I was writting a python script to query suse manager api to get some data about systems that are bare-metal. So no VM. I installed my spare laptop and wanted to register it against my SUSE Manager installed in a VM on my other laptop that has KVM and hosting all my lab VMs.
The challenge is how to use suse manager that running in a VM on an KVM host manage other systems in physical networks.
SUSE Manager (eth0) is on VM1 and it is using KVM NAT network (virbr0 and vnet1) and should manage host 2 that is reachable via Host1 host network (WLAN).
Host 1 is a KVM hypervisor host running Linux and Host 2 is another linux. Both host 1 and 2 are in same physical network via WLAN and both have wireless network cards.
SUSE Manager VM is currently only using a KVM NAT network interface.
KVM - VM1 on Host1 <------> Host 2
Steps to get the network working:
1. on KVM Host 1 create a new kvm network "new-net1" of type "bridge" with ip subnet e.g. 192.168.100.0/24
2. on KVM Host 1 attach a new network interface of the "new-net1" network to the VM on host 1. Boot up the VM 1. The VM will get a new nic "eth1" if only eth0 is available and assigne a ip to eth1 e.g. 192.168.100.100.
3. on Host 2 that should be managed by SUSE Manager we add an ip route e.g.
ip route add 192.168.100.0/24 via 192.168.2.250
192.168.100.0/24 - is the "new-net1" (virbr2) network on KVM Host 1
192.168.2.250 - is the IP of KVM Host 1 (wlp2s0 - WLAN nic)
4. on KVM Host 1 add one iptable NAT rule to masquerade the source ip.
sudo iptables -t nat -A POSTROUTING -o virbr2 -j MASQUERADE
Why do we need this?
-A POSTROUTING -o virbr2 -j MASQUERADE - means for all packets that arrive on KVM Host 1 but need to go further out via virbr2 to reach 192.168.100.0/24 and 192.168.100.100 which is the IP of SUSE Manager VM the source ip will be changed to the ip of KVM Host 1 (MASQUERADEed)
NOW host 2 is able to reach (ssh, ping, https etc.) the VM1 on Host 1
To verify and see the iptable rules run command:
sudo iptables -t nat -L -v --line-numbers
Chain POSTROUTING (policy ACCEPT 34792 packets, 2412K bytes)
num pkts bytes target prot opt in out source destination
1 32 2311 RETURN all -- any any 192.168.122.0/24 base-address.mcast.net/24
2 0 0 RETURN all -- any any 192.168.122.0/24 255.255.255.255
3 1455 87304 MASQUERADE tcp -- any any 192.168.122.0/24 !192.168.122.0/24 masq ports: 1024-65535
4 13 962 MASQUERADE udp -- any any 192.168.122.0/24 !192.168.122.0/24 masq ports: 1024-65535
5 2 168 MASQUERADE all -- any any 192.168.122.0/24 !192.168.122.0/24
6 300 18141 MASQUERADE all -- any virbr2 anywhere anywhere
If you want to delete the rules run this command with the number of the respective rule.
sudo iptables -t nat -D 6
German - https://www.karlrupp.net/de/computer/nat_tutorial