Requesting Guidance on publically accessible vm's on Centos7 + General Knowledge things

Issues related to configuring your network
Post Reply
Botagar
Posts: 3
Joined: 2017/05/01 05:52:53

Requesting Guidance on publically accessible vm's on Centos7 + General Knowledge things

Post by Botagar » 2017/05/09 09:53:32

Hi all!

I'm a somewhat new/inexperienced person which has started on an IT career path. I've done things like setup services in aws and run webservers on machines up to now. What I'm trying to do now is setup a machine at home, which has Centos7 installed, and have a set of VM's (QEmu) and/or docker containers hosted on it which is able to be access publically.
I have gliffyfied what I think the setup should be like. Link
Image

The biggest problem I'm facing is assigning my server machine a (internal) static IP and having static IP's for each vm and container. Frankly I haven't managed to assign my machine a static IP and setup a virtual bridge without loosing internet connectivity. I've been following a few blogs and tutorials here and there but I'm quite confused now.

So here I go:
  • Are there any glaring holes in my initial thinking?
  • What purpose does a virtual bridge serve?
  • Do I need a virtual bridge per VM and Container?
  • What kind of mechanism do i need to use to give my VM's and Containers static IP's (AND keep internet connectivity)
  • Whats the best method to handle having only 1 public IP? Port forwarding on the Router? Routing based on hostname from the Router? Another method?
  • How do I best make use of the 4 RJ45/Ethernet ports on my machine?
  • What is "Network Manager" (apart from what you can gleam from its name) and why does it keep giving me grief?
If anyone can help, that would be greatly appreciated!

File ifconf-enp3s0

Code: Select all

TYPE=Ethernet
BOOTPROTO=static
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPADDR=192.168.2.1
PREFIX=24
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=enp3s0
NM_CONTROLLED=no
UUID=e698bc20-0933-449a-bdc5-fd8d63aadf3f
DEVICE=enp3s0
ONBOOT=yes
PEERDNS=yes
PEERROUTES=yes
IPV6_PEERDNS=yes
IPV6_PEERROUTES=yes
IPV6_PRIVACY=no
BRIDGE=br0
File ifconf-br0

Code: Select all

TYPE=Bridge
DEVICE=br0
BOOTPROTO=static
IPADDR=192.168.2.1
NETMASK=225.225.225.0
GATEWAY=192.168.1.1
PREFIX=24
ONBOOT=yes
NM_CONTROLLED=no
DELAY=0

User avatar
TrevorH
Site Admin
Posts: 33202
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: Requesting Guidance on publically accessible vm's on Centos7 + General Knowledge things

Post by TrevorH » 2017/05/09 10:46:41

You've got IPADDR= and things like that in the ifcfg file for the interface when they should all be on the bridge. You really only want stuff like DEVICE=, TYPE=, ONBOOT= and BRIDGE= in that ifcfg file, all the rest probably should be removed or moved to the bridge file.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

Botagar
Posts: 3
Joined: 2017/05/01 05:52:53

Re: Requesting Guidance on publically accessible vm's on Centos7 + General Knowledge things

Post by Botagar » 2017/05/09 12:28:50

I updated my network config files to be:
ifcfg-enp3s0

Code: Select all

NAME=enp3s0
TYPE=Ethernet
NM_CONTROLLED=no
DEVICE=enp3s0
ONBOOT=yes
BRIDGE=br0
ifcfn-br0

Code: Select all

TYPE=Bridge
DEVICE=br0
BOOTPROTO=static
IPADDR=192.168.2.1
NETMASK=225.225.225.0
GATEWAY=192.168.1.1
PREFIX=24
ONBOOT=yes
NM_CONTROLLED=no
DELAY=0
DEFROUTE=yes
This gave my br0 interface the desired static ip. There was still no internet connectivity.
I added a route to direct all traffic through the br0 interface like:

Code: Select all

sudo ip route add 0.0.0.0/0 via 192.168.2.1
Which gave me access to devices connected to the internal network but no ip address outside the network (the internet) could be reached.
I just got a slew of "Destination Host Unreachable" from things like ping 8.8.8.8.

I've tried having enp3s0 or br0 being network manager controlled as well to no avail.

What am I missing?

Cheers~!

gerald_clark
Posts: 10642
Joined: 2005/08/05 15:19:54
Location: Northern Illinois, USA

Re: Requesting Guidance on publically accessible vm's on Centos7 + General Knowledge things

Post by gerald_clark » 2017/05/09 12:45:07

Your gateway is not on the same network as your VM.
You are using a private network which is not accessible from the internet without NAT and port forwarding at the router.

User avatar
TrevorH
Site Admin
Posts: 33202
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: Requesting Guidance on publically accessible vm's on Centos7 + General Knowledge things

Post by TrevorH » 2017/05/09 13:05:16

Your netmask looks like a typo too: 225.225.225.0?
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

Botagar
Posts: 3
Joined: 2017/05/01 05:52:53

Re: Requesting Guidance on publically accessible vm's on Centos7 + General Knowledge things

Post by Botagar » 2017/05/10 12:54:46

Thanks, fixed up the typo (225 looks like 255 after staring at screens for hours).

I'll take a look at routes and NATing on my router, but im currently using a netcomm N300, which has an aweful admin UI and half the stuff seems to be disabled...

User avatar
TrevorH
Site Admin
Posts: 33202
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: Requesting Guidance on publically accessible vm's on Centos7 + General Knowledge things

Post by TrevorH » 2017/05/10 13:46:06

As Gerald pointed out, your current netmask (even when it's correct!) will not let you reach 192.168.1.1 from 192.168.2.1/255.255.255.0. Your gateway needs to be in the same subnet as the machine's ip address (though there are bodges to work around this).
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

Post Reply