I want to do a physical-to-virtual migration of BSD server, saving the IP address. The destination virtual host is Linux/KVM.
The current setup: I had a BSD server with failed Hardware. I have just replaced it with a new server, and its HardWare is too new to be used by BSD directly.
So, I have Linux on new server and want to move the BSD into virtualization with KVM.
I have full HDD dump of old server.
The problem is: I have only single real IP and I should use this IP both in guest and in host.
I want to use the IP on the guest because it is a mail server and I want my Real IP to be used in mail headers.
Usage of the IP on the host is because I have no any other IP.
TCP Services of the machines are:
- sshd on host at non-standard port;
- sshd on guest
- smtp of guest, POP3/IMAP of guest.
- Outgoing SMTP, HTTP, FTP requests must be enabled from guest.
Ports 22,25,53,110 will be just forwarded from host to guest using iptables. If it is possible I would also forward guest's DNS server into realIP.
How should I configure KVM network and libvirt to achieve same IP usage in guest and in host?
Ugh... this is so NOT the suggested way of doing things, but what should work would be:
It's convoluted and ugly, but will probably work. This way the real IP can show up in, for example, mail headers and the guest will think that it's the owner of the real IP.
IN order to achieve this:
This is the only was I can think of achieving what you want, you can not have 2 machines physical or virtual sharing the same IP address.
Instead of configuring the host with the real IP and guest with a private IP, you can do vice versa: Configure the guest with the real IP (because it runs the services) and set up a private network between the host and the guest. The host does not need to have a (real) IP address bound to the bridge interface which connects the real network interface to the guest. To access the host you need to first go through the guest.
The good thing about this solution is that you do not need NAT and thus your guest can run any protocols without problems and without configuring NAT rules in the host. Another thing is that your host will be more secure because it will not be accessible directly from the internet.
The downside is that if your guest does not work you can not use it to connect to the host to troubleshoot the problem. This may be a problem if you do not have other way to access the machine if it is at a hosting provider for example. Using IP-KVM to access the host in emergencies might be a solution for remote access in this case.
Do you need the host on an IP address for management purposes only?
You could consider something like this setup:
Depending on your virtualization platform, this may involve different amounts of work. I've done something similiar to this to firewall an ESXi host exposed to a public IP, when I did not have access to a hardware firewall (placing a VM on the public IP, ESXi host is only accessible through vswitch network).
VERY IMPORTANT - With this setup, you would need to connect through the BSD VM in order to perform remote maintenance on the host itself. If the host had issues and you lost connectivity, you would require KVM access in order to resolve. Also not a pretty solution.
[EDIT] I just realized snap had posted this same answer above me - woops, I didn't read through all the posts before replying... I'll +1 his post.