Hi All thanks for the welcome, SysAdmin here, roughly 4 years under my belt, started as helpdesk in a medium sized factory.
Made my way over from spiceworks on good advice from Scott. Looking forward to getting involved in some discussions, broadening my knowledge and maybe even asking for some help!
Cheers,
Luke
FYI
Added MACADDR to both interfaces and set up configs before installing ovirt engine (again) - management network assigned to correct IF after installing host in web console, all sorted.
Appears to be a Linux RDP gateway, see below:
Hi, wondering if anyone can shed some light on following,
setting up oVirt on a fresh centos7 install, so far i've reached being able to login into the web portal and add my host in. After the initial host install, the status goes from up to non-operational after a couple secs - error on the i icon in the hosts view says no default route.
In network setup, the management network "ovirtmgmt" keeps assigning itself to the next unused, disconnected interface on the pcie nic. Initially i only enabled the motherboard interface, then i enabled a single port on the pcie nic (the one it assigned itself initially), after second install it assigned itself to interface 2 on the nic which is disconnected and disabled.
In web portal I've tried detaching ovirtmgmt and dragging it to the default interface but i lose connection to server when resyncing, also tried this with IF 1 on nic. I started over fresh about 4 times already while playing with the IF config files but no look so far.
I'll post up IF configs later when i'm home, just after any pointers if anyone has come across this before?
cheers.
Configs:
This was the initial result after the first install which is currently where i'm at now.
TYPE=Ethernet
BOOTPROTO=static
DEFROUTE=yes
PEERDNS=yes
PEERROUTES=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_PEERDNS=yes
IPV6_PEERROUTES=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=eno1
UUID=734cb027-edd6-4020-b4e9-d4f993c4b106
DEVICE=eno1
ONBOOT=yes
IPADDR=10.0.0.10
NETMASK=255.255.255.0
GATEWAY=10.0.0.1
DNS1=10.0.0.1
DNS2=8.8.8.8
ZONE=public
# Generated by VDSM version 4.20.17-1.el7.centos
DEVICE=enp9s0f0
BRIDGE=ovirtmgmt
ONBOOT=yes
MTU=1500
DEFROUTE=no
NM_CONTROLLED=no
IPV6INIT=no
# Generated by VDSM version 4.20.17-1.el7.centos
DEVICE=ovirtmgmt
TYPE=Bridge
DELAY=0
STP=off
ONBOOT=yes
MTU=1500
DEFROUTE=no
NM_CONTROLLED=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
DNS1=10.0.0.1
DNS2=8.8.8.8
So i have a hp z420 workstation i want to use as a KVM home lab setup, so far i have everything setup bar storage and networking.
I want to replicate as much as possible what a linux shop would do (without necessarily having the hadware). I have an lsi raid card in there with 4 x 500gb drives in raid 10. This will be used as vm storage, is currently GPT, formatted as EXT4
What storage type should i be using - i've seen people using volume groups for thin provisioning (LVM?), i know ovirt uses nfs.
would it be wise to use nfs, sharing and mounting the shares locally? Basically looking for exposure to as much as possible, i know i could just leave it as is.
@travisdh1 ahhh, i had a feeling that was going to be the answer :persevering_face:. Thanks tho, i'll definitely check this out!
if you're lazy and have 11$ to spare this is really good https://partedmagic.com/
@travisdh1 ahhh, i had a feeling that was going to be the answer :persevering_face:. Thanks tho, i'll definitely check this out!
So to get this to work i needed to use this firewalld line:
firewall-cmd --permanent --direct --passthrough ipv4 -I FORWARD -i eth1 -j ACCEPT
eth1 is the external interface on the vm router.
does this effectively render the firewall pointless though?
@kelly said in Route SSH to internal virtual network via centos7 vm router:
@kelly said in Route SSH to internal virtual network via centos7 vm router:
@voodoorabbit87 said in Route SSH to internal virtual network via centos7 vm router:
@black3dynamite so my config box looks exactly like what i posted in the OP, idk if its the cause of diff ddwrt builds but any extra settings i put in there caused the vpn service to fail to start so i left it minimal as it just worked.
firewall looks like this
iptables -I INPUT 1 -p tcp –dport 443 -j ACCEPT iptables -I FORWARD 1 –source 10.0.1.0/24 -j ACCEPT iptables -I FORWARD -i br0 -o tun0 -j ACCEPT iptables -I FORWARD -i tun0 -o br0 -j ACCEPT iptables -t nat -A POSTROUTING -s 10.0.1.0/24 -j MASQUERADEobvs 443 to bypass work fw.
You don't have an outbound rule. I'm not an iptables guru, but from what I've read it sounds like you need an explicit rule.
Reference: https://unix.stackexchange.com/questions/136190/iptables-rule-to-allow-incoming-ssh-connections.
so i shutdown the firewall on the centos vm router and i was able to connect to the internal server.
definitely need to look into firewalld
@kelly yes i can ssh from the vm router (10.0.10.2) to the server (10.0.10.10), basically same as another machine. i can ssh from my kvm host (10.0.0.10) to the server (10.0.10.10)
@black3dynamite so my config box looks exactly like what i posted in the OP, idk if its the cause of diff ddwrt builds but any extra settings i put in there caused the vpn service to fail to start so i left it minimal as it just worked.
firewall looks like this
iptables -I INPUT 1 -p tcp –dport 443 -j ACCEPT
iptables -I FORWARD 1 –source 10.0.1.0/24 -j ACCEPT
iptables -I FORWARD -i br0 -o tun0 -j ACCEPT
iptables -I FORWARD -i tun0 -o br0 -j ACCEPT
iptables -t nat -A POSTROUTING -s 10.0.1.0/24 -j MASQUERADE
obvs 443 to bypass work fw.
@black3dynamite aye, with certs and the client on my work laptop.
@scottalanmiller the image up top is the physical router which has the vpn service running on it (DDWRT), that's the route table with NAT to 10.0.10.0 via the virtual external nic 10.0.0.20, ipv4 forwarding is enabled, nics have zones assigned (int/ext).
i can ssh to the internal nic on the vm router 10.0.10.2, however i cannot ssh to the server 10.0.10.10 which sits behind this vm router, i just thought a rule needed adding to firewalld to allow ssh traffic through too, as pings already are.
@black3dynamite if that was the case then ping wouldn't work though, no?
trace from 10.0.1.2
Tracing route to 10.0.10.10 over a maximum of 30 hops
1 11 ms 15 ms 30 ms 10.0.1.1
2 16 ms 11 ms 11 ms 10.0.0.20
3 12 ms 12 ms 13 ms 10.0.10.10
Trace complete.
i will try it out now
[edit]
this didn't help.
@scottalanmiller i suppose what i don't understand here is why i can ping 10.0.10.10 from 10.0.1.2, get a reply and vice versa, but why is ssh being blocked?
is there not a cmd i can pass to firewalld to allow ssh?