WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-users

Re: [Xen-users] Xen 3.0, setting up a virtual network with NAT

To: Patrick Wolfe <pwolfe@xxxxxxxxxxxxxx>
Subject: Re: [Xen-users] Xen 3.0, setting up a virtual network with NAT
From: Richard Jones <rich@xxxxxxxxxxx>
Date: Sat, 4 Feb 2006 14:08:41 +0000
Cc: xen-users@xxxxxxxxxxxxxxxxxxx
Delivery-date: Sat, 04 Feb 2006 13:51:16 +0000
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <1138989492.11440.29.camel@xxxxxxxxxxxxxxxxxxxxx>
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
References: <20060203163147.GA6549@xxxxxxxxxxxxxxxxxxx> <1138989492.11440.29.camel@xxxxxxxxxxxxxxxxxxxxx>
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: Mutt/1.5.9i
On Fri, Feb 03, 2006 at 12:58:12PM -0500, Patrick Wolfe wrote:
> On Fri, 2006-02-03 at 16:31 +0000, Richard Jones wrote:
> > I've got a network set up as in the diagram below:
> > 
> >    domU               domU
> >    fake eth0          fake eth0
> >    192.168.99.2       192.168.99.3
> >        |                   |
> >        +-----------+-------+
> >                    |
> >                192.168.99.1
> >                dummy0
> >                 * dom0 *
> >                real eth0
> >                public IP address
> 
> Instead of using dummy0, why not try using veth1 and vif0.1?
[...]

I followed your instructions, and I'm still at the point where I can't
get NAT working.  (BTW, hwaddr is absolutely essential - the bridge
doesn't work otherwise).

I can ping 192.168.99.2 -> 192.168.99.1 and 192.168.99.1 -> 192.168.99.2
(ie. dom0 <-> domU).

I can ping domU <-> domU.

I've added the NAT rule on dom0:

  iptables --table nat --append POSTROUTING -o eth0 -j MASQUERADE

However when I try to connect out of the virtual network, NAT still
isn't working.  In the example below, I'm trying to telnet out to port
80 on a public address from one of the domUs.

  dom0# tcpdump -i eth0 tcp port 80
  tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
  listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
  13:36:31.805346 IP 192.168.99.3.2093 > 80.68.91.176.www: S 
511867828:511867828(0) win 5840 <mss 1460,sackOK,timestamp 4294963735 
0,nop,wscale 2>

Note that the source address is wrong (192.168.99.3 - it should have
been rewritten by NAT).

So NAT is still somehow being avoided ... Help!

Rich.

These are the interfaces on dom0:

# /sbin/ifconfig
br1       Link encap:Ethernet  HWaddr FE:FF:FF:FF:FF:FF
          inet6 addr: fe80::fcff:ffff:feff:ffff/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:10 errors:0 dropped:0 overruns:0 frame:0
          TX packets:6 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:496 (496.0 b)  TX bytes:468 (468.0 b)

eth0      Link encap:Ethernet  HWaddr 00:30:48:56:62:72
          inet addr:10.0.0.2  Bcast:10.0.0.255  Mask:255.255.255.0
          inet6 addr: fe80::230:48ff:fe56:6272/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:1263 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1094 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:128432 (125.4 KiB)  TX bytes:162172 (158.3 KiB)
          Interrupt:17

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:8 errors:0 dropped:0 overruns:0 frame:0
          TX packets:8 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:560 (560.0 b)  TX bytes:560 (560.0 b)

veth1     Link encap:Ethernet  HWaddr 00:16:3E:B0:99:01
          inet addr:192.168.99.1  Bcast:192.168.99.255  Mask:255.255.255.0
          inet6 addr: fe80::216:3eff:feb0:9901/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:131 errors:0 dropped:0 overruns:0 frame:0
          TX packets:28 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:9774 (9.5 KiB)  TX bytes:1728 (1.6 KiB)

vif0.1    Link encap:Ethernet  HWaddr FE:FF:FF:FF:FF:FF
          inet6 addr: fe80::fcff:ffff:feff:ffff/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:28 errors:0 dropped:0 overruns:0 frame:0
          TX packets:131 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:1728 (1.6 KiB)  TX bytes:9774 (9.5 KiB)

vif1.0    Link encap:Ethernet  HWaddr FE:FF:FF:FF:FF:FF
          inet6 addr: fe80::fcff:ffff:feff:ffff/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:79 errors:0 dropped:0 overruns:0 frame:0
          TX packets:38 errors:0 dropped:9 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:6134 (5.9 KiB)  TX bytes:2534 (2.4 KiB)

vif2.0    Link encap:Ethernet  HWaddr FE:FF:FF:FF:FF:FF
          inet6 addr: fe80::fcff:ffff:feff:ffff/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:51 errors:0 dropped:0 overruns:0 frame:0
          TX packets:14 errors:0 dropped:4 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:3614 (3.5 KiB)  TX bytes:888 (888.0 b)

This is the bridge:

# brctl show
bridge name     bridge id               STP enabled     interfaces
br1             8000.feffffffffff       no              vif0.1
                                                        vif1.0
                                                        vif2.0

This is the routing table:

# netstat -rn
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
10.0.0.0        0.0.0.0         255.255.255.0   U         0 0          0 eth0
192.168.99.0    0.0.0.0         255.255.255.0   U         0 0          0 veth1
0.0.0.0         10.0.0.25       0.0.0.0         UG        0 0          0 eth0


-- 
Richard Jones, CTO Merjis Ltd.
Merjis - web marketing and technology - http://merjis.com
Team Notepad - intranets and extranets for business - http://team-notepad.com

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users