with OVS and vxlan, I had make 2 VM communicate to each other, however, both of them is unable to access to internet.To mak VM mounting a OVS bridge to access to internet, iptables SNAT is useful. SNAT can replace IP of VM with IP of physical NIC, when VM send a packet to internet。
in fact, what I do is same with KVM create a VM with NAT network。when you create a VM with NAT network by virt-manager or virsh or something , libvirt will write some iptables rules. It is that the rule on POSTROUTING chain make it work. if you have a host which had created a VM with NAT network, check file /etc/sysconfig/iptables.
1、
```
iptables -t nat -I POSTROUTING -s 10.10.10.0/255.255.255.0 ! -d 10.10.10.0/255.255.255.0 -o eth0 -j MASQUERADE
```
2、
```
iptables -t nat -I POSTROUTING -p udp -s 10.10.10.0/24 ! -d 10.10.10.0/24 -o eth0 -j MASQUERADE --to-ports 1024-65535
```
3、
```
iptables -t nat -I POSTROUTING -p tcp -s 10.10.10.0/24 ! -d 10.10.10.0/24 -o eth0 -j MASQUERADE --to-ports 1024-65535
```
4、
```
iptables -t nat -I POSTROUTING -s 10.10.10.0/24 -d 255.255.255.255/32 -o eth0 -j RETURN
```
5、
```
iptables -t nat -I POSTROUTING -s 10.10.10.0/24 -d 224.0.0.0/24 -o eth0 -j RETURN
```
728
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
