WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-users

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Xen-users] network (NAT?) problem

from [Markus Lude] [Permanent Link][Original]
To: xen-users@xxxxxxxxxxxxxxxxxxx
Subject: Re: [Xen-users] network (NAT?) problem
From: Markus Lude <lude@xxxxxxxxxxxxxxxxxxxxxxxxxxx>
Date: Fri, 24 Jun 2005 18:58:16 +0200
Delivery-date: Fri, 24 Jun 2005 16:57:23 +0000
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <42BA86FF.3020606@xxxxxxxxxxxxx>
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
Mail-followup-to: xen-users@xxxxxxxxxxxxxxxxxxx
References: <20050622163343.GA29211@xxxxxxxxxxxxxxxxxxxxxxxxxxx> <42BA86FF.3020606@xxxxxxxxxxxxx>
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: Mutt/1.4.2.1i 
On Thu, Jun 23, 2005 at 10:55:11AM +0100, James Bulpin wrote:
> Markus,
> 
> You say the routing of packets between dom2 and dom0 doesn't work as 
> intended - can you elaborate on this, i.e. where do packets get to, do 
> you see them if you tcpdump eth1 and eth0 in dom1?

Ehm, the routing between dom2 and dom0 _does_ work, but something with NAT
in dom0 seems to go wrong for packets from dom2. I see the traffic between
dom0 and dom2 on the interfaces in dom1.

> Do you have any IP tables rules in dom0 that would affect packets on 
> xen-br1?
> 
> Can you post the following for all domains:
>  - iptables details (both nat and filter tables)
>  - routing tables
>  - ifconfig
>  - cat /proc/sys/net/ipv4/ip_forward

dom2

xsarge2:~# iptables -nvL -t filter
modprobe: QM_MODULES: Function not implemented

modprobe: QM_MODULES: Function not implemented

modprobe: Can't locate module ip_tables
iptables v1.2.11: can't initialize iptables table `filter': iptables who? (do 
you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.

xsarge2:~# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
172.30.1.0      0.0.0.0         255.255.255.0   U     0      0        0 eth0
0.0.0.0         172.30.1.21     0.0.0.0         UG    0      0        0 eth0

xsarge2:~# ifconfig
eth0      Link encap:Ethernet  HWaddr 0A:00:00:00:01:20  
          inet addr:172.30.1.22  Bcast:172.30.255.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:61 errors:0 dropped:0 overruns:0 frame:0
          TX packets:79 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:5866 (5.7 KiB)  TX bytes:6622 (6.4 KiB)

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:22 errors:0 dropped:0 overruns:0 frame:0
          TX packets:22 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:2328 (2.2 KiB)  TX bytes:2328 (2.2 KiB)

xsarge2:~# cat /proc/sys/net/ipv4/ip_forward
1

---------------------------------------
dom1

xsarge1:~# iptables -nvL -t filter
modprobe: QM_MODULES: Function not implemented

modprobe: QM_MODULES: Function not implemented

modprobe: Can't locate module ip_tables
iptables v1.2.11: can't initialize iptables table `filter': iptables who? (do 
you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.

xsarge1:~# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
172.30.1.0      0.0.0.0         255.255.255.0   U     0      0        0 eth0
172.30.0.0      0.0.0.0         255.255.255.0   U     0      0        0 eth1
0.0.0.0         172.30.0.1      0.0.0.0         UG    0      0        0 eth1

xsarge1:~# ifconfig
eth0      Link encap:Ethernet  HWaddr 0A:00:00:00:01:10  
          inet addr:172.30.1.21  Bcast:172.30.255.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:61 errors:0 dropped:0 overruns:0 frame:0
          TX packets:72 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:5866 (5.7 KiB)  TX bytes:6328 (6.1 KiB)

eth1      Link encap:Ethernet  HWaddr 0A:00:00:00:10:11  
          inet addr:172.30.0.21  Bcast:172.30.255.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:17 errors:0 dropped:0 overruns:0 frame:0
          TX packets:22 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:1330 (1.2 KiB)  TX bytes:1820 (1.7 KiB)

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:30 errors:0 dropped:0 overruns:0 frame:0
          TX packets:30 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:2996 (2.9 KiB)  TX bytes:2996 (2.9 KiB)

xsarge1:~# cat /proc/sys/net/ipv4/ip_forward
1

---------------------------------------
dom0: arras

arras:~# iptables -nvL -t filter
Chain INPUT (policy ACCEPT 6004 packets, 450K bytes)
 pkts bytes target     prot opt in     out     source               destination 
        

Chain FORWARD (policy ACCEPT 123 packets, 10332 bytes)
 pkts bytes target     prot opt in     out     source               destination 
        

Chain OUTPUT (policy ACCEPT 5312 packets, 338K bytes)
 pkts bytes target     prot opt in     out     source               destination 
        
arras:~# iptables -nvL -t nat   
Chain PREROUTING (policy ACCEPT 1866 packets, 401K bytes)
 pkts bytes target     prot opt in     out     source               destination 
        

Chain POSTROUTING (policy ACCEPT 82 packets, 6653 bytes)
 pkts bytes target     prot opt in     out     source               destination 
        
    0     0 MASQUERADE  all  --  *      xen-br0  172.30.0.0/16        0.0.0.0/0 
          

Chain OUTPUT (policy ACCEPT 22 packets, 1613 bytes)
 pkts bytes target     prot opt in     out     source               destination 
        
arras:~# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
172.30.1.0      172.30.0.21     255.255.255.0   UG    0      0        0 xen-br10
172.30.0.0      0.0.0.0         255.255.255.0   U     0      0        0 xen-br10
134.2.8.0       0.0.0.0         255.255.248.0   U     0      0        0 xen-br0
0.0.0.0         134.2.15.254    0.0.0.0         UG    0      0        0 xen-br0

arras:~# ifconfig
eth0      Link encap:Ethernet  HWaddr 00:0D:56:83:0C:A9  
          inet addr:134.2.11.153  Bcast:134.2.15.255  Mask:255.255.248.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:49972 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1000 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:4690589 (4.4 MiB)  TX bytes:95473 (93.2 KiB)
          Base address:0xdf40 Memory:feae0000-feb00000 

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:4937 errors:0 dropped:0 overruns:0 frame:0
          TX packets:4937 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:308890 (301.6 KiB)  TX bytes:308890 (301.6 KiB)

vif1.0    Link encap:Ethernet  HWaddr FE:FF:FF:FF:FF:FF  
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:116 errors:0 dropped:0 overruns:0 frame:0
          TX packets:61 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:8176 (7.9 KiB)  TX bytes:5866 (5.7 KiB)

vif1.1    Link encap:Ethernet  HWaddr FE:FF:FF:FF:FF:FF  
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:93 errors:0 dropped:0 overruns:0 frame:0
          TX packets:65 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:8050 (7.8 KiB)  TX bytes:5866 (5.7 KiB)

vif2.0    Link encap:Ethernet  HWaddr FE:FF:FF:FF:FF:FF  
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:105 errors:0 dropped:0 overruns:0 frame:0
          TX packets:61 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:7714 (7.5 KiB)  TX bytes:5866 (5.7 KiB)

xen-br0   Link encap:Ethernet  HWaddr 00:0D:56:83:0C:A9  
          inet addr:134.2.11.153  Bcast:134.2.15.255  Mask:255.255.255.255
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:46551 errors:0 dropped:0 overruns:0 frame:0
          TX packets:989 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:2681480 (2.5 MiB)  TX bytes:89935 (87.8 KiB)

xen-br1   Link encap:Ethernet  HWaddr FE:FF:FF:FF:FF:FF  
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:1 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:28 (28.0 b)  TX bytes:0 (0.0 b)

xen-br10  Link encap:Ethernet  HWaddr FE:FF:FF:FF:FF:FF  
          inet addr:172.30.0.1  Bcast:172.30.255.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:65 errors:0 dropped:0 overruns:0 frame:0
          TX packets:65 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:5964 (5.8 KiB)  TX bytes:5866 (5.7 KiB)

arras:~# cat /proc/sys/net/ipv4/ip_forward
1

> And brctl show for dom0.

arras:~# brctl show
bridge name     bridge id               STP enabled     interfaces
xen-br0         8000.000d56830ca9       no              eth0
xen-br10                8000.feffffffffff       no              vif1.1
xen-br1         8000.feffffffffff       no              vif1.0
                                                        vif2.0

hmm, is it normal, that xen-br1 and xen-br10 have the same bridge id?
If not, any hints were to change them?

> Thanks,
> 
> James

Regards,
Markus
 
> Markus Lude wrote:
> >Hello,
> >
> >my current network setup looks like the following:
> >
> >    dom2-eth0 (172.30.1.22) netmask /24
> >        |
> >        | xen-br1 (no ip)
> >        |
> >    dom1-eth0 (172.30.1.21) netmask /24
> >    dom1-eth1 (172.30.0.21) netmask /24
> >        |
> >        | xen-br10 (172.30.0.1) netmask /24
> >        |
> >      dom0
> >        |
> >        | xen-br0 (normal IP)
> >        |
> >       eth0 (same IP as xen-br0)
> >        |
> >        |
> >       LAN
> >
> >Basically I want to route all traffic between dom0 and dom2 through dom1.
> >This does work as intended.
> >I further would like to have access to the LAN from dom1 and dom2 through
> >NAT in dom0. It works for dom1, but not for dom2. The addresses of packets
> >from dom2 were not changed (noticed with tcpdump -n -i eth0 in dom0).
> >
> >In dom0 NAT is set up with:
> >  iptables -t nat -A POSTROUTING -s 172.30.0.0/16 -o xen-br0 -j MASQUERADE
> >
> >If I leave out the -s parameter nothing changes.
> >
> >I'm running debian sarge in all doms and xen-2.0.6.
> >
> >Any suggestions? What am I missing?
> >
> >Regards,
> >Markus Lude


_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Xen-users] xen, fc4, bridging, iptables and conntrack problem, Paul Jakma
Next by Date:  Re: [Xen-users] Debian Packages for 2.06, Wyatt
Previous by Thread:  Re: [Xen-users] network (NAT?) problem, James Bulpin
Next by Thread:  Re: [Xen-users] network (NAT?) problem, James Bulpin
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy