WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-users

[Xen-users] Re: Trouble using NAT with multiple bridges

To: xen-users@xxxxxxxxxxxxxxxxxxx
Subject: [Xen-users] Re: Trouble using NAT with multiple bridges
From: Steven Brown <swbrown@xxxxxxxxxxxx>
Date: Mon, 26 Jun 2006 22:46:34 -0700
Delivery-date: Mon, 26 Jun 2006 22:47:15 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
In-reply-to: <e7o93l$43h$1@xxxxxxxxxxxxx>
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
References: <e7o93l$43h$1@xxxxxxxxxxxxx>
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: Thunderbird 1.5.0.4 (X11/20060619)
Steven Brown wrote:
> I've got a network set up with xen where I have a chain of
> dom0<->domU<->domU<->etc. to simulate a multi-hop network path and
> implemented with multiple bridges (one per hop to keep them isolated).
> It works nicely locally, except that now I'm trying to have dom0 do NAT
> for that last hop out to internet and am running into problems (I've
> already fixed the ethtool/tx problem afaik).

I managed to 'solve' this with an ugly hack - since I could get the
first domU working, I have it also doing NAT.  Then, all the packets
further in the chain appear to come from that working domU so the NAT in
dom0 works.

I'd still like to know what it is about NAT and multiple bridges that
causes this problem, though, and how to really solve it (removing the
duplicate NAT).

For reference, the hack:

dom0: iptables -m physdev ! --physdev-is-bridged -t nat -A POSTROUTING
-s 192.168.0.0/16 -j MASQUERADE
first domU: iptables -t nat -A POSTROUTING -s 192.168.0.0/16 -j MASQUERADE


_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users

<Prev in Thread] Current Thread [Next in Thread>