Setting up Environment
Couple days ago I had to expand my Virtual environment to install more virtual machines and do some more experimentation, so instead of using VMware ESXi, I used Citrix XENServer.
It was a good experience installing xenserver, just a matter of putting in the installation CD and then following steps.
Once I was done installing the xenserver, the first step was to create new virtual servers inside and setup the internal networking.For networking part the obvious choice was Vyatta (VYATTA CORE 6.4).
Here is the setup diagram
|Virtual Server Space - Network Topology|
Setting up ISO Library in XenCenter was really easy. I used the downloaded Vyatta-virtual-64bit ISO anda Ubuntu Server ISO to install both Vyatta - routing and firewall, and a Ubuntu Server- OpenSIPS server.
I assigned two NICs to Vyatta one being bridged to physical interface to interact with the outer world the second interface is connected to a virtual switch created inside the xenserver to communicate with the internal servers.
OpenSIPS server on the other hand is connected only to the virtual switch and uses the Vyatta router as its gateway. I had to configure NAT on the Vyatta router for this to work.
Here's how we do NAT on Vyatta to let the traffic coming from private network successfully reach out to the internet.
GW-Vyatta#set interfaces ethernet eth0 address 172.16.31.101/16 GW-Vyatta#set system gateway-address 172.16.2.50 GW-Vyatta#set system name-server 188.8.131.52 GW-Vyatta#commitVerify that Router can itself reach out to internet.
GW-Vyatta#ping www.google.comStart SSH Service on Vyatta router
GW-Vyatta#set service ssh listen-address 172.16.31.101 GW-Vyatta#commitConfigure the LAN interface on eth1.
GW-Vyatta#set interfaces ethernet eth1 address 192.168.30.1/24 GW-Vyatta#commitSet Masquerade NAT for traffic from LAN to get translated to WAN address.
GW-Vyatta#set nat source rule 5 outbound-interface eth0 GW-Vyatta#set nat source rule 5 source address 192.168.30.0/24 GW-Vyatta#set nat source rule 5 translation address masquerade GW-Vyatta#commit
W-Vyatta#run show nat source statistics
GW-Vyatta#set nat destination rule 5 inbound-interface eth0 GW-Vyatta#set nat destination rule 5 destination port 22303 GW-Vyatta#set nat destination rule 5 translation address 192.168.30.3 GW-Vyatta#set nat destination rule 5 translation port 22 GW-Vyatta#set nat destination rule 5 protocol tcp GW-Vyatta#commit
GW-Vyatta#run show nat destination statistics GW-Vyatta#save GW-Vyatta#exit
That was it and I can access internet from my OpenSIPS server and also SSH into my server from outside the virtual environment. The next thing would be to make this setup work with two-way audio. For that I may need to setup VPN or something IDK.