http://jasonyu37.blog.51cto.com/8877469/1536589
上一篇,有一個問題,那就是,如果我想給外網提供服務(把External Network 和 Management Network分開), 怎麼做?這個應該是很實用的。但是我是個窮人,沒有兩塊網卡。
然後我就去看了vmware的workstation 網絡相關的,有一個VMnet1(192.168.179.0/24),是hostonly模式。在VM上添加一個網卡,選擇自定義模式(VMNet1),這樣相當於在主機上插了一塊網卡,eth2出來了,設置IP,192.168.179.20,筆記本上ping,通了。
其他地方就和上一篇差不多了,就是br-ex橋接到eth2就行了,
#傳說中的management network
#cat ifcfg-eth1
TYPE=Ethernet
IPV6INIT=no
NAME=eth1
UUID=0e6e86b5-721d-4219-a9fd-2076990f9e1f
ONBOOT=yes
HWADDR=00:0C:29:39:36:53
BOOTPROTO=none
IPADDR=192.168.1.20
PREFIX=24
GATEWAY=192.168.1.1
DNS1=202.106.0.20
DEFROUTE=yes
IPV4_FAILURE_FATAL=yes
LAST_CONNECT=1401649435
#傳說中的external network
# cat ifcfg-eth2
HWADDR=00:0C:29:39:36:5D
DEVICE=eth2
TYPE=OVSPort
DEVICETYPE=ovs
OVS_BRIDGE=br-ex
ONBOOT=yes
# BOOTPROTO=none
# IPADDR=192.168.179.20
# PREFIX=24
# GATEWAY=192.168.179.1
# DNS1=202.106.0.20
# DEFROUTE=yes
# IPV4_FAILURE_FATAL=yes
# IPV6INIT=no
# NAME=eth2
# UUID=dd6c8917-b2ac-40a8-ad29-ad165df9e2a6
# ONBOOT=yes
LAST_CONNECT=1407354181
#cat ifcfg-br-ex
DEVICE=br-ex
DEVICETYPE=ovs
TYPE=OVSBridge
BOOTPROTO=static
IPADDR=192.168.179.20
NETMASK=255.255.255.0
ONBOOT=yes
登錄到dashboard.
1, 添加外部網絡(就是VMNet1網絡) External_Network
添加 External_Subnet 192.168.179.0/24
2, 添加私有網絡(就是VM所使用的網絡) Private_Network
添加Private_Subnet 172.16.1.0/24
3, 添加路由器,router, 設置網關gateway爲外部網絡External_Subnet.
在路由器router上, 添加 172.16.1.0/24 子網的接口
4, 啓動實例, 選擇 Private_Subnet.
5,設置 floating IP. (192.168.179.101)
6,設置安全規則,允許icmp和ssh對內部網絡的訪問.
# ip netns exec qrouter-9bd86521-4685-4af8-9264-176fae5e2a5c ip addr
19: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
20: qg-3f586ddc-60: <BROADCAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN
link/ether fa:16:3e:e0:66:3f brd ff:ff:ff:ff:ff:ff
inet 192.168.179.100/24 brd 192.168.179.255 scope global qg-3f586ddc-60
inet 192.168.179.101/32 brd 192.168.179.101 scope global qg-3f586ddc-60
inet6 fe80::f816:3eff:fee0:663f/64 scope link
valid_lft forever preferred_lft forever
21: qr-575f4992-4c: <BROADCAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN
link/ether fa:16:3e:79:e2:b0 brd ff:ff:ff:ff:ff:ff
inet 172.16.1.1/24 brd 172.16.1.255 scope global qr-575f4992-4c
inet6 fe80::f816:3eff:fe79:e2b0/64 scope link
valid_lft forever preferred_lft forever
# ip netns exec qrouter-9bd86521-4685-4af8-9264-176fae5e2a5c iptables -t nat -S
-P PREROUTING ACCEPT
-P POSTROUTING ACCEPT
-P OUTPUT ACCEPT
-N neutron-l3-agent-OUTPUT
-N neutron-l3-agent-POSTROUTING
-N neutron-l3-agent-PREROUTING
-N neutron-l3-agent-float-snat
-N neutron-l3-agent-snat
-N neutron-postrouting-bottom
-A PREROUTING -j neutron-l3-agent-PREROUTING
-A POSTROUTING -j neutron-l3-agent-POSTROUTING
-A POSTROUTING -j neutron-postrouting-bottom
-A OUTPUT -j neutron-l3-agent-OUTPUT
-A neutron-l3-agent-OUTPUT -d 192.168.179.101/32 -j DNAT --to-destination 172.16.1.2
-A neutron-l3-agent-POSTROUTING ! -i qg-3f586ddc-60 ! -o qg-3f586ddc-60 -m conntrack ! --ctstate DNAT -j ACCEPT
-A neutron-l3-agent-PREROUTING -d 169.254.169.254/32 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 9697
-A neutron-l3-agent-PREROUTING -d 192.168.179.101/32 -j DNAT --to-destination 172.16.1.2
-A neutron-l3-agent-float-snat -s 172.16.1.2/32 -j SNAT --to-source 192.168.179.101
-A neutron-l3-agent-snat -j neutron-l3-agent-float-snat
-A neutron-l3-agent-snat -s 172.16.1.0/24 -j SNAT --to-source 192.168.179.100
-A neutron-postrouting-bottom -j neutron-l3-agent-snat
上個圖吧:
