I want to simulate NAT network mode of virtual machines without using any vm-specific tools. The detailed goals are the following:
- The VMs have internal network IP
10.8.20.0/24 - The physical nic
eno1has IP192.168.1.233 - The VM can access to internet
- The internet can access VM with port binding (i.e.
192.168.1.233:9080 -> 10.8.20.3:80)
To make it easier, we can use veth peers to simulate VM's TAP instead of actually set up a VM.
So the network I set up is:
# Create internal bridge my-bridge
ip link add my-bridge type bridge
ip link set dev my-bridge up
# Create a veth peer, my-guestb connected to my-bridge, vpx-guesta has IP 10.8.20.3
ip link add my-guesta type veth peer name my-guestb
ip link set my-guestb master my-bridge
ip addr add 10.8.20.3/24 dev my-guesta
ip link set dev my-guesta up
ip link set dev my-guestb up
Since now, it is obvious that we cannot ping internet from vpx-guesta.
I read a loooot of blogs about how to make a NAT in ubuntu, but nothing work. The things I done were:
iptables -F
iptables -t nat -F
iptables -t nat -A POSTROUTING -o eno1 MASQUERADE
iptables -A FORWARD -i eno1 -o my-guesta -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i my-guesta -o eno1 -j ACCEPT
By doing so, I want to ping internet from my-guesta, but it did not work.
Should I link eno1 to my-bridge? If so, how do I manage the IP and routing table? If not, what should I do?
- Host: ubuntu 22.04
- ip_forward is 1
- accept_local for
my-guestais 1