Firewall/Gateway/Router test network.

[Mylo]

I'm trying to setup a network using virtual box. My hope is to simulate a network for testing reasons.

I have three servers setup on Virtual Box. test1 and test2 are setup as a firewall/gateway. They are setup as a redundant pair so if test1 fails, test2 will pick up. test3 is a single node on one of the subnets.

test1 - OpenBSD

Code: Select all

em0 - 10.10.50.156 - bridged network
em1 - internal network (net10)
em2  - internal network (net10)
vlan0 - 10.10.10.2 interface: em1
vlan1 - 10.10.20.2 interface: em1
vlan2 - 10.10.30.2 interface: em1
carp1 - 10.10.10.1
carp2 - 10.10.20.1
carp3 - 10.10.30.1

test2 - OpenBSD

Code: Select all

em0 - 10.10.50.157 - bridged network
em1 - internal network (net10)
em2 - internal network (net10)
vlan0 - 10.10.10.3 interface: em1
vlan1 - 10.10.20.3 interface: em1
vlan2 - 10.10.30.3 interface: em1
carp1 - 10.10.10.1
carp2 - 10.10.20.1
carp3 - 10.10.30.1

test-node - CentOS 6

Code: Select all

eth0 - internal network (net10), 10.10.10.10, gateway 10.10.10.1

I can ping test1 and test2 from the external 10.10.50.1 network. I can ping test1 and test2 from each other, and each of the vlans.

However, I cannot ping test-node from test1 or test2, nor can I ping test1 and test2 from test-node.

Using tcpdump, I know that test1 hear the pings, but don't respond.

If this is a networking question, I'm in the wrong forum, but I'm worried it's a Virtual Box issue, because it's similar to other setups I have created in other virtualization platforms.

Any idea what I'm doing wrong? or other things I can do to troubleshoot?

thanks.
myles.

[scottgus1]

There's been a few ping-one-way-can't-ping-the-other-way posts lately. I'm no network guru, but this might be your problem? viewtopic.php?f=6&t=73784 Basically it says to try 5.0.6 if you're using 5.0.4.

Only other thing I see is there's carp0, carp1 then carp3 with no carp2? Grasping at straws....

If not, others will have to weigh in.

[Mylo]

That as actually a type-o it's carp1, 2, 3.

It may be easier to describe what I want to do, then come up with a solution using virtual box.

I want three subnets.
10.10.10.x/24
10.10.20.x/24
10.10.30.x/24

I want one server to act as a router/firewall for the subnets.
Let's call it router1
10.0.50.55 / external address
10.10.10.1
10.10.20.1
10.10.30.1

Then all vm's I put in the other subnets can be set to router1 as it's gateway, and all internal and external traffic can go through router1.

What would be the best way to set this up in Virtual Box?

thanks.
myles.

[scottgus1]

I'm not very familiar with the whole subnet thing. You'll have to hope BillG comes along.

Right off it sounds like you'd have the router guest with one virtual network card pointing at the internet using Virtualbox's "NAT" networking, and at least one virtual network card for a Virtualbox "internal" network. Maybe more depending on the following:

The subnet thing I'm a little fuzzy on - if you can have three subnets on one network "cable" so to speak, you may be able to have one "internal" network between the router's other network card and the other guests. Then in the guest OS's configure which subnet each guest would pay attention to.

If you can't have more than one subnet on one "cable" then you'd have separate network cards for each subnet in your router guest (you can have up to 8 virtual NICs in a guest, the GUI access the first 4, the command line is needed to configure 5-8) Each network card would attach to a different internal network - you make a new network by changing its name. Example: change each internal network name that the card attaches from "intent" to "CARP1", "CARP2" and "CARP3". The you'll have three separate named internal networks. Attach each guest to the correct internal network by name.

Again I don't know if one internal network is OK or one for each subnet is required. That's really more a networking question for a different forum. But NAT to the web and internal for the subnets would probably work for you.