The phisical machine is set up with OpenMediaVault - this is a nice ready to go NAS distribution based on Debian. Then there is a plugin providing Virtualbox.
The physical lan connections are:
eth0 connected to my homelan, lets say 192.168.1.0/24
eth1 and eth2 connected to a separated switch (which is not connected to the homelan)
Within the HOST system all three interfaces are configured as DHCP clients
Now to the first virtual machine - this is the LEDE router:
In Virtualbox i defined:
Adapter 1 as a Bridged Adapter connected to eth1
Adapter 2 as a Brdiged Adapter connected to eth0
In the LEDE router the interfaces are configured:
LAN: as br-lan connected to Adapter 1 - Static address 10.0.17.0/24 plus DHCP server
WAN: as wan connected to Adapter 2 - DHCP client, therefore will get a 192.168.1.x address
Yes, my homelan here is acting as the "Internet"
In another virtual machine I installed e.g. a Debian server with the following lan configuration:
In Virtualbox i defined:
Adapter 1 as a Bridged Adapter connected to eth2
In the Debian server the lan interface is configured as DHCP client, therefore will get a 10.0.17.x address
Every other virtual machine is configured in the same way
Why did I install a separate physical switch?
With this configuration it is possible to connect e.g. a laptop to this switch and the laptop will get a 10.0.17.x address. Another possibility is to connect a WLAN AP to provide wifi connection to the 10.0.17.0/24 lan.
Sorry for this long post, but now I am looking forward to your questions
I forgot the explain the purpose of this machine:
I am supporting a lot of friends and neighbours regarding their home IT. So I wanted to have the possibility to simulate their networks.
For each network I installed a separate LEDE virtual machine with almost the same configuration as the real network so it is very easy to prepare new network stuff (e.g. AP, NAS, ...) at home. The installation of new devices then is a matter of connecting some cables
With my configuration there are two possibilities to connect to the HOST machine:
First of course within my homelan because eth0 of the HOST is connected to it. Second from a PC on the 10.0.17.0/24 lan. In this case the way would be e.g.:
10.0.17.23 (the PC) ==> 10.0.17.1 (the virtual LEDE router's LAN) ==> 192.168.1.x (the virtual LEDE router's WAN) ==> 192.168.1.y (the physical machine)
I'm running LEDE/openwrt on both libvirt/KVM and lxd on my Ubuntu 16.04 machine. Today I use VLANs with openswitch which I think makes the network configuration easier. Without openvswitch you need one bridge for each VLAN but with openvswitch only one is needed in total.
BTW LXD needed a custom apparmor config since I wanted to avoid privileged mode. It blocks the instance from mounting /dev which is already mounted and populated by LXD. audit deny mount options=(nosuid) -> /dev/,
Hi
Well your setup is quite different than the mine.
However, I managed to get it working, the remaining problem now are on host side to bring up all the devices at boot time and to investigate the navigation issue I have seen during my quick test
mmmm I still have packet forwarding problems.
I can surf some website, others are painfully slow or not working at all.
Internal LAN is perfectly ok, so the problem is with natting between LAN and WAN (done with a normal default masquerade rule of LEDE)
I cannot even reach with a decent speed the ISP IP, which is directly connected to the WAN
A ping with don't fragment show no particular surprise in MTU, but the symptoms are the classic of heavy fragmentation.
I have also tried to use different virtualization for the network interface, both Intel MT Sever and paravirtualized network have the same results, so I am a bit lost there...
Yes, I am using ipv6 and I have the icmpv6 rules on the firewall (LEDE default).
But I don't believe this is the problem, since I have problem also to reach my ISP router on WAN on pure IPv4 IP address
If everything is on one machine, you could run WIreshark (but I think you mentioned its not a GUI)...or generate the equivalent file, then look at it in Wireshark.
Here's a question at least you can try to answer with wireshark: are the packets flowing OK on the bare metal, but failing to reach the virtual machine? Or are the packets not even hitting the bare metal? So capture on the raw hardware interface, and whatever your virtual interface is, and see whether you have flows that make sense going from hardware to virtual and back.
