WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-users

[Xen-users] routing domU packet in the outside network

To: xen-users@xxxxxxxxxxxxxxxxxxx
Subject: [Xen-users] routing domU packet in the outside network
From: Hugues Obolonsky <hugues.obolonsky@xxxxxxxxxxxx>
Date: Wed, 04 Apr 2007 04:27:47 +0200
Delivery-date: Tue, 03 Apr 2007 19:27:05 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
Organization: Metanext
Reply-to: hugues.obolonsky@xxxxxxxxxxxx
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx
Hello,
i've read a lot about xen networking,
but there is a lot of confusing stuff.

Anyway, i'm trying to get a simple configuration working, and here is my
setup in 2 words. 

A single eth0 on my laptop
Xen Ubuntu kernel 2.6.19-4-generic from Feisty dist

Dom0 with a eth0 ip address that change every day DHCP or Wireless
but located in the 192.168.1.0/24 network

All DomU are configured with static IP in network 192.168.2.0/24

So i made the following config:

(network-script 'network-bridge bridge=xen-intbr')
(vif-script vif-bridge)

auto xen-intbr
iface xen-intbr inet static
pre-up brctl addbr xen-intbr
post-down brctl delbr xen-intbr
address 192.168.2.1
netmask 255.255.255.0
network 192.168.2.0
broadcast 192.168.2.255
bridge_fd 0
bridge_hello 0
bridge_stp off

For the exemple
On Dom0 eth0 192.168.1.3/24 gw 192.168.1.1 <- my internet gateway
On DomU eth0 192.168.2.100/24 gw 192.168.2.1

Vif interface for domU are attached to the xen-intbr bridge
Vif0.0 & peth0 to the xenbr0 bridge

I'm also adding a iptables nat rules as follow
iptables -t nat -A POSTROUTING -s 192.168.2.0/24 -o eth0 -j MASQUERADE


The strange behavior is the following
from the DomU i can ping on the internet, fine, but i cannot use any
other protocol. domain, http or ssh is not working.

Cannot explain how icmp can work and no tcp/udp proto ?

Here is some trace
------------------------------------------------------------------------
here is the iptables nat log for a working ping on internet
Apr  4 04:04:43 thula kernel: [16132.991047] IN= OUT=eth0 PHYSIN=vif8.0
SRC=192.168.2.100 DST=195.1XX.2XX.166 LEN=84 TOS=0x00 PREC=0x00 TTL=63
ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=43533 SEQ=1 
Apr  4 04:04:43 thula kernel: [16132.991078] IN= OUT=xenbr0
PHYSIN=vif0.0 PHYSOUT=peth0 SRC=192.168.1.3 DST=195.1XX.2XX.166 LEN=84
TOS=0x00 PREC=0x00 TTL=63 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=0 SEQ=1 

Nat log for a non working http attempt 
Apr  4 04:06:21 thula kernel: [16231.258293] IN= OUT=eth0 PHYSIN=vif8.0
SRC=192.168.2.100 DST=91.1XX.89.6 LEN=60 TOS=0x00 PREC=0x00 TTL=63
ID=26793 DF PROTO=TCP SPT=4635 DPT=80 WINDOW=5840 RES=0x00 SYN URGP=0 
Apr  4 04:06:21 thula kernel: [16231.258327] IN= OUT=xenbr0
PHYSIN=vif0.0 PHYSOUT=peth0 SRC=192.168.1.3 DST=91.1XX.89.6 LEN=60
TOS=0x00 PREC=0x00 TTL=63 ID=26793 DF PROTO=TCP SPT=4635 DPT=80
WINDOW=5840 RES=0x00 SYN URGP=0

TCPDUMP from the eth0 on dom0 when testing http from the domU:

04:09:33.797916 IP thula.4639 > forster.canonical.com.www: S
592124:592124(0) win 5840 <mss 1460,sackOK,timestamp 1039865
0,nop,wscale 1>
04:09:33.835704 IP forster.canonical.com.www > thula.4639: S
2685827776:2685827776(0) ack 592125 win 5792 <mss 1460,sackOK,timestamp
1863773122 1039865,nop,wscale 8>
04:09:33.835799 IP thula.4639 > forster.canonical.com.www: . ack 1 win
2920 <nop,nop,timestamp 1039876 1863773122>
04:09:33.836005 IP thula.4639 > forster.canonical.com.www: P 1:752(751)
ack 1 win 2920 <nop,nop,timestamp 1039876 1863773122>
...

got ack 1 but no http session, and non update from canonical in
domU :( ...
-----------------------------------------------------------------------


Cannot figured out my mistake, 
Did anyone get a similar configuration working ?

Best Regards
Hugues



_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users

<Prev in Thread] Current Thread [Next in Thread>