i rent a server from ovh.de which has beneath the “normal” fixed ip adress an additional, so-called “fail-over” ip. i wanted to use this second ip for a virtual machine running inside vmware. however, i had to learn that ovh doesn’t allow you to use bridging for the network interface (leads to an offline server, as the switch blocks ports with more than one mac adress associated)
so, we need to use another solution, where we assign the fail-over ip to our host-system and configure a 1:1 nat for the virtual machine.
example:
- main ip: 91.121.111.222
- failover ip: 87.98.101.202
- vmware is set to host-only networking and has the (fixed) ip 172.20.15.10
first of all, we have to add the second ip to our host-machine.
-
ifconfig eth0:0 87.98.101.202 netmask 255.255.255.255
next step, make snat for 172.20.15.10 to 87.98.101.202. this rewrites the source field of the ip-packets that your vm sends to the internet. it’s what your nat-router at home does, too.
-
iptables -t nat -A POSTROUTING -o eth0 -s 172.20.15.10 -j SNAT –to 87.98.101.202
but we also need a rule that does the same in the other direction, so that packets arriving on the host machine with the failover-ip as destination get redirected to the virtual machine:
-
iptables -t nat -A PREROUTING -i eth0 -d 87.98.101.202 -j DNAT –to 172.25.15.10
after these commands, my virtual machine was reachable from the internet
Bei der ersten iptable rule kommt ein error:
Bad argument `87.98.244.78′ (Also die Fail-Over-IP)
hm seltsam, bei mir klappts…
was für einen kernel verwendest du? hast du dort eventuell nicht alle bzw. keine NAT features?
2.6.18-6-686 hab ich über apt-get installiert müsste eigtl nat alles aktiviert sein oder?
kann ich dir so nicht sagen sorry. ich nehme an du hast einem modularen kernel, folglich könnte es sein dass du noch weitere module laden musst.
vielleicht hilft dir http://www.linuxforen.de/forums/showthread.php?t=129668
hab mal geguckt, alle module sind da
Hi,
If I use 2 vmware virtual machines, how can I configure the 2 failover IP in the Host Only mode ?
Thank you
cray2: this works the same way you installed the 1:1 nat for the first ip.
you configure your second vm to use another ip in the same private adress room as the first vm.
then you configure SNAT and DNAT for the second fail-over ip to your second vm as you did for the first one.
Die 172.20.15.10 ist in dem Beispiel die IP von dem VMWare-Gast oder ?
Wie muss ich denn bei nem Windows Gast den Gateway und DNS setzen ?
opto, yes 172.20.15.10 is the ip of the vmware guest.
my guest uses 172.20.15.1 as default gateway and the ovh dns server
Hi! Ich habe auch das Problem mit Bad argument `meine failover ip?
mit dem link bin ich leider nicht schlau geworden.
http://www.linuxforen.de/forums/showthread.php?t=129668
ich habe eine ganz normale debian etch installtion ohne selbstkompiliertem kernel.
wäre super wenn mir jemand dabei kurz unter die arme greifen könnte.
vielen dank schonmal
seems like in some situations you have to use
–to-source (for snat) and
–to-dest (for dnat)
I also use ovh dedicated. But how can i find out my failover ip ?
Gues i need to know it befor i start implementing it. So you cannot use
just NAT on your vmware and use one IP ? Or what ? Then the switch wil find out my NAT Ip of my VM ? And blocks the port ?
Stupid here you can see how to second IP
http://hilfe.ovh.de/IpFailover
So the the (fixed) ip 172.20.15.10 is the virtual host only nic. The nic adres that vmware makes when installing Vmware. (Host only) And this wil be used as the gateway adres in your VM ? Right ? Okay ready to test this soon
if you look at the output of ifconfig on your server, you can see which ip vmware configured for you. host-only is vmnet8 as far as i can remember
vmnet8 is NAT and vmnet1 is host-only. Now i can ping my new Fail-Over-IP. But i get the same errors as the other Bad Argument ?
Is it possible you make a type mistake ?
You made a mistake. I found out that you must use:
-–to xxxxx and not -to So and extra – is needed
Hey
Wenn ich meinen Server jetzt neu starte, sind wieder alle einstellungen draussen und ich muss es neu einrichten. kann man dies irgendwie umgehen?
Grüsse
you may make these settings using a script which is run at boot
Where to make this and how to make this script ?
When i make a second VM and point it to this new IP adres then i cant connect ? Must i first delete the first IPtables i made ? Or what a reboot and remake IPtables did not work ? Are those tables cached some where ?
Hey dudes here some good info about the IPTables:
http://www.linuxhomenetworking.com/wiki/index.php/Quick_HOWTO_:_Ch14_:_Linux_Firewalls_Using_iptables#Download_And_Install_The_Iptables_Package
Hi,
i tried it myself, but I’m not able to access the VM from the internet.
From inside the VM, I can ping, so I have a connection.
But it is very slow.
When I try the same from the Internet, I get no response.
What could be the problem.
Thanks for your post, it was very inspiring to me. I have don my own setup and described in this post: