Adding an isolated network to my home lab

Posted on 22 March 2016 by Chris

Last week I set up a Satellite server in my home lab so I could test out deploying systems via kickstart. I wanted to kickstart the VM’s using DCHP and PXE but I didnt want the DHCP server running on my single flat internal network (I know, I know I just haven’t had time to implement a couple more networks). I decided I’d set up a new isolated virtual network that I could use as my “deploy” network. My current network uses the 192.168.1.x so I decided I’d use a 192.168.100.x range. I created a new network on my hypervisor using VLAN ID 100, which is only only configured as a tagged VLAN on my lab switch. This ensures any traffic on the new virtual network can’t be seen by any of my existing traffic.
The next issue I had was, how could I route the traffic from the new 192.168.100.x network to the rest of my internal network and the Internet. Linux to the rescue. There are piles of router and security distros out there to accomplish this but I wanted something stock and simple. I decided to go with a minimal CentOS 6.x install. Red Hat or Fedora would also work for these instructions.
First thing we need to do is set up the interfaces on the VM. I have the NIC’s configured as follows:
eth0 – 102.168.1.136
eth1 – 192.168.100.1

router

Once the network interfaces are set up, all that needs to be done is enable routing on the VM. As root

add the following line to /etc/sysctl.conf:
net.ipv4.conf.default.forwarding=1

Then enable masquerading in iptables:
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

Save the iptables config:
service iptables save

You can now restart networking and iptables to make sure everything works:
service network restart && service iptables restart

That should be it. You now can configre any client on your deploy network to use 192.168.100.1 as a gateway. The clients will use the new Linux router to get to the 192.168.1.x network and the internet from there. Enabling DHCP on my Satellite server interface on the 192.168.100.x network will also not impact anything on my 192.168.1.x network.

This blog post is my own and is not endorsed or supported by my employer, Red Hat.

This entry was posted in Home Lab, Linux, Sysadmin, Vurtualization. Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.