On Thu, Apr 29, 2010 at 02:33, Dan Irwin <rummymobile@xxxxxxxxx> wrote: > When I'm connected via wifi (or wired) this should work fine, as I can > bridge the guest network interface onto the host, and let dhcp take > care of addressing. > > When I VPN in, I'm connected via pptp or ipsec. I can't see the same > bridging/dhcp working on these interfaces as wlan0 or eth0. > > This leaves me with a problem. How can I treat virtual machines the > same regardless of connection method (vpn or ethernet). > > I'd like to know if anyone else has faced this problem, and how they solved it. > > I'm thinking my laptop might have to somehow advertise the existence > of a local non-nat rfc1918 network to my vpn server using ospf or rip. > Seems like a whole lot of overkill, not to mention the potential for > routing shenanigans. > > Failing this I might have to use nat on whatever IP address my laptop > currently has. This raises the question of which interface to nat, > wlan0, eth0, ppp0, ppp1, tun0, etc. > > Last resort would be to assign two interfaces to each vm, and use the > correct interface for the kind of connection, either ethernet or vpn. I can't quite tell from your post, so I apologize if I'm barking up the wrong tree, here, but is there a reason why you can't NAT the guest network traffic through the container OS? I did this a couple of months back, in a similar situation: My guests shared a virtual subnet w/ an RFC 1918 address, and all the outbound traffic was NAT'd to look like the rest of the laptop's traffic. Worked pretty well. You'd need a start/stop script to autodetect the current upstream gateway and add the right IPTables rules, and to tear it down again when you stop it. I called my IPTables script from the main "network" RC script (I wasn't using NetworkManager), but I'm pretty sure you could use NM's scripting hooks to do the same thing. The point is, whenever your networking situation changes, the script gets called to replace the existing NAT settings, if they're not correct, anymore. I would cut-n-paste the script, but I can't remember where I saved a copy. It was pretty simple, though, just a few lines of shell script that called 'ip addr'/'ip route' to get all the gateway info, and parsed it into the FW rules. -Ryan -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines