Sign in
 
HomeWindows Server 2012Windows Server 2008 R2Windows Server 2003LibraryForums
Windows Server TechCenter >
How do I "bridge" 2 hyper-v vm's (on same host) to 3 different physical nics (on same host)?

Answered How do I "bridge" 2 hyper-v vm's (on same host) to 3 different physical nics (on same host)?

  • Tuesday, February 12, 2013 5:16 AM
     
     
    Sign In to Vote
    0

    Bear with me...I'm not crazy.

    I'm trying to setup an ubuntu ips vm that filters internet traffic before passing it to an astaro vm which then connects to my lan(s).

    I need the ubuntu vm to take traffic from the internet on one virtual nic and after snort inspects the traffic to pass it out the other virtual nic.

    From there an astaro vm will take the traffic and pass it to my lan(s).

    Snort has many more signatures than astaro, and I like the country blocking of astaro.

    I'll try to diagram without vizio below.

    -----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

    UBUNTU VM: eth0 = internet  ---->  eth1 = lan            ---->           ASTARO VM: eth0 = internet     ----> eth1 = lan1   &  ----> eth2 = lan2

    -----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

    ubuntu eth0 is bridged to physical adapter vwan, ubuntu eth1 is bridged to physical adapter vbridge  ---->

    astaro eth0 is bridged to physical adapter vbridge, the rest is irrelevant ...this is where the problem is.

    Packets are not making it to astaro from ubuntu.

    I've tried every combination of bridging and virtual nic pairing I can think of. The only thing that works so far is to connect the astaro eth0 (internet) virtual nic to the physical nic that connects to the internet. This is not acceptable, because the traffic is not filtered by the ubuntu vm.

    I'm not asking for linux help...that part is done. I just need help getting packets from the lan side of ubuntu vm to the internet side of astaro.

    Please help....Thanks

     

All Replies

  • Tuesday, February 12, 2013 6:33 AM
     
     Answered
    Sign In to Vote
    0

      It would help if you used standard Hyper-V naming for what you are doing.

      I assume you have created an external virtual network bridged to each of the physical network adapters in the host. The vms will have a NIC in each of two virtual networks.

      Whether traffic gets from the LAN to the Internet will depend on the IP addressing and/or routing, not on whether you are using physical or virtual networks. A few IP addresses (and a network diagram) would not go astray, as this is essentially a networking question, not a Hyper-V question.     

    Bill

     
  • Tuesday, February 12, 2013 7:15 PM
    Moderator
     
     Answered
    Sign In to Vote
    0

    My thinking is this:

    Outside world -> physical NIC 1 (LAN1) -> External virtual Switch -> Ubuntu VM -> Private virtual Switch -> Astaro VM -> External Virtual Switch -> physical NIC 2 (LAN2) -> Inside world

    Simply assign your IP addresses, and gateway configurations properly in your VMs.  Each would have two virtual NICs.

    And then properly patch your physical NICs and you have physical Isolation.

    Brian Ehlert
    http://ITProctology.blogspot.com
    Learn. Apply. Repeat.
    Disclaimer: Attempting change is of your own free will.