Baremetal has a single vlan trunk connected.
vlan2 untagged for ISP unlink. DHCP for both IPv4 & IPv6
vlan7 tagged for downstream clients.
When running as baremetal, ipmGW (Fedora32 server) as IP Masquerade gateway for clients just workds.
Baremetal IP masquerade just worked
Baremetal ipmGW:
- enp1s0 - untagged vlan2. DHCP for IPv4 & IPv6.
- enp1s0.7 - tagged vlan7. Static IP 192.168.7.254/24. No GW/DNS/Route
- Assign enp1s0 to “external” zone
- Assign enp1s0.7 to “trusted” zone
- Add cockpit service to “extenal” zone
Client:
- enp1s0 - untagged vlan7
- manually assign 192.168.7.128/24. GW: 192.168.7.254. DNS:8.8.8.8
Next, I moved this setup into a libvirt guest, by disk-passthough
(Yes, it boots.)
Now the question is: how should I setup the network in the Host such that:
- now virtual ipmGW keep getting public IP from vlan2, and serves vlan7 clients (real or virtual) [host must not connecting to vlan2, due to ISP concurrent mac address restrictions.]
- allow Host connect to
- vlan1 (IPv4 NAT via OpenWRT router)
- vlan6 (Real IPv6-PD IPs, via OpenWRT router)
Optional:
- allow more virtual guests access to vlan1 and/or vlan6
In below setup I tried, only Ping worked for vlan7 clients. ssh, curl, dns query all failed.
This setup failed
- use libvirt macvtap, assign the whole enp1s0 to ipmGW (it can get IPs. Direct access to Internet OK.)
- using systemd-networkd, create br1, br6, br7
- then in virt-manager, direct connect to br7
- baremetal client in vlan7 has same result
Result: guest can ping by IP to 8.8.8.8. To OpenWRT. Actual use all failed:
- ssh access to OpenWRT by IP
- dns query host -t A www.google.com 8.8.8.8
- curl (by IP, by name with entries in /etc/hosts)