WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-users

RE: [Xen-users] Lost source IP in DomU

To: xen-users@xxxxxxxxxxxxxxxxxxx
Subject: RE: [Xen-users] Lost source IP in DomU
From: "Ryan Burke" <burke@xxxxxxxxxxxxxxxxx>
Date: Thu, 13 Nov 2008 12:47:06 -0600 (CST)
Delivery-date: Thu, 13 Nov 2008 10:47:43 -0800
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
Importance: Normal
In-reply-to: <BAY107-W4470D0FCA537F855DBE371C5170@xxxxxxx>
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
References: <BAY107-W225B2E12F64E65749776A4C5140@xxxxxxx> <BAY107-W4470D0FCA537F855DBE371C5170@xxxxxxx>
Reply-to: burke@xxxxxxxxxxxxxxxxx
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: SquirrelMail/1.4.13
> Hello,
>
> Sorry for resending this, but I'm desperate. This is such a minor thing, I
> think ... however a show-stopper for me. Anyone have any clue what to do?
> Or even what to search on Google ... or anything remotely related to this
> ... I just need some leads.
>
> I tried traceroute from my home (external network) and it does go properly
> to the gateway and directly to DomU IP (without going to Dom0 IP).
>
> Thanks,
> MSN
>
> From: parampat@xxxxxxxxxxx
> To: xen-users@xxxxxxxxxxxxxxxxxxx
> Date: Wed, 12 Nov 2008 15:30:20 +0000
> Subject: [Xen-users] Lost source IP in DomU
>
>
>
>
>
>
>
>
> Hello,
>
> I got Ubuntu 8.04 64-bit running with Xen as Dom0. I got it running fine
> and I got about 5 DomUs running. Everything is working fine, I can boot
> fine, networking runs smoothly (incoming and outgoing traffic works fine)
> and it's pretty stable too, I think.
>
> I only have 1 problem with it: I lost source IP address of anyone
> connecting to my DomU.
>
> Here's what I got:
> - Linux XXXX.XXXX.XXXX 2.6.24-19-xen #1 SMP Wed Aug 20 21:08:51 UTC 2008
> x86_64 GNU/Linux
> - A physical network card connected to network on Dom0 at eth0 with live
> IP 1.1.1.1
> - A Dummy0 virtual NIC for running local IP 10.1.1.1
>
> Now my problem is, say on DomU, I assigned live IP address 1.1.1.2 then I
> tried to SSH from my home at IP address 2.2.2.2, when I connect, on DomU
> it shows that there's SSH connection from Dom0 IP address (1.1.1.1)
> instead of from my home IP (2.2.2.2).
>
> The same thing for my DomU that serves HTTP. All the log files shows
> connection from my Dom0 IP (1.1.1.1). Worse is my Postfix mail. I've set
> 1.1.1.1/24 as within network and since SMTP connection to any DomU is seen
> as originated from Dom0 IP address (1.1.1.1), it basically renders my
> Postfix to be open relay. (before you jump on me about it ... I've set
> Postfix to not be set as open relay, however since any connection is seen
> as Dom0 IP address, it appears to Postfix that it originated from trusted
> local network. My workaround is to not set any trusted networks for now.
> But that's only like a hack and not the best solution.)
>
> So going back to my original problem ... Can anyone help me configuring
> things out so that DomU will see the original IP address instead of Dom0
> IP address?
>
> If you're wondering why I have Dummy0, it is for my DomU database server.
> I don't want to give it a public IP. So each DomU (other than database
> server) will have 2 virtual network card: 1 that has live IP and another
> one that has local IP 10.1.1.1/24.
>
> Hopefully someone can answer me. I've tried searching Google, etc but I
> just could not find any answers ...
>
> Thanks,
> MSN


It's been a while since I've played with Xen networking... Maybe some of
my questions can jar other people's minds. Are you running iptables in
Dom0? In particualr any kind of NAT or MANGLE rules? Are you bridging or
routing the traffic between DomU's? Can you post a copy of one of your
DomU configs so we can see how you are setting up your networking?

Ryan

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users

<Prev in Thread] Current Thread [Next in Thread>