On Fri, 2011-04-22 at 10:04 -0400, ssaleh at nrln.us
wrote:> I have a small public IP block (/29) I'd like to populate with VM's
from a single physical box running CentOS/5. I'd like to get some thoughts
on the best way to setup networking to support this. I'm OK with setting up
the virtual hosts.
>
> Any advice would be appreciated.
>
> TIA...
Hi,
We use a physical bridge adapter to place the Vhosts directly onto the
Physical LAN (we firewall appropriately on the VHosts themselves).
This works fine for us, however as we're really only working in RFC1918
address space on the LAN, YMMV.
The alternative would be to use the Physical host as a firewall/NAT/load
balancer style device and have a setup similar to the following:
pub.lic.ip.range/29
|
|
+-------------------------+
| Physical Host |
| eth0 = 1.2.3.4 |
| eth0:1 = 1.2.3.5 |
| eth0:2 = 1.2.3.6 |
| br0 = 192.168.32.254 |
+-------------------------+
|
|
RFC1918 Address Space
|
|
+-----------------------+
| VHOST1 (192.168.32.4) |
+-----------------------+
+-----------------------+
| VHOST2 (192.168.32.5) |
+-----------------------+
+-----------------------+
| VHOST3 (192.168.32.6) |
+-----------------------+
You could then firewall/NAT/Forward traffic from the pubic /29 to the
private /32 (or whatever you choose!) mapping ip addresses or ports as
you go.
This will require greater configuration of the physical host however it
also enables you to firewall on both the public and private LANS.
HTH,
Matt