Problem with a routing

system · February 5, 2015, 9:39pm

Hello,
I am setting a lab on the virtualbox on my laptop and I’ve came across strange problem.

One virtual machine has two network interfaces:

bridged to host wlan0 interface to have internet
connected to internal network to provide internet access to another vm

Of course on this vm (running vyos 1.1.3) is configured nat to internal network

The other vm (runnin vyos 1.1.3) has two network interfaces:

connected to internal network (the same as machine above)
another internal network

The problem is with routing, I cannot configure second vm to have internet provided by first vm. Below are the configs. I cannot change addresses.

gateway config:

interfaces {
    ethernet eth0 {
        address dhcp
        duplex auto
        hw-id 08:00:27:0c:9e:2f
        smp_affinity auto
        speed auto
    }
    ethernet eth1 {
        address 10.24.161.254/24
        duplex auto
        hw-id 08:00:27:6c:3f:e3
        smp_affinity auto
        speed auto
    }
    loopback lo {
    }
}
nat {
    source {
        rule 10 {
            outbound-interface eth0
            source {
                address 10.24.161.0/24
            }
            translation {
                address masquerade
            }
        }
    }
}
protocols {
    static {
        interface-route 10.24.162.0/26 {
            next-hop-interface eth1 {
                distance 1
            }
        }
    }
}

The second VM:

interfaces {
    ethernet eth0 {
        address 10.24.162.1/26
        duplex auto
        hw-id 08:00:27:15:ab:d6
        smp_affinity auto
        speed auto
    }
    ethernet eth1 {
        duplex auto
        hw-id 08:00:27:38:4d:1a
        smp_affinity auto
        speed auto
    }
    ethernet eth2 {
        duplex auto
        hw-id 08:00:27:dc:14:3a
        smp_affinity auto
        speed auto
    }
    ethernet eth3 {
        duplex auto
        hw-id 08:00:27:5d:48:a7
        smp_affinity auto
        speed auto
    }
    loopback lo {
    }
}
protocols {
    static {
        interface-route 10.24.161.0/24 {
            next-hop-interface eth0 {
                distance 1
            }
        }
        route 0.0.0.0/0 {
            next-hop 10.24.161.254 {
                distance 1
            }
        }
    }
}

There is another strange thing:
with the configuration above I have following route in the OS:

0.0.0.0    0.0.0.0    0.0.0.0    eth0

I think there should be something like:

0.0.0.0   10.24.161.254   0.0.0.0    eth0

Deleting this route and adding (not vyos way) in system default route like this:

route add default gw 10.24.161.254

works and the second vm has internet access through the gateway.

So what I am doing wrong? Or maybe there is some kind of bug in the software?

Thank You for every help and every tip.

cgb · February 5, 2015, 10:06pm

Typo in netmask? 10.24.162.0/26 won’t include your desired gateway address of .254

Chris

Oh, and I just noticed typo in the 3rd octet too (should be 161 instead of 162…?)

system · February 6, 2015, 8:27pm

Thank you for your reply. Unfortunately this is not a typo. Those two instances of vms should work in separate networks, and connectivy between them should be configured by proper routing, but as I’ve written I cannot set routing to achieve internet connection on the second vm.

JFL · February 12, 2015, 8:24am

I assume you have only private IP on those VM and there’s another router externally that provide internet access with NAT.

The problem is this external router is not aware of your VM and likely not configured to handle traffic from the private IP range used by this VM.

There’s 2 options

the one that will work in most cases is to NAT traffic from your internal VM with the IP address the VyOs box receive by DHCP on eth0

This can be achieved with a masquerade NAT I think.

The second is to add routes on the router that provide internet so it can communicate with your VMs AND to configure it to NAT traffic coming from your VMs
This also require that you set a static IP address on the VyOs eth0 interface rather than DHCP since you will add a route to this IP on the internet router.
(however from my point of view DHCP on a router interface is bad - except for PPPOE of coures)