WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-users

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Xen-users] combination of bridged and routed networking problem

from [DBadmin Rottmann] [Permanent Link][Original]
To: xen-users@xxxxxxxxxxxxxxxxxxx
Subject: Re: [Xen-users] combination of bridged and routed networking problem
From: "DBadmin Rottmann" <dba_db2@xxxxxxx>
Date: Wed, 05 Mar 2008 16:24:42 +0100
Cc: b52@xxxxxxxxx
Delivery-date: Wed, 05 Mar 2008 07:25:38 -0800
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx 
Hi, 

I have placed the following log-targets
to the tables:

  iptables -I OUTPUT -j LOG --log-prefix "OUTPUT: "
  iptables -I FORWARD -j LOG --log-prefix "FORWARD: "
  iptables -t nat -I PREROUTING -j LOG --log-prefix "PREROUTING: "
  iptables -t nat -I POSTROUTING -j LOG --log-prefix "POSTROUTING: "
  iptables -I INPUT -j LOG --log-prefix "INPUT: "

The results below show, that the PREROUTING chain is visited
once by the packet with incoming interface xenbr0. Therefore,
I have placed the DNAT target into the chain as described in
my initial posting. Here, I have placed the DNAT as suggested by
Holger (b52@xxxx).

Chain PREROUTING (policy ACCEPT 2213 packets, 155K bytes)
 pkts bytes target     prot opt in     out     source               destination 
        
   66  4447 LOG        0    --  *      *       0.0.0.0/0            0.0.0.0/0   
        LOG flags 0 level 4 prefix `PREROUTING: ' 
    0     0 DNAT       tcp  --  eth0   *       0.0.0.0/0            10.32.18.38 
        tcp dpt:443 to:192.168.0.2:443 
    0     0 DNAT       tcp  --  eth0   *       0.0.0.0/0            10.32.18.38 
        tcp dpt:222 to:192.168.0.2:22 


(The ssh client has the IP 10.43.2.15 and the server 10.32.18.38.)

Mar  5 15:52:27 tachyon kernel: [718938.533000] PREROUTING: IN=xenbr0 OUT= 
PHYSIN=peth0 MAC=00:1e:0b:70:f6:96:00:0a:f3:e2:d4:0a:08:00 SRC=10.43.2.15 
DST=10.32.18.38 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=43542 DF PROTO=TCP 
SPT=53416 DPT=222 WINDOW=5840 RES=0x00 SYN URGP=0 
Mar  5 15:52:27 tachyon kernel: [718938.533016] FORWARD: IN=xenbr0 OUT=xenbr0 
PHYSIN=peth0 PHYSOUT=vif0.0 SRC=10.43.2.15 DST=10.32.18.38 LEN=60 TOS=0x00 
PREC=0x00 TTL=63 ID=43542 DF PROTO=TCP SPT=53416 DPT=222 WINDOW=5840 RES=0x00 
SYN URGP=0 
Mar  5 15:52:27 tachyon kernel: [718938.533025] POSTROUTING: IN= OUT=xenbr0 
PHYSIN=peth0 PHYSOUT=vif0.0 SRC=10.43.2.15 DST=10.32.18.38 LEN=60 TOS=0x00 
PREC=0x00 TTL=63 ID=43542 DF PROTO=TCP SPT=53416 DPT=222 WINDOW=5840 RES=0x00 
SYN URGP=0 
Mar  5 15:52:27 tachyon kernel: [718938.533048] INPUT: IN=eth0 OUT= 
MAC=00:1e:0b:70:f6:96:00:0a:f3:e2:d4:0a:08:00 SRC=10.43.2.15 DST=10.32.18.38 
LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=43542 DF PROTO=TCP SPT=53416 DPT=222 
WINDOW=5840 RES=0x00 SYN URGP=0 
Mar  5 15:52:27 tachyon kernel: [718938.533075] OUTPUT: IN= OUT=eth0 
SRC=10.32.18.38 DST=10.43.2.15 LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF 
PROTO=TCP SPT=222 DPT=53416 WINDOW=0 RES=0x00 ACK RST URGP=0 
Mar  5 15:52:27 tachyon kernel: [718938.533090] FORWARD: IN=xenbr0 OUT=xenbr0 
PHYSIN=vif0.0 PHYSOUT=peth0 SRC=10.32.18.38 DST=10.43.2.15 LEN=40 TOS=0x00 
PREC=0x00 TTL=64 ID=0 DF PROTO=TCP SPT=222 DPT=53416 WINDOW=0 RES=0x00 ACK RST 
URGP=0 

Best regards,

 Valentin
-- 
Ist Ihr Browser Vista-kompatibel? Jetzt die neuesten 
Browser-Versionen downloaden: http://www.gmx.net/de/go/browser

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Xen-users] Intel VT-d Support, Alexander Piavka
Next by Date:  Re: [Xen-users] DomU boot problem in Xen 3.2 (Important), Dushmant Mohapatra
Previous by Thread:  Re: [Xen-users] combination of bridged and routed networking problem, b52
Next by Thread:  [Xen-users] qemu-dm I/O request not ready, Dariusz Malec
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy