Routing KVM Host through guest

Networking
1

So I have finally exhausted myself trying to figure out how to do this. I have a KVM Dom0 with no physical NICs and a DomU with two intel NICs and a virtualNic assigned to it. This is my pfsense router, and one port is my WAN, the other is my hardware LAN, and third should be my communication line to my other VMs/Host.

Its looks like this. 

WAN --- igb1 <-> pfsense guest | <-> vtnet0 -- Virtual network for HOST / other guests
                               | <-> igb0 --- Hardware Lan

The intention was to make the pfsense guest the primary interface to the internet. So I could leverage the bsd kernels security. I have other guests that provide services like NFS. I would really like to keep all my stuff in one pc, as I am in a tiny apartment and dont have much space. In the past, I just used the host as the router, but I got really tired/ really quick of manually editing ip tables.

Hopefully someone, like @wendell, can help me out here. I've been messing with it not stop for the whole last weekend, and am about to admit defeat. Please tell me if there is any commands, you'd like me to run. I'll add them as posts, and as edits.

Right now I have functional connection through igb0 but I dont know how to assign vtnet0 to allow the dom0 to use it for internet access, and how to use it to allow other guest to have internet access. How should I structure this network? What should be the gateway, how should dom0 route data through it. etc.

Edit 1: Lol, forgot to ask a question.

1 Like
2

OKAY. So I finally got it working tonight after work. But I do not have internet access on devices connected to the opt0/vtnet0 However I can ping all the devices and have internet on the LAN/igb0 network. I have the DHCP servers configured and working on both interfaces and the routeing setup. The DHCP appears to work given the pings work. However, I still can't ssh into any device other than the pfSense box. When I try to ssh between devices, with their firewalls disabled, I get a connection refused message.

Summary:
I dont know who to enable communication between devices in pfsense, someone please help :frowning:

I'll post some pictures of my setup thus far for reference.
[https://imgur.com/a/dOiej]https://imgur.com/a/dOiej)

3

I found my problem. The VirtualNetwork defined by libvirt, was applying a dnsmasq layer to it. So I am trying to set the virtual network I define to be mode open, as described on their website. https://libvirt.org/formatnetwork.html Which isnt working... grrrrrr....

<forward mode='open'/>