Emil CHERICHES

Emil CHERICHES

Hosting a Virtual Machine With a Public IP (proxy_arp)

September 5, 2014 Emil C
No Comments

I run this website on a physical server that i rent. Recently I wanted to run on the same server a virtual machine, with a different OS, with a public IP address(I use KVM for that, as there’s nothing to really change on the physical server’s OS and performance-wise it’s more than OK). The way my server provider gives me the second IP is as a “failover IP”, meaning that they just route me an IP thru the one the server already has, just one IP a different class so you have to run it on a /32 mask.

The problem is that my provider’s routers accepts traffic from and to my server only using the physical MAC address that my server already has, so if I want o put the server interface in a bridge and just add the VM’s interface into that bridge and set the IP on the VM it will try to communicate with the provider’s routers with the virtual MAC, so no way this is going to work.

As previously written on the Facebook page the solution is to use proxy_arp, but there are some differences to the link I gave there.

So, for the VM we set a bridge. To do that we need to have bridge-utils package installed (yum install bridge-utils) and set-up the br0 bridge. There’s no need to set an IP address on the bridge as we only need to set a static route on it.

/etc/sysconfig/network-scripts/ifcfg-br0 would look like this:

DEVICE=br0
TYPE=Bridge
ONBOOT=yes
BOOTPROTO=none
NM_CONTROLLED=no
DELAY=0

Then we create the file /etc/sysconfig/network-scripts/route-br0 with the contents:

VM_IP dev br0

VM_IP is the actual ip the provider gave you.

To start the bridge we just need to type in the shell:

ifup br0

To check the static route is well set we type:

ip route show dev br0

Then we edit /etc/sysctl.conf and take care that net.ipv4.ip_forward is set to 1, and add a line:

net.ipv4.conf.br0.proxy_arp = 1

Then we make these settings active by running in shell the command:

 sysctl -p

The next step is to prepare the virtual network for libvirt. We create a file called net-br0.xml with the following contents

<network connections='1'>
  <name>br0</name>
  <forward mode='bridge'/>
  <bridge name='br0' />
</network>

Then we import this file and make the virtual network active and available on start up by running these shell commands:

virsh net-define net-br0.xml
virsh net-start br0
virsh net-autostart br0

The next step is to install the virtual machine, set it to use br0 virtual network and use the VM_IP with 255.255.255.255 as netmask and your physical server’s IP address as gateway. I use the virt-manager utility to do that.

linux CentOSKVMProxy_ARP
Previous Post

follow the logs

Next Post

Dedicated Mail Server Hosting Multiple Domains - Step 1 - Distro Install and Prepare

Leave a Reply Cancel reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Recent Posts
  • Flash Tasmota on the Sonoff Mini – Linux user experience
  • DokuWiki a simple solution to sorting documentation
  • I discovered Wireguard
  • Using Let’s Encrypt with CentOS (for now)
  • Let’s Encrypt is Trusted
Categories
  • from the web
  • just blog
  • linux
    • Mail Server Series
  • News
  • phones
  • Phones & Tablets
  • programing
  • security
  • Smart Home
  • Tips & Tricks
  • Uncategorized
  • Web development
  • Windows
Blogroll
  • cheriches.fr
Subscribe by Email
Recent Posts
  • Flash Tasmota on the Sonoff Mini – Linux user experience
  • DokuWiki a simple solution to sorting documentation
  • I discovered Wireguard
  • Using Let’s Encrypt with CentOS (for now)
  • Let’s Encrypt is Trusted
Categories
  • from the web (3)
  • just blog (1)
  • linux (23)
    • Mail Server Series (7)
  • News (1)
  • phones (1)
  • Phones & Tablets (2)
  • programing (1)
  • security (2)
  • Smart Home (1)
  • Tips & Tricks (15)
  • Uncategorized (3)
  • Web development (1)
  • Windows (1)
Blogroll
  • cheriches.fr
Tags cloud
adb ADS aircrack-ng Android Apache apt-get CentOS Chrome ClamAV Cluster CSS Debconf debian DKIM Dovecot EasyRSA EPEL Firefox Firewall GNOME High Availability iptables KVM linux MariaDB Milter MySQL Nginx php Postfix Postfix Admin Proxy_ARP Python release Roundcube Samba SELinux Sonoff SpamAssassin ssh Tasmota ubuntu VRRP windows Youtube
Recent Comments
  • Frank on Dedicated Mail Server Hosting Multiple Domains – Step 3 – Postfix and Dovecot
  • Andrew Schott on Dedicated Mail Server Hosting Multiple Domains – Step 3 – Postfix and Dovecot
  • Emil C on Dedicated Mail Server Hosting Multiple Domains – Step 3 – Postfix and Dovecot
  • Andrew Schott on Dedicated Mail Server Hosting Multiple Domains – Step 3 – Postfix and Dovecot
  • Emil C on Dedicated Mail Server Hosting Multiple Domains – Step 3 – Postfix and Dovecot
Proudly powered by WordPress | Theme: Fmi by Forrss.
Manage Cookie Consent
We use cookies to optimize our website and our service.
Functional cookies Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
Manage options Manage services Manage vendors Read more about these purposes
View preferences
{title} {title} {title}