|
|
|
|
|
|
|
|
|
|
xen-users
[Xen-users] bridge and masquerade
Hi all,
I'm crazing with nat! My environment:
xen debian etch amd64 (default deb kernel, so xen 3.0.3).
eth0 192.168.1.240/24 gw 192.168.1.254
eth1 10.0.0.1/8
network if bridged and only the eth0/1 has a valid address (so all
except eth0/1 has "inet addr"):
srv-xen:~# ifconfig | grep HWadd
eth0 Link encap:Ethernet HWaddr 00:15:17:18:5D:AC
eth1 Link encap:Ethernet HWaddr 00:15:17:18:5D:AD
peth0 Link encap:Ethernet HWaddr FE:FF:FF:FF:FF:FF
peth1 Link encap:Ethernet HWaddr FE:FF:FF:FF:FF:FF
vif0.0 Link encap:Ethernet HWaddr FE:FF:FF:FF:FF:FF
vif0.1 Link encap:Ethernet HWaddr FE:FF:FF:FF:FF:FF
vif1.0 Link encap:Ethernet HWaddr FE:FF:FF:FF:FF:FF
vif2.0 Link encap:Ethernet HWaddr FE:FF:FF:FF:FF:FF
vif2.1 Link encap:Ethernet HWaddr FE:FF:FF:FF:FF:FF
xenbr0 Link encap:Ethernet HWaddr FE:FF:FF:FF:FF:FF
xenbr1 Link encap:Ethernet HWaddr FE:FF:FF:FF:FF:FF
on eth1 I have a pc with 10.0.19.254 (that have gw 10.0.0.1) that try to
connect to 66.249.93.104 (google.it), but on the xen machine logs I see
"martian source" :(. I try all the configurations found on the net, but
none work!.
My iptables:
$IP -t nat -A PREROUTING -j LOG --log-prefix "$PREFIX MASQ-PRE- "
$IP -t nat -A POSTROUTING -j LOG --log-prefix "$PREFIX MASQ-POST- "
$IP -t nat -A POSTROUTING -s 10.0.0.0/8 -m physdev --physdev-in peth1 -j
MASQUERADE
Log:
Jun 3 12:48:12 srv-xen kernel: Firewall MASQ-PRE- IN=xenbr1 OUT=
PHYSIN=peth1 MAC=00:15:17:18:5d:ad:00:0f:b0:df:f9:82:08:00
SRC=10.0.19.254 DST=66.249.93.104 LEN=60 TOS=0x10 PREC=0x00 TTL=64
ID=52054 DF PROTO=TCP SPT=58536 DPT=80 WINDOW=5840 RES=0x00 SYN URGP=0
Jun 3 12:48:12 srv-xen kernel: Firewall DROPPRE- IN=xenbr1 OUT=
PHYSIN=peth1 MAC=00:15:17:18:5d:ad:00:0f:b0:df:f9:82:08:00
SRC=10.0.19.254 DST=66.249.93.104 LEN=60 TOS=0x10 PREC=0x00 TTL=64
ID=52054 DF PROTO=TCP SPT=58536 DPT=80 WINDOW=5840 RES=0x00 SYN URGP=0
Jun 3 12:48:12 srv-xen kernel: Firewall MASQ-POST- IN= OUT=xenbr1
PHYSIN=peth1 PHYSOUT=vif0.1 SRC=10.0.19.254 DST=66.249.93.104 LEN=60
TOS=0x10 PREC=0x00 TTL=64 ID=52054 DF PROTO=TCP SPT=58536 DPT=80
WINDOW=5840 RES=0x00 SYN URGP=0
Jun 3 12:48:12 srv-xen kernel: Firewall MASQ-PRE- IN=eth1 OUT=
MAC=00:15:17:18:5d:ad:00:0f:b0:df:f9:82:08:00 SRC=192.168.1.240
DST=66.249.93.104 LEN=60 TOS=0x10 PREC=0x00 TTL=64 ID=52054 DF PROTO=TCP
SPT=58536 DPT=80 WINDOW=5840 RES=0x00 SYN URGP=0
Jun 3 12:48:12 srv-xen kernel: Firewall DROPPRE- IN=eth1 OUT=
MAC=00:15:17:18:5d:ad:00:0f:b0:df:f9:82:08:00 SRC=192.168.1.240
DST=66.249.93.104 LEN=60 TOS=0x10 PREC=0x00 TTL=64 ID=52054 DF PROTO=TCP
SPT=58536 DPT=80 WINDOW=5840 RES=0x00 SYN URGP=0
Jun 3 12:48:12 srv-xen kernel: martian source 66.249.93.104 from
192.168.1.240, on dev eth1
Jun 3 12:48:12 srv-xen kernel: ll header:
00:15:17:18:5d:ad:00:0f:b0:df:f9:82:08:00
If I try to DNAT all the come from peth1 (that wants to go outside) to
10.0.0.0 or 192.168.1.240 (my xen addr), the "out" interface are, of
course ,"lo" so xen machine reply!.
If I try to DNAT all the come from peth1 to the "external" gw
(192.168.1.254) I receive: "Performing cross-bridge DNAT requires IP
forwarding to be enabled" (but, of course, I have forwarding enable!)
I don't know how do for solve this... :(
Someone?
Thanks,
Michele
_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users
|
<Prev in Thread] |
Current Thread |
[Next in Thread>
|
- [Xen-users] bridge and masquerade,
Michele Petrazzo - Unipex srl <=
|
|
|
|
|