1

I'm trying to get my host to route its traffic through a KVM guest(Untangle), but I'm not having any luck with basic IP table rules.

Right now, I have all traffic being received by the host on eth2 and forwarding all traffic to eth1. Eth1 is bridged to br1, which Untangle sees as a WAN. Untangle bridges to br0.

That's all working fine. Any new guest that I create will route through Untangle, and my router plugged into eth0 is routing through Untangle.

How do I get the host to route through br0/eth0?

Here's my current routes output with traffic going through eth2 on host:

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
default         76.xx.xx.x      0.0.0.0         UG    0      0        0 eth2
10.10.10.0      *               255.255.255.0   U     0      0        0 br1
76.xxx.xx.x     *               255.255.248.0   U     0      0        0 eth2
link-local      *               255.255.0.0     U     1000   0        0 br0
192.168.2.0     *               255.255.255.0   U     0      0        0 br0
192.168.122.0   *               255.255.255.0   U     0      0        0 virbr0
Improve this question
1
  • You can't just set your default route to point to the Untangled's WAN IP, and let routing handle itself?
    – agc93
    Commented Jan 22, 2014 at 2:11

1 Answer 1

Reset to default
0

I know this is old, but I have accomplished it before in a different way.

First of all, I would setup eth2 on a bridge (call it br_wan) and NOT configure it on the host (so the host will not see any traffic arriving on that port or on the bridge). Share br_wan with the guest and configure it as the wan port. No need to make the traffic go to the host just to have it forward it to the guest. Also, if you route wan through the host you may loose a lot, Untangle will not know the public IP address because the DHCP client will be running on the host which is something you probably do not want. And it is a bit less safe.

Create another bridge, you can call it br_net and that is the interface on Untangle where all the other Guests and the host will connect to. It does not need to be attached to a physical interface but it can be if you wish.

Configure the host to get its IP from the br_net interface, and configure the gateway on that interface so the host will have its default route going through the br_net interface.

I must say I started with a solution just like that but ended up choosing to handle all firewalling on the host with the help of Shorewall. My rule now as far as firewalling goes is to use UFW if the setup will not forward packets and use Shorewall is the setup will forward packets. Shorewall is really awesome, very easy to learn and very powerful.

Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .