WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-users

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Xen-users] problem using NAT in dom0 + Xen

from [Carles Pina i Estany] [Permanent Link][Original]
To: xen-users@xxxxxxxxxxxxxxxxxxx
Subject: [Xen-users] problem using NAT in dom0 + Xen
From: Carles Pina i Estany <carles@xxxxxxxx>
Date: Sat, 15 Mar 2008 00:58:46 +0100
Delivery-date: Fri, 14 Mar 2008 16:59:17 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: Mutt/1.5.17 (2007-11-01) 
Hello,

We have a machine (Debian Etch, Xen from Debian repositories, etc.) with
two NICs: one for LAN (192.168.0.0/24) and another one with public IP
address.

After enable Bridging (in /etc/xen/xend-config.sxp):
(network-script 'network-bridge netdev=eth0')
(vif-script vif-bridge)

# eth0 is the LAN NIC

I have eth0, peth0, vif0.1 (I guess that it's usual for you) and this
bridge:
servidor:~# brctl show
bridge name     bridge id               STP enabled     interfaces
xenbr1          8000.feffffffffff       no              vif0.1
                                                        peth0

Then my NAT (to connect to internet from my internal network) stops to
work. In my iptables rules I don't have any reference to eth0 (only to
eth1, but it's not affected by Xen configuration). A simplification of
my rules:
--------
$IPTABLES -F 
$IPTABLES -t nat -F
$IPTABLES -t mangle -F
$IPTABLES -P INPUT ACCEPT 
$IPTABLES -P FORWARD DROP
$IPTABLES -P OUTPUT ACCEPT

$IPTABLES -A FORWARD -s 192.168.0.0/24 -j ACCEPT 
$IPTABLES -A FORWARD -m state --state ESTABLISHED,RELATED \
        -d 192.168.0.0/24 -j ACCEPT 
$IPTABLES -t nat -A POSTROUTING -o eth1 -s 192.168.0.0/24 -j MASQUERADE

echo 1 > /proc/sys/net/ipv4/ip_forward
---------

If I sniff traffic on eth1 (tcpdump -i eth1) I see that IP packets are
sent using the private address! Of course, before enable xen daemon, I
see that this IP packets are sent using my public IP address (-j
MASQUERADE, same effect if I use -j SNAT --to-address my_address)

Any clue? Why is it happening?

I think that I'm having all possible problems using Xen :-)

Thank you!

-- 
Carles Pina i Estany            GPG id: 0x8CBDAE64
        http://pinux.info       Manresa - Barcelona

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
  • [Xen-users] problem using NAT in dom0 + Xen, Carles Pina i Estany <=
Previous by Date:  [Xen-users] File system layout, jonr
Next by Date:  Re: [Xen-users] Save/Restore/Reboot FS Corruption, Mark Williamson
Previous by Thread:  [Xen-users] File system layout, jonr
Next by Thread:  (ATM Card Number(atm822), ATM CARD PAYMENT
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy