NATting Multiple Subnets on DD-WRT

Wanted to share an issue that hit my homelab setup the past two weeks. I’ve completed my network setup using my new Cisco SG300-20 L3 switch. My setup is very similar to Vladan’s post where we used the same L3 switch and placed a DD-WRT router (mine’s a Buffalo WZR-HP-G300NH2) in between the Internet router and the Cisco SG300 switch. The reason being my Internet router does not support static routes. So the plan is to use NAT to allow internet access from within the management and VM subnets in the Cisco SG300 switch. My network looks like this:

Cisco SG300-20 L3 switch:

VLAN_10 (Management network):10.10.10.x/24
VLAN_20 (Storage network): 10.10.20.x/24
VLAN_30 (vMotion network): 10.10.30.x/24
VLAN_40 (VM network): 10.10.40.x/24

DD-WRT Router:

WAN_Side (To Internet router): 192.168.11.28/24
LAN_Side: 10.10.10.2/24

I only needed internet access on my  management and VM networks, so I have set up the static routes from within the DD-WRT to allow traffic to route back to the VLAN_interfaces of the Cisco SG300 switch. Initially I have tested with the VM’s inside the management network and internet access worked fine so I thought I’m good already. Then when I started running VM’s inside my VM network, this is when I found out that it can access all other configured networks except the internet.

Now I am very new to DD-WRT and I don’t have prior experience using it but I suspect something is wrong with it and why it only translates my management network. But I can say that persistence always pays off as I searched and searched and try to find out similar issues from within the net and finally found this article at around the 10th page of my Google search. Turns out that by default, DD-WRT only translates traffic from the first network. This is the reason why my management network is working fine. To be able to allow NAT for my VM network, I pasted the command in DD-WRT’s gui to edit the firewall rule as suggested by Patrik’s blog:

iptables -t nat -I POSTROUTING -o `get_wanface` -j SNAT –to `nvram get wan_ipaddr`

ddwrt

This resolved my issue and now all my VM’s are able to access the internet.

Advertisements

Homelab Upgrade

I run my current homelab off of VMware Workstation and it has served me well in the past. I have 2 whiteboxes with 32GB of RAM and everything else is virtual (virtual ESXi, virtual freenas, virtual Vyatta Router). I have used this setup for quite some time now and it has helped me with my VCAP-DCA as well as playing around and testing other VMware products (I have vCloud Director, SRM, VCOps, Log Insight). But in the past months I have noticed slowness as I add more and more VMs and products, particulary NSX.

So I have decided to upgrade my lab and instead of using Workstation, I am now planning to convert my whiteboxes to baremetal ESXi’s. A few items I have added so far:

1. Synology DS412+ NAS – managed to grab a used NAS from a local web forum. I thought of getting a brand new DS415+, but settled for the older model as it is more than enough for my requirements.  This will allow me to fully deploy an ISCSI storage and will also allow me to test RDM’s which is the limiting factor in my current lab.

2. Intel PRO Dual Port NICS – The changes in ESXi 5.5 removed the Realtek drivers which is used by my motherboard’s Onboard NIC. I have tried to inject the Realtek drivers from ESXi5.1 (using ESXi Customizer), but I noticed that the NIC card will get recognized, but no traffic is flowing. This has been reported in the Communities as well so I guess it is a hit and miss (some worked and some has not). Anyways I am adding 2 dual port NICs on each whitebox which gives me enough ports to separate traffic (Management, vMotion, ISCSI Storage)

3. Cisco SG300-20 20 Port Gigabit Managed Switch – I just ordered this switch from Amazon. What got me enticed is that this switch can do static L3 routing on top of L2 functionality such as VLANs.

I am also planning to add another whitebox in the mix for added compute power. Hopefully I can get everything setup early next year so I can continue with what I love to do best.. which is to play around with the coolest products in the virtual world 🙂