[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-users] Xen 3.0, setting up a virtual network with NAT

On Fri, Feb 03, 2006 at 12:58:12PM -0500, Patrick Wolfe wrote:
> On Fri, 2006-02-03 at 16:31 +0000, Richard Jones wrote:
> > I've got a network set up as in the diagram below:
> > 
> >    domU               domU
> >    fake eth0          fake eth0
> >    192.168.99.2       192.168.99.3
> >        |                   |
> >        +-----------+-------+
> >                    |
> >                192.168.99.1
> >                dummy0
> >                 * dom0 *
> >                real eth0
> >                public IP address
> 
> Instead of using dummy0, why not try using veth1 and vif0.1?
[...]

I followed your instructions, and I'm still at the point where I can't
get NAT working.  (BTW, hwaddr is absolutely essential - the bridge
doesn't work otherwise).

I can ping 192.168.99.2 -> 192.168.99.1 and 192.168.99.1 -> 192.168.99.2
(ie. dom0 <-> domU).

I can ping domU <-> domU.

I've added the NAT rule on dom0:

  iptables --table nat --append POSTROUTING -o eth0 -j MASQUERADE

However when I try to connect out of the virtual network, NAT still
isn't working.  In the example below, I'm trying to telnet out to port
80 on a public address from one of the domUs.

  dom0# tcpdump -i eth0 tcp port 80
  tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
  listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
  13:36:31.805346 IP 192.168.99.3.2093 > 80.68.91.176.www: S 
511867828:511867828(0) win 5840 <mss 1460,sackOK,timestamp 4294963735 
0,nop,wscale 2>

Note that the source address is wrong (192.168.99.3 - it should have
been rewritten by NAT).

So NAT is still somehow being avoided ... Help!

Rich.

These are the interfaces on dom0:

# /sbin/ifconfig
br1       Link encap:Ethernet  HWaddr FE:FF:FF:FF:FF:FF
          inet6 addr: fe80::fcff:ffff:feff:ffff/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:10 errors:0 dropped:0 overruns:0 frame:0
          TX packets:6 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:496 (496.0 b)  TX bytes:468 (468.0 b)

eth0      Link encap:Ethernet  HWaddr 00:30:48:56:62:72
          inet addr:10.0.0.2  Bcast:10.0.0.255  Mask:255.255.255.0
          inet6 addr: fe80::230:48ff:fe56:6272/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:1263 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1094 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:128432 (125.4 KiB)  TX bytes:162172 (158.3 KiB)
          Interrupt:17

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:8 errors:0 dropped:0 overruns:0 frame:0
          TX packets:8 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:560 (560.0 b)  TX bytes:560 (560.0 b)

veth1     Link encap:Ethernet  HWaddr 00:16:3E:B0:99:01
          inet addr:192.168.99.1  Bcast:192.168.99.255  Mask:255.255.255.0
          inet6 addr: fe80::216:3eff:feb0:9901/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:131 errors:0 dropped:0 overruns:0 frame:0
          TX packets:28 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:9774 (9.5 KiB)  TX bytes:1728 (1.6 KiB)

vif0.1    Link encap:Ethernet  HWaddr FE:FF:FF:FF:FF:FF
          inet6 addr: fe80::fcff:ffff:feff:ffff/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:28 errors:0 dropped:0 overruns:0 frame:0
          TX packets:131 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:1728 (1.6 KiB)  TX bytes:9774 (9.5 KiB)

vif1.0    Link encap:Ethernet  HWaddr FE:FF:FF:FF:FF:FF
          inet6 addr: fe80::fcff:ffff:feff:ffff/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:79 errors:0 dropped:0 overruns:0 frame:0
          TX packets:38 errors:0 dropped:9 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:6134 (5.9 KiB)  TX bytes:2534 (2.4 KiB)

vif2.0    Link encap:Ethernet  HWaddr FE:FF:FF:FF:FF:FF
          inet6 addr: fe80::fcff:ffff:feff:ffff/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:51 errors:0 dropped:0 overruns:0 frame:0
          TX packets:14 errors:0 dropped:4 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:3614 (3.5 KiB)  TX bytes:888 (888.0 b)

This is the bridge:

# brctl show
bridge name     bridge id               STP enabled     interfaces
br1             8000.feffffffffff       no              vif0.1
                                                        vif1.0
                                                        vif2.0

This is the routing table:

# netstat -rn
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
10.0.0.0        0.0.0.0         255.255.255.0   U         0 0          0 eth0
192.168.99.0    0.0.0.0         255.255.255.0   U         0 0          0 veth1
0.0.0.0         10.0.0.25       0.0.0.0         UG        0 0          0 eth0


-- 
Richard Jones, CTO Merjis Ltd.
Merjis - web marketing and technology - http://merjis.com
Team Notepad - intranets and extranets for business - http://team-notepad.com

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.