:: Re: [DNG] Can't ping outside of my …
Góra strony
Delete this message
Reply to this message
Autor: Mario Marietto
Data:  
Dla: Mario Marietto via Dng
Temat: Re: [DNG] Can't ping outside of my network after having configured a tun tap device
As long as I don't have any routing rules in my home network (static or
done by routing protocols such as OSPF or RIP), my KVM server will be the
only host in my network that knows how to reach 192.168.20.0/24 (because it
has 192.168.20.1 itself). That means, my VMs will not be able to reach any
other network. The simplest approach to get this to work is to do NAT for
*outgoing* traffic. Now this kind of NAT is an SNAT, not a DNAT. While
classic SNAT is a one-to-one-mapping, MASQUERADE simply means "replace
every source IP with the IP on the outgoing interface".

On Fri, Oct 6, 2023 at 8:51 AM Mario Marietto <marietto2008@???>
wrote:

> Thanks.
>
> so,maybe this is the solution :
>
> # iptables -t nat -A POSTROUTING -o mlan0 -j DNAT
> # ip tuntap add tap0 mode tap
> # ip link set dev tap0 up
> # ifconfig tap0 192.168.99.1/24
> # echo 1 > /proc/sys/net/ipv4/ip_forward
>
>
> iptables v1.8.9 (nf_tables): DNAT: option "--to-destination" must be
> specified
>
> What could be the destination ? thanks.
>
> On Fri, Oct 6, 2023 at 1:44 AM Gregory Nowak <greg@???> wrote:
>
>> On Thu, Oct 05, 2023 at 02:20:47PM +0200, Mario Marietto via Dng wrote:
>> > I'm trying to set up a bridge on Linux Devuan 5 (host os) with the
>> > goal to give the connectivity to FreeBSD 13.2,that I have virtualized
>> > with qemu-kvm-libvirt.
>>
>> If you're trying to setup a bridge, then you're going about it the
>> wrong way.. You'd set that up in /etc/network/interfaces, or in a file
>> under /etc/network/interfaces.d where you bridge your mlan0 to your
>> tap0. This is more involved when using wifi, but it can be done. See
>> man interfaces, the bridge-utils package, and the wpasupplicant
>> package. You mentioned
>> you're using network manager. If so, then you will probably want to
>> dump network manager if you go this route.
>>
>> > on Devuan I did :
>> >
>> > # iptables -t nat -A POSTROUTING -o mlan0 -j MASQUERADE
>>
>> If you want to keep going the way you are, then I think you want the
>> DNAT target, not MASQUERADE.
>>
>> Greg
>>
>>
>> --
>> web site: http://www.gregn.net
>> gpg public key: http://www.gregn.net/pubkey.asc
>> skype: gregn1
>> (authorization required, add me to your contacts list first)
>> If we haven't been in touch before, e-mail me before adding me to your
>> contacts.
>>
>> --
>> Free domains: http://www.eu.org/ or mail dns-manager@???
>>
>
>
> --
> Mario.
>



--
Mario.