0

I a new to virtual networking and have been at it about 2 months.

I have a physical machine (PM) with physical ports eth0 and eth1. Eth1 is not being used. Rather, eth0 is attached to both the WAN on PM and to VM1 it seems.

I want PM to forward all traffic to VM1 which is running Sophos UTM. Other VMs are attached to VM1. I could not run Sophos on PM, as it does not offer necessary facilities to manage my physical hardware.

How can I forward traffic between two machines having the same IP?

Can I attach VM1 to eth1 instead of eth0? Does that require bridge between eth0 and eth1? PM is remote, so fiddling in anyway with eth0 is treacherous.

I can communicate with PM and VM1 separately nonetheless. I am using NoMachine (VNC-like) to address PM at the shared IP. Then I run a nested NoMachine session on PM to access VM2 and then access VM1 via browser on VM2 addressed to VM1's LAN port.

PM is running OpenSUSE. Virtualization is via KVM. Virbr0 is "up."

PM can ping the Internet and VM2, so there is communication between all network segments. But it seems there should be broken communications between PM and VM1.

gbambo
  • 21
  • 1
  • 4

1 Answers1

0

Based on your requirements this is how I would set it up.

Your Sophos firewall VM would need two virtual NIC's. "WAN" port will be bridged with your hosts physical NIC. The second virtual NIC would be the "LAN" and would be on a private internal-only network that all the other VMs are attached to.

How to configure a bridged network https://www.dedoimedo.com/computers/kvm-bridged.html

SpiderIce
  • 551
  • 2
  • 9
  • That much is already in place. My real problem is that PM seems to intercept all traffic from outside and cannot forward it to VM1 because VM1 has the same address as PM. The shared address is resulting in everything routing to PM and none to VM1 (concerning outside traffic). I will check the reference you included. – gbambo Oct 03 '17 at 15:55
  • @gbambo you can't have two systems with the same IP address, bridged mode will let your Sophos VM use the same network IP range but you need to assign it a different IP or use DHCP. – SpiderIce Oct 03 '17 at 16:13
  • Actually, you CAN have two systems with the same IP address. I agree it is worse than bad practice, but I have somehow achieved this. That is the crux of my problem. And I cannot figure out how to undo it, as it is has arisen because the same physical port is mapped to both machines. There is no bridge, if there was the port would not be double mapped. At this point, I have just rebuilt the host and will be manually building the bridge before attaching the Sophos VM. Hopefully, I can avoid a repeat. – gbambo Oct 05 '17 at 21:47