NAT-ed VM subnet

[atakacs]

Pretty new to the Synology VMM so apologies if this sounds trivial...

In most VM environments I have worked with there is usually a way to setup a NAT-ed environment where the VM would get a private subnet with a local DHCP server and a router which would bridged with the external IP of the device.

I can't seem to find a way to achieve this. One can either bridge to the physical interface(s) or create a completely private network. How do you route between the two ?

 

[Rusty]

No virtual switch support with VMM. Those options you mentioned, that's it.

 

[fredbert]

Just looked and not 'done'...

In VMM you can create virtual switches that are either external (connected to one or more physical ports) or private. Since a VM can be attached to multiple virtual switches then surely it's possible to run a VM as a router or reverse proxy, if there's no other alternative?

 

[Rusty]

In VMM you can create virtual switches

True but I think OP was referring to the NAT version of vswitch as most hypervisor platforms have. Maybe I misunderstood.

 

[fredbert]

OK. And I've no idea how to access a VM that's solely on a private virtual switch, unless you assign a dedicated 'backdoor' management LAN port.

I think you are right here. Unless you build up the virtual infrastructure there doesn't look to be an off-the-shelf way in VMM. And that'd be in the VM environment itself.

 

[Rusty]

Maybe with a nas with multiple lan adapters. So lan2 can ce configured in a separate subnet and activate dhcp on that interface. Then add that lan interface to the vm as well.

Maybe it will work but I think that vmm will expect a “live” connection from that interface so unless it’s connected on a switch it might not work. That would be an idea but considering it’s not a virtual interface it might not.

 

[atakacs]

Thanks for all the responses. I would have thought / hoped to find a "built in" feature for this but it is clearly not there. As such I will try to setup a router VM, attached both to the LAN and virtual "host only".
If anyone has previous experience with this I'm obviously happy to learn.
As an aside what is the point of having a completely internal network without any (easy) way to bridge it to the external world ? What would be the use case ?

 

[fredbert]

As an aside what is the point of having a completely internal network without any (easy) way to bridge it to the external world ? What would be the use case ?

Well I guess it's the most secure mode and you can build out access as you see fit. But if you already had some way to access it from outside then there is a backdoor already.

You could have VMs that are purely private that provide whatever services and storage. Then add a single VM that mediates management access and also a one or more VMs that are the front-end consuming the private VM services.

The management VM(s) could provide terminal and controlled network access to the back of the front-end VMs and private VMs. It would be a way of splitting management traffic away from the public service interface while concentrating and controlling how access is granted.