WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-users

[Xen-users] xen bridge and NAT

To: xen-users@xxxxxxxxxxxxxxxxxxx
Subject: [Xen-users] xen bridge and NAT
From: "Christian Lyra" <lyra@xxxxxxxxxxxxx>
Date: Mon, 12 Nov 2007 23:47:14 -0200
Delivery-date: Mon, 12 Nov 2007 17:48:18 -0800
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:sender:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition:x-google-sender-auth; bh=FbLM7wkYKpdehdr6K9devD7jPjB5lzQV1BkZ2QqKv5M=; b=ImUG5s/eN61zOwdOu4zgZ6M3p/e8Ouz/xpVYEOU0Uf4XWZ9ccLdW1CHCYQYsNVPGYy5KtROIeErzT/n/BKqvFsw6h+CValOy1yVgyZawr4opbOMXJdvyEDzYwlxX9PeXy02BsoUq0FploDPaaSxwfCZ4ZcQxpTtOc6twTzAeMjo=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:sender:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition:x-google-sender-auth; b=ix0V4lFPoRwVbmWd5rHpJkPALZLixldt0Aeq5LJrjuoAb721MlvNnuSiLQfJEaLka2HKVzA/Svr1xgZ6Da7uUhFwE33tbyw/guA2TdMgyh03zBxkP4Ng7IhgXlG5LI6rYEaowS52B6LHQSRaZAaoVr8s028MRxNyZ3DTvztbOUY=
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx
Hi,

I´m trying to setup the following scenario:

<intranet> ------------------->|    xen bridge=intranet |   eth1    |
-------> <internet>
<virtual_machines> ------>|           netdev=eth0      |   <nat>  |

I mean, I have a xen machine with two nics, one connected to a
intranet and the other to the internet. As I want virtual machines and
real intranet machines on the same network I´m using the xen bridge
scripts to create a bridge called "intranet". This work as expected
and virtual machines, real machines and xen can all "see" and ping
each other. But xen is not NATing the packets sent to internet! I can
see the packets coming out unnated.

The relevant configs:

/etc/xen/xend-config.sxp

(network-script 'network-bridge netdev=eth0 bridge=intranet')
(vif-script vif-bridge)

/etc/network/interfaces

auto eth0
iface eth0 inet static
        address 10.0.0.254
        netmask 255.255.255.0

auto eth1
iface eth1 inet static
        address 192.168.0.22
        netmask 255.255.255.0
        gateway 192.168.0.1

/etc/network/nat.sh

#!/bin/sh
iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
echo 1 > /proc/sys/net/ipv4/ip_forward


A tcpdump -n -i eth1 shows packets coming out unnated.  Is this
expected? is there a way to make this work as expected?

-- 
Christian Lyra
PoP-PR/RNP

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users

<Prev in Thread] Current Thread [Next in Thread>
  • [Xen-users] xen bridge and NAT, Christian Lyra <=