Virtual Router Manager Free Download [UPD]
Larry Steele
If I change our virtual wire setup to layer 3, have the IP addresses on both interfaces be local network IPs, and set a static route for 0.0.0.0 to point to the existing physical router on the WAN side of the virtual wire, will traffic (tagged and non-tagged) traffic pass through normally? My understanding is that this is 'cascading' the routers. I'm fine with the existing physical router handing inter-vlan traffic for the time being, to cut down on complexity. It can always be changed later.
lastly, since you currently have 2 connected routers in the same subnet, you will need to split up this subnet (as demonstrated by @pulukas in the above post), or create an additional one so the firewall has a unique subnet per interface
Sorry for the confusing question. Our present setup is a cisco router as the default gateway for our network, then the firewall in virtual wire mode, then the core switch. We want to change from virtual wire to layer 3 with minimal disruption to our network. This virtual wire connection has been our primary internet connection, but we need to connect a second WAN connection that we need to transfer business processes to. That means layer 3 due to the need for the most options with policy based forwarding, NATting, etc.
I know we can move the subinterface IPs from LAN side of the physical router to the LAN side (to the core switch) of what would be the layer 3 setup on the firewall, using some other private subnet between the virtual router on the firewall as the next hop from the virtual router to the cisco, and use RIP to advertise the routes from our LAN through the virtual router, to the cisco. I just don't have enough understanding if we can use additional local IP addresses from our current subnets so that they are on both sides of the layer 3 connection on the virtual router. Around here is where I get confused, since by defintion router break up networks / broadcast domains. I think in my head i'm confusing a layer 2 deployment with what is possible with a layer 3 deployment.
I think the easiest thing to do will probably be to work with our ISP who is currently managing our router to plan out a simple RIP setup between what will be the new virutal router, and the cisco. We just need exisitng traffic flows to go to / from our LAN so we can begin mirating things over to another interface on the firewall (new isp connection, basically going to our own public address space from our ISP NATing what we need).
I've worked with our vendor and an ISP network guy. We set up a new /30 network between the router and firewall (Layer 3), set a few static routes on the physical router, and will redistribute them into EIGRP.
hello,
i am a newbie and trying so hard to learn in my own. anyway i have been learning on my own all these years.
i just installed an ubuntu server to host an openwrt virtual machine.
the installation did go through successfully but here is my challenge.
the virtual router will do the routing between the wan and lan but the physical network cards are connected to the host machine .( ubuntu)
how do i configure the virtual router (openwrt) to use the 2 physical interface on the host machine or is there a way this can be done. should i use vlan? if yes how do i go about cobnfiguring the vlan to pass the traffic from the physical network care to the virtual. do i create virtual network interface? help will be highly appreciated.
You'd probably want to ask around in a virtualization related forum rather than openwrt. In any case, openwrt works well for more complicated virtual network setups. If all you want to do is have a virtual private lan that virtual hosts can communicate on, then the default nat bridge provided by libvirt, for example, will work fine and you don't actually need openwrt for routing or NAT duties. dnsmasq runs on the host and serves as the dns and dhcp source for the software bridge that all the virtual hosts are attached to. Again no need for a virtual router for a simple use case. But if you want to route all the virtual traffic through a VPN or something like that, then openwrt could be useful.
If you start running multiple VM servers, then a VLAN is useful to extend the virtual network between them all. In that case you'd want something like openwrt to perform routing duties between VLANs and your WAN. You also need a managed switch but you could use openwrt on a cheap router (with a built-in vlan capable switch chip) to act as a small one. You could virtualize the gw, of course, and some people like to do that, but I'm not exactly sure why. I find it preferable to run a physical gateway router. There are plenty of cheap, low power options for routing at gigabit speeds so there's really no need to run it virtual.
To bridge virtual interfaces in ubuntu you would first use network manager to create a bridge, then add your physical lan device to that bridge, and then setup ipv4/ipv6 parameters for the bridge interface. The bridge interface is now your ubuntu host's LAN interface.
Assign bridged virtual nics from both the host-only bridge and the LAN bridge to your openwrt VM. The virtual nic on your LAN bridge is openwrt's WAN interface. The host-only bridge virtual nic is the lan side from openwrt's perspective.
This setup is useful if you just want to play with it or use features like a VPN for all your virtual hosts. Its not strictly necessary (as I described earlier) as the default nat bridge will already do ip assignment and NAT for your VMs attached to that bridge. You only need the GW vm if you want to do something special with the traffic like encrypt it.
I run a setup similar to this but I have multiple host servers and a couple of VLANs dedicated to virtual machines. I run a mix of fully virtualized machines using virtmanager and some containerized instances using lxd. I dont actually use openwrt any more as my gateway, preferring instead to extend my VLANs to my main gateway/router running pfSense. In one case, I do have a virtual network gateway machine with a pure virtual lan behind it but the gateway just runs ubuntu and I configure it with the cli and network manager.
The non-bridging option is to use macvlan virtual nics and I wouldn't suggest that can of worms for the OP given their experience level. Another non-bridging option is PCI pass thru of dedicated NICs but thats more of an advanced topic with a lot of caveats. So, yes, on linux you do need to create a bridge on the ubuntu server for every network that you want to expose inside a VM. It works a little differently in windows w/ virtual box or vmware where you can bridge a virtual nic to your lan device without actually having to create a bridge on the host first.
i am using KVM. i have setup network config using netplan. created a bridge using one NIC on the ubuntu and gave it an ip address from my lan. this is working as expected.
i have created the virtual router (openwrt) created the bridge using virsh (kvm) then attached the router to the bridge network created (hot-bridge). i am about testing if i should add a second bridge using the second NIC card in ubuntu or can the i use one bridge for the 2 NIC.
In turn, br-lan is assigned an IP address (192.168.1.1). All traffic originating from or arriving at 192.168.1.1 can pass through every device linked to the bridge br-lan. In your case, that's only eth0. On many budget "routers" which people reflash with OpenWRT, the br-lan bridge usually links both eth0 and wlan0 (names may change depending on device), so that the same traffic to/from the LAN can traverse either the Ethernet connection or the wireless connection or both.
However, if you're putting something in place for other people to use, then it'd be a good idea to consider making it as simple as possible. If you have a spare computer, it's simpler to install OpenWRT natively than to install a separate OS and then use virtualisation to host OpenWRT. In addition, there are fewer support and security challenges if you install the intended operating system natively.
I read you are using netplan instead of network manager? Is netplan configured to output for systemd or network manager? If you are trying to learn how to do mass deploys on the cloud then that is fine but you would find network manager easier for initial setup. It has a gui that I find very handly, i.e. nm-connection-editor.
Once you have your kvm instance running and you think the virtual nics are assigned, post the output of "brctl show" to show what bridges you have configured and what nics/virt nics are assigned to them.
If traffic is not passing then you might be hitting firewall rules. I forget what ubuntu installs by default, if it even installs one at all. I usually lock things down with firewalld. You may have to install that. If ufw is installed, instead, remove that crap. Again, there is a gui for managing your firewall rules. Also, network manager and firewalld are integrated. When interfaces come online the firewall assigns the default zone for them and updates the nft tables for you automatically. You can also assign the desired firewall zone to an interface in network manager's config. For an intial setup set the zone to public on all your interfaces and bridges to remove the firewall as a reason for why packets are not getting through. Also check "journalctl -e" for any firewall messages.
What I'm hearing is that you want to virtualize an openwrt instance that will serve as a GW between your lan and your ISP. openwrt will provided dhcp services for your LAN, including your virtualization host. Correct?
Use network manger, not netplan, to create two bridges. Don't bother with libvirt's network definition features. They are useful for more advanced use cases. The network manager configuration is as follows.
Virtual Router is a simple little application that lets you create a virtual WiFi spot (a wireless hotspot) with minimal configuration required. It's very lightweight, neat, and best of all, it's also open source, therefore you can use it for free and without costing you anything.
df19127ead