1

myself and a friend have rented a dedicated server and have used KVM and libvirt to create virtual machines for us to use. (we are using debian jessie on the host)

we purchased two additional IP adresses (one for each of us) giving us three IP adresses total including the original host IP.

the host IP is 195.154.XXX.221 with a gateway of 195.154.XXX.1 and our extra IP's are 212.129.XXX.XXX on a different subnet with the same gateway. Our provider has given us mac addresses that have to be used on the device with the additional IP assigned.

we have no trouble assigning the IP's to a single virtual machine, however we do not know how we would have multiple VM's on one IP. A bridge would not work due to the fact all the VM's would need to have the same mac address.

STiGYFishh
  • 123
  • 5

2 Answers2

1

You have to set up DNAT on the Host to forward ports from the outside IP address to the VMs in the private VM network you have set up.

You cannot share the IP on the layer 3.

Tero Kilkanen
  • 34,499
  • 3
  • 38
  • 58
  • We can not do this because the extra IP's cannot be added to our host as they require a specific mac address to 'authenticate'. We only have one physical NIC whith a hardware mac. The IP's we have been assigned are not assigned to our service port. This is so that they can be used with other servers and is why they need to be assigned to a device with a specific mac address to 'authenticate' them. – STiGYFishh Feb 10 '15 at 12:31
  • See http://serverfault.com/questions/223601/multiple-mac-addresses-on-one-physical-network-interface-linux for adding additional macs to your physical interface. – Henrik Feb 10 '15 at 13:14
  • Looks promising, but how would I go about adding a public IP to a macvlan like this Henrik? – STiGYFishh Feb 10 '15 at 18:05
  • @Henrik - Is that really necessary? Maybe I'm missing something here, but it seems that using just one MAC provided by the hoster is enough. You can set it permanently on host's interface by the `hwaddress` option in [/etc/network/interfaces](http://manpages.debian.org/cgi-bin/man.cgi?query=interfaces&sektion=5). Obviously, don't bridge the public interfaces with VMs, they should be local to the host. Create another bridge from VMs' and host's interfaces, then use it to route/DNAT/SNAT on the host. – sam_pan_mariusz Feb 19 '15 at 20:32
  • sam_pan_mariusz youre right, its not necessary or usefull in this case (if one mac should be enough for the assigment of all ips) - @STiGYFishh the option of using multiple vms behind one IP can just be solved by D/SNAT (as already mentioned). Pick up the propsal from sam_pan_mariusz and for a libvirt D/SNAT setup you'll find a lot of instructions. I got the initial problem wrong, by assuming, that every IP should be bound to a unique mac. – Henrik Feb 20 '15 at 21:53
  • No @Henrik you were right EVERY IP NEEDS to be bound to a UNIQUE mac address. The provider GIVES us a generated mac address that we have to use with each IP. – STiGYFishh Feb 23 '15 at 18:30
  • Also if their network detects outbound traffic from another MAC address other than one provided for us (i.e a second virtual machine using the same IP). Then the IP gets unassigned from our machine. – STiGYFishh Feb 23 '15 at 18:38
1

This was posted a long time ago, but I've used this configuration several times now with online.net and I know other providers use the same configuration, so I'll update with the solution.

For this scenario I'll have one host and two guest machines. I'm going to be showing networking config for Debian, adjust to your OS.

**** IF YOUR ADDITIONAL IP'S ARE OUTSIDE YOUR GATEWAY IP SUBNET SEE BOTTOM OF POST AFTER SETTING UP BRIDGE ****

When you are given your IP's you will generate or get given a MAC address to use with them e.g.

XXX.YYY.ZZZ.101 - 52:54:00:00:00:01

XXX.YYY.ZZZ.102 - 52:54:00:00:00:02

XXX.YYY.ZZZ.103 - 52:54:00:00:00:03

On your host set up a bridge in your networking with your host IP assigned like so.

iface eth0 inet manual

auto vmbr0
iface vmbr0 inet static
    address XXX.YYY.ZZZ.101
    netmask 255.255.255.0
    gateway XXX.YYY.ZZZ.1
    bridge_ports eth0
    bridge_stp off
    bridge_fd 0

Now when you create your VM's set them up with the network interface vmbr0. On each of your VM's set up the following config for your networking.

auto eth0
iface eth0 inet static
    address XXX.YYY.ZZZ.102
    netmask 255.255.255.0
    gateway XXX.YYY.ZZZ.1

This should pass your additional IP's to your VM's! Awesome!

You may encounter the problem however that you are given additional IP's with a gateway outside the subnet e.g.

Gateway IP: XXX.YYY.100.1

Additional IP1: XXX.YYY.200.1

If you find yourself in this situation on your VM, you will need to manually add a route to the gateway IP and assign the IP to your interface on boot.

In debian you would do the following in your /etc/network/interfaces to achieve this:

auto eth0
iface eth0 inet manual
    pre-up ip l set dev eth0 up
    pre-up ip a add XXX.YYY.200.1 dev eth0
    pre-up ip r add XXX.YYY.100.1 dev eth0
    pre-up ip r add default via XXX.YYY.100.1
    post-down ip l set dev eth0 down

Hope this is concise and helps someone.

STiGYFishh
  • 123
  • 5
  • Thanks for this post very much. – oemb1905 Oct 22 '21 at 03:32
  • "Now when you create your VM's set them up with the network interface vmbr0," I just want to let those who pass by know that this means a lot. First, to do this via common GUI, open virt-manager and edit NIC to bridge mode, and enter ''vmbr0'' as the name. This sets up the virtual switch. After that, boot into the VM/guest OS and with the VM/guest's Terminal open up ''/etc/network/interfaces'' and enter the second stanza above, but make sure to use the VM/guest's interface name, whether eth0, ens2, or what have you! Thanks again - set up purring, just some clarity for folks! – oemb1905 Oct 30 '21 at 03:38