 Home |
Products |
Support |
Community |
News |
xen-users
[Xen-users] masquarading traffic from domU
| To: | xen-users@xxxxxxxxxxxxxxxxxxx |
|---|---|
| Subject: | [Xen-users] masquarading traffic from domU |
| From: | "Christian Hobelsberger" <hobi1972@xxxxxxxxx> |
| Date: | Thu, 9 Mar 2006 21:37:49 +0100 |
| Delivery-date: | Thu, 09 Mar 2006 20:38:52 +0000 |
| Domainkey-signature: | a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:mime-version:content-type; b=nK8oHmKDIfNyzccBV8kFEd6wLfRR+x+uEqvLb7YQLRE2mJqdquySmNFLVLyBedsWynVoKLdgaaU4yjk4ACRV4Tm4NUFv9rEfEI54DV9z3z7S9KJUQ8NsMTuaaoXYHIwu6XatnWtgRux8HkcDrdTH7v1qbqBGGHiV3x8dieDasqU= |
| Envelope-to: | www-data@xxxxxxxxxxxxxxxxxxx |
| List-help: | <mailto:xen-users-request@lists.xensource.com?subject=help> |
| List-id: | Xen user discussion <xen-users.lists.xensource.com> |
| List-post: | <mailto:xen-users@lists.xensource.com> |
| List-subscribe: | <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe> |
| List-unsubscribe: | <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe> |
| Sender: | xen-users-bounces@xxxxxxxxxxxxxxxxxxx |
|
hello, i'm having a firewall / xen-networking problem where i got stuck ... any help would be very appreciated! My dom0 has a openvpn connection to a openvpn-server, which gives access to a 192.168.1.0/24 network. Accessing 192.168.1.0/24 from dom0 works without a problem. In a domU i'd like to access 192.168.1.0/24, too ... therefore i added the IP of dom0 as gateway for packages to this network. If i try to ping any host in the 192.168.1.0/24 network, i get no response - as the hosts see the original IP of the domU (which is 192.168.72.186) and for that IP there is no route back ... so far, so good. If i access a host in the remote network from dom0, the connection can be established - as the remote hosts see the IP which was assigned from openVPN to dom0 - and for these IPs there is a route back. Now i tried to use shorewall, to have all traffic originating in domU, with destination at 192.168.1.0/24, masquararded with the openVPN-IP of dom0. I tried a line like that in /etc/shorewall/masq: tun0:192.168.1.0/24 192.168.72.186/32 But for any reason the traffic is not masquaraded ... the remote hosts still see the original IP fo domU. For fun i tried to use in shorewall/masq xenbr0: 192.168.1.0/24 192.168.72.186/32 In that case a ping from domU to a host in 192.168.1.0/24 does not even arrive - strange enough, a tcpdump on xenbr0 shows the original IP of domU, but on eth0 i see the openVPN IP ... so masquarading occured ... but then the packages seem to vanish, at least they don't reach tun0. Just to mention: The shorewall rules/policies are all to "accept". Logs show no strange messages, all seems to be ok. I assumed this to be a simple task - as the szenario should be almost the same as in a common "eth0 connected to LAN and eth1 to the internet" szenario ... but i don't get it working. What am i missing? What do i need to do, to have may traffic from domU masquaraded ... Thanks for any help! Christian _______________________________________________ Xen-users mailing list Xen-users@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-users |
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| ||
| Previous by Date: | [Xen-users] xen on amd64 or intel, Erik Tews |
|---|---|
| Next by Date: | Re: [Xen-users] xen on amd64 or intel, aschiefer |
| Previous by Thread: | [Xen-users] masquarading traffic from domU, Christian Hobelsberger |
| Next by Thread: | [Xen-users] domU network connection lost after several days, fritz fuchs |
| Indexes: | [Date] [Thread] [Top] [All Lists] |
