I created a virtual NAT network (192.168.100.0/24 network) in my libvirt and new guest with two interfaces - one in this network, one as bridged (10.34.1.0/24 network) to the local LAN. The reason for that is I need to have my own virtual network for my DHCP/TFTP/DNS testing and still want to access my guest externally from my LAN. On both networks I have working DHCP, both giving them IP addresses.
When I setup NAT port forwarding (e.g. for ssh), I can connect to the eth0 (virtual network), everything is fine.
But when I try to access the eth1 via bridged interface, I have no response. I guess I have problem with my routing table - outgoing packets are routed to the virtual NAT network (which has access to the machine I am connecting from - I can ping it). But I am not sure if this setup is correct. I think I need to add something to my routing table.
# ifconfig
eth0 Link encap:Ethernet HWaddr 52:54:00:B4:A7:5F
inet addr:192.168.100.14 Bcast:192.168.100.255 Mask:255.255.255.0
inet6 addr: fe80::5054:ff:feb4:a75f/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:16468 errors:0 dropped:27 overruns:0 frame:0
TX packets:6081 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:22066140 (21.0 MiB) TX bytes:483249 (471.9 KiB)
Interrupt:11 Base address:0x2000
eth1 Link encap:Ethernet HWaddr 52:54:00:DE:16:21
inet addr:10.34.1.111 Bcast:10.34.1.255 Mask:255.255.255.0
inet6 addr: fe80::5054:ff:fede:1621/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:34 errors:0 dropped:0 overruns:0 frame:0
TX packets:189 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:4911 (4.7 KiB) TX bytes:9
# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.100.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
10.34.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
169.254.0.0 0.0.0.0 255.255.0.0 U 1002 0 0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 1003 0 0 eth1
0.0.0.0 192.168.100.1 0.0.0.0 UG 0 0 0 eth0
Network I am trying to connect from is different than network the hypervisor is connected to: 10.36.0.0. But it is accessible from that network. So I tried to add new route rule:
route add -net 10.36.0.0 netmask 255.255.0.0 dev eth1
And it is not working. I thought setting correct interface would be sufficient. What is needed to get my packets coming through?
So the issue was really in the NAT. I changed my default route to be on the second (bridged) interface and it worked. Btw if you really need two default routes, this is possible:
http://kindlund.wordpress.com/2007/11/19/configuring-multiple-default-routes-in-linux/