX bytes:72745 (71.0 KiB)

p4p1.2    Link encap:Ethernet  HWaddr 64:66:B3:05:15:F8  
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:42 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:0 (0.0 b)  TX bytes:4340 (4.2 KiB)

p4p1.3    Link encap:Ethernet  HWaddr 64:66:B3:05:15:F8  
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:670 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:0 (0.0 b)  TX bytes:33777 (32.9 KiB)

vnet0     Link encap:Ethernet  HWaddr FE:1A:4A:58:EF:01  
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:670 errors:0 dropped:0 overruns:0 frame:0
          TX packets:10 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:500 
          RX bytes:34001 (33.2 KiB)  TX bytes:644 (644.0 b)

vnet1     Link encap:Ethernet  HWaddr FE:1A:4A:58:EF:00  
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:532 errors:0 dropped:0 overruns:0 frame:0
          TX packets:235 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:500 
          RX bytes:52739 (51.5 KiB)  TX bytes:20595 (20.1 KiB)
Code:
[root@virt1 ~]# ip route
192.168.20.0/24 dev INT1  proto kernel  scope link  src 192.168.20.2 
192.168.19.0/24 dev ovirtmgmt  proto kernel  scope link  src 192.168.19.4 
172.16.30.0/24 dev OPT1  proto kernel  scope link  src 172.16.30.2 
169.254.0.0/16 dev p4p1  scope link  metric 1003 
169.254.0.0/16 dev ovirtmgmt  scope link  metric 1009 
169.254.0.0/16 dev OPT1  scope link  metric 1017 
169.254.0.0/16 dev INT1  scope link  metric 1019 
default via 192.168.19.1 dev ovirtmgmt
Code:
pfSense:
INT1 vlan 2 on IF BRIDGE, wired connection to "ovirtmgmt" 	 192.168.20.2/24
OPT1 vlan 3 on IF OPT1,  wired connection to "p4p1"  172.16.30.2/24
 
Old 02-17-2015, 01:27 PM   #2
pingu
Senior Member
 
Registered: Jul 2004
Location: Skuttunge SWEDEN
Distribution: Debian preferably
Posts: 1,350

Original Poster
Rep: Reputation: 127Reputation: 127
Checking my network, I realized I have 2 vlan-capable rack switches between the firewall and the server and both had vlan's configured - here lies the problem.
These two switches are remains from old times and not really needed, so I just reconfigured my net bypassing them. Now all is fine!
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Ovirt VMs no route to host vquickl27 Linux - Networking 0 07-13-2014 09:45 PM
[SOLVED] Getting error trying to add a host on oVirt custangro Linux - Virtualization and Cloud 5 04-15-2012 03:07 PM
VLAN configuration - native VLAN and setting PVID kumarwaiting Linux - Networking 0 07-24-2006 02:51 AM
setting-up an xserver connection with remote host through local firewall. qanopus Linux - Security 5 02-02-2006 10:11 AM
Problem with exporting/firewall , RPC: No route to host pinguscot Linux - Networking 1 11-05-2004 05:29 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 04:05 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration