Questions about multiple subnet network setup involving some Qemu/Kvm networking

I want to have a setup like this:

Subnet 1

  • Laptop (Arch)
  • Desktop computer (Debian)

  • Music making machine (AVLinux)

  • NAS (Open Media Vault)

Subnet 2

  • HTPC (SteamOS)

  • Windows 8.1 (Virtual machine)

Subnet 3

  • Guests

I currently have:

Network 1

  • Old Netgear router I have flashed DD-wrt on.

  • Every Machine and Guests

Virtual Network (Qemu/KVM)

  • Windows VM

What are the settings, technology etc. I can research that allow me to do this?
I would like to use DHCP. I currently use Static Leases on the machines for Static IPs.

Would it be possible for HTPC to see NAS somehow? The point of Subnet 2 is that Windows VM never sees the other machines, especially NAS.

The Windows vm has a completly different IP adress than the others. The little research I have done sugests that Qemu/KVM makes a virtual router that gives the vm an IP adress and access to internet. It does not see the other computers and the other computers does not see it. What settings should I look at to change so that it can talk to HTPC?

I am quite green on networking and I find it hard to research. Do you know of some basic easy to read guides? I would greatly appreciate some links.

You can use pfsense and a vlan capable switch and setup the appropriate firewall rules and should be good to go.

1 Like

A router connected to each vlan will work well, as long as the vlans are subnetted differently.

Buy this course RIGHT NOW!!! It's normally $200 and they put it on sale every so often, right now it's $10. This is an AMAZING way to learn the fundamentals, the guy knows his stuff and the videos are short, concise, and to the point. Doesn't matter if you are interested in the cert or not, the material is still fabulous, especially the basics that nobody seems to teach in a logical way.

1 Like

Thank you so much!

I bought it and started watching. I have just watched the basics and already I've learned alot. This was perfect for me.

I was hoping I could do this with my dd-wrt router, but thanks for clueing me into "vlan". Now I have something to search for.

I think ddwrt supports vlans. Just not sure ho well it works since i never implemented when i ran ddwrt years ago.

I take a look. An upgrade to my networking gear is in the plans, just a little further down. My used i5 2400 box is doing its duty as a HTPC running SteamOS so I can't spare it for pfsense yet. I really want a cheapish low power 4 ethernet port box and above 200$ is a little much right now.

Check out your ddwrt router settings and look for vlans. Then you can get a vlan capable 5 port or 8 port switch for around 40-50 bucks from netgear and tp-link. We could get you going pretty quickly after that.

If you have any local businesses (or you're in school like I am) talk to their IT department. I'm in Huntsville, AL (Redstone Arsenal and all the space stuff) so we have a lot of DoD folks around, and I've gotten several Dell Optiplex machines from their dumpsters by talking to neighbors and such. pfSense can run really well on old junk hardware.

As far as VLANs go, I would advise against using something like DD-WRT to learn VLANs. If you can, get yourself a managed switch (recommend looking for a fanless gigabit one if you can afford it) on Ebay. You can also buy one new, I got a Linksys one on sale a while back for like $80 and it's been nice.

I would not recommend the TP-Link L2 switches as they make VLANs very awkward and difficult in my experience. I like my Linksys one cause it's simple and reliable, and I also like the SSH menu interface that most HP switches have. Cisco switches I'm sure are nice but they are very expensive and IMO the learning curve is too steep for a newbie, I'm still a little gunshy around Cisco gear and I like to think I'm reasonably educated.

Maybe @Dexter_Kane can weigh in on this? (If you're wondering why I didn't recommend the TP link switches, I have a friend who has the L2 managed switches and the web UI for dealing with VLANs seems very weird to me. All the PVID stuff seems like TP-Link made it unnecessarily complicated, but maybe I'm wrong?)

Edit: This is the Linksys switch I have. Cheap, relatively simple, and I haven't had a stitch of problems out of it. I paid $80 for it and it was worth it, at $65 I'd definitely recommend it. https://www.amazon.com/Linksys-8-Port-Gigabit-Managed-LGS308/dp/B00IXNQ6XQ/ref=sr_1_7?ie=UTF8&qid=1495464864&sr=8-7&keywords=linksys+8+port

Irritatingly different brands seem to have completely different VLAN configuration, even the naming of things is different, it's a total pain. I have the TP-Link jetstream switches and I don't find the VLANs too confusing but I've heard that the cheaper desktop managed switches have terrible VLAN configuration, so it can be hard to know what you're getting.

well i guess my recommendation was on the fact that he does not look like he wants to spend much money so just trying to get his feet wet should be good so he can at least learn something if he is interested at the moment about it.

Openwrt supports VLANs and I'd assume dd-wrt would too. Most switches built in to routers are actually VLAN capable so if you have something like openwrt on there you can set up VLANs on the switch in addition to being able to route and firewall between them. It might be a good budget option just check the compatibility tables before you go buying anything.

My neighbor has these and in 24 and 8 port varieties, and they're fantastic hardware but the software is a little strange.

At 0:29 in this video (pardon my neighbor talking in the background) you can see their interface. Overall it's not bad except for the PVID thing, which seems to be something TP-Link just made up and I don't really understand why.

I imagine the JetStream models are better though.

Yeah it's a bit different, still has that PVID thing but you don't really have to worry about it. Instead you define a VLAN then on a different page you go through and set which ports are members of that vlan and whether they're access, general, trunk etc and if they're tagged or untagged. The PVID thing shows up on a different page for Port configuration but it seems to just sort itself out based on how you configured each vlan.

I have a HP switch as well which is completely different again, it's so annoying when you think you know what you're doing and you get hit by some bizare configuration options.

@kungr check out this video, I think it might help you figure out how to set up your VLANs if you haven't figured it out already.

Everyone is suggesting VLANs but I dont see why you couldnt use subnets here. Maybe I have the terminology mixed up and they are the same thing? its been a minute since my last networking class.

To oversimplify, the subnet mask decides the number of clients you can have in each subnet.

http://www.subnet-calculator.com/

So for a standard class C setup (192.168.XXX.XXX) you normally would use a subnet mask of 255.255.255.0. In this subnet mask the 255s represent the part of the IP that cannot change if you want to communicate with other computers within a given the given subnet. If for instance you have a computer at 192.168.0.100 and you are at 192.168.1.100 you are on a different subnet because the third octet is defined as 255. If you changed the subnet mask to 255.255.0.0 now the two IPs are on the same subnet.

This is just a basic example and you can use the calculator to figure a setup you have in mind.

If you want to set up a way for the HTPC to be able to traverse the subnet to talk to the nas you would need to set up a static route for that client. I have not done this in DD-WRT but heres their info page about the subject. https://www.dd-wrt.com/wiki/index.php/Linking_Subnets_with_Static_Routes

Linking a single client to another client via static route is different than what they describe there but this gives you some syntax of the commands for DD-WRT.

You would need to use subnets either way, and have a router between them to pass the traffic,but you can't run multiple subnets on the same switch without using VLANs. So either you get a VLAN switch or you get separate hardware for each subnet you intend to use.

Thank you all for helpful answers! I have much research to do, but now I have somewhere to start.