In the linux bridge br100 of 1 linux host, vnet0 is the interface connecting 1 internal linux VM.
br100 is 1 linux bridge, which has 3 IP addresses:
10.11.13.1/24 is the GW of linux VM (the VM has internal address 10.11.13.2/24 in VM)
192.168.57.102/24 is the bridge local address connecting to remote port 192.168.57.1/24 via physical interface eth1.
192.168.57.225/32 is the external IP address of VM internal address 10.11.13.2/24, which is realized by floating IP of openstack.
The printout is as below: (only essential info is shown)
# ip addr 2: eth0: 10.0.1.15/24 3: eth1: 5: br100: inet 10.11.13.1/24 brd 10.11.13.255 scope global br100 inet 192.168.57.102/24 brd 192.168.57.255 scope global br100 inet 192.168.57.225/32 scope global br100 6: vnet0: 7: virbr0: # brctl show bridge name bridge id STP enabled interfaces br100 8000.0800270c1456 no eth1 vnet0 virbr0 8000.000000000000 yes
Now only outgoing packets via eth0 can connect to the internet.
By using what method can I make packets with public address destination sent from linux VM to be sent via eth1 interface rather than eth0 interface,considering that the bridge br100 connects to physical interface eth1? Now the packet doesn’t go out of eth1 , nor eth0 even if the default route is via eth0.
Note the default route is via eth0, but the thing is NOT about route, it’s about how to forward the outgoing packets from eth1 to eth0 since the bridge doesn’t connect to eth0.
Is iptables or policy routing feasible to realize it?
You must configure NAT on iptables.
# iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE # iptables -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT # iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT
If it works, you must set those rules persistent, because after reboot it will be erased. If not, you must customize NAT rules to meet your requirements.