|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-users] Port forwarding from non-xenbridged external interface to xen-interface
Hello everybody,
I have an odd problem with iptables using a Xen bridge setup. I don't know if
it would be better to post to netfilter Mailing-List. But I hope someone here
know how to solve it. If it's OT here, please let me know. I'll try to do a
little bit ASCII-Graphics to explain the topo better:
_________ ________
192.168.200.100 -> | |<- 192.168.100.1 | |
-------------------| Xen Box |--------------------| Server |
| ___| 192.168.100.100 -> |________|
|_____| |
| D |
| o |
| m |<- 192.168.100.x
| U |
|___|
I want to do port forwarding on IP-adress 192.168.200.100 to 192.168.100.x
(from Xen Box external to Server or DomU). But for some odd reasons it's not
working. I'm doing DNAT in PREROUTING-Chain of wlan0. The routing is OK here.
The Server at 192.168.100.100 responds and the packet hits peth0.
Unfortunately the packet never passes the bridge to wlan0:
Oct 6 17:05:46 cassini kernel: [ 2696.527510] IN=wlan0 OUT=eth0
SRC=192.168.200.10 DST=192.168.100.100 LEN=60 TOS=0x10 PREC=0x00 TTL=63
ID=27165 DF PROTO=TCP SPT=59444 DPT=80 WINDOW=5840 RES=0x00 SYN URGP=0
Oct 6 17:05:46 cassini kernel: [ 2696.527588] IN=xenbr0 OUT=xenbr0
PHYSIN=vif0.0 PHYSOUT=peth0 SRC=192.168.200.10 DST=192.168.100.100 LEN=60
TOS=0x10 PREC=0x00 TTL=63 ID=27165 DF PROTO=TCP SPT=59444 DPT=80 WINDOW=5840
RES=0x00 SYN URGP=0
Oct 6 17:05:46 cassini kernel: [ 2696.527829] IN=xenbr0 OUT=xenbr0
PHYSIN=peth0 PHYSOUT=vif0.0 SRC=192.168.100.100 DST=192.168.200.10 LEN=60
TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=TCP SPT=80 DPT=59444 WINDOW=5792
RES=0x00 ACK SYN URGP=0
If I try the same without port forwarding, but with simple routing (ip_forward
= 1) it works:
Oct 6 17:07:34 cassini kernel: [ 2804.711278] IN=wlan0 OUT=eth0
SRC=192.168.200.10 DST=192.168.100.100 LEN=60 TOS=0x10 PREC=0x00 TTL=62
ID=25088 DF PROTO=TCP SPT=54572 DPT=80 WINDOW=5840 RES=0x00 SYN URGP=0
Oct 6 17:07:34 cassini kernel: [ 2804.711355] IN=xenbr0 OUT=xenbr0
PHYSIN=vif0.0 PHYSOUT=peth0 SRC=192.168.200.10 DST=192.168.100.100 LEN=60
TOS=0x10 PREC=0x00 TTL=62 ID=25088 DF PROTO=TCP SPT=54572 DPT=80 WINDOW=5840
RES=0x00 SYN URGP=0
Oct 6 17:07:34 cassini kernel: [ 2804.711566] IN=xenbr0 OUT=xenbr0
PHYSIN=peth0 PHYSOUT=vif0.0 SRC=192.168.100.100 DST=192.168.200.10 LEN=60
TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=TCP SPT=80 DPT=54572 WINDOW=5792
RES=0x00 ACK SYN URGP=0
Oct 6 17:07:34 cassini kernel: [ 2804.711606] IN=eth0 OUT=wlan0 PHYSIN=peth0
PHYSOUT=vif0.0 SRC=192.168.100.100 DST=192.168.200.10 LEN=60 TOS=0x00
PREC=0x00 TTL=63 ID=0 DF PROTO=TCP SPT=80 DPT=54572 WINDOW=5792 RES=0x00 ACK
SYN URGP=0
Tcpdump on external network showed, that even masquerading on the external
interface (192.168.200.100) of the Xen Box isn't working. It seems to me, as
if packages won't hit the POSTROUTING-Chain on this interface. I added the
box called "Server" to check if it works for physical mashines, since I
encountered the problem while trying to do port forwarding with DomU's.
Simple routing on the other hand is working without problems.
This is what my interfaces look like (I hope it is OK to cut some of the more
generic information):
eth0 Link encap:Ethernet HWaddr 00:02:B3:8F:DF:F5
inet addr:192.168.100.1 Bcast:192.168.100.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:3104 errors:0 dropped:0 overruns:0 frame:0
TX packets:1592 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:324148 (316.5 KiB) TX bytes:154395 (150.7 KiB)
lo Link encap:Local Loopback
peth0 Link encap:Ethernet HWaddr FE:FF:FF:FF:FF:FF
vif0.0 Link encap:Ethernet HWaddr FE:FF:FF:FF:FF:FF
vif1.0 Link encap:Ethernet HWaddr FE:FF:FF:FF:FF:FF
vif2.0 Link encap:Ethernet HWaddr FE:FF:FF:FF:FF:FF
vif3.0 Link encap:Ethernet HWaddr FE:FF:FF:FF:FF:FF
vif4.0 Link encap:Ethernet HWaddr FE:FF:FF:FF:FF:FF
wlan0 Link encap:Ethernet HWaddr 00:09:5B:BF:44:D2
inet addr:192.168.200.100 Bcast:192.168.200.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:11714 errors:0 dropped:0 overruns:0 frame:0
TX packets:3096 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:730920 (713.7 KiB) TX bytes:659817 (644.3 KiB)
Interrupt:12
xenbr0 Link encap:Ethernet HWaddr FE:FF:FF:FF:FF:FF
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:497 errors:0 dropped:0 overruns:0 frame:0
TX packets:86 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:9862 (9.6 KiB) TX bytes:2752 (2.6 KiB)
The bridge is configured without any changes to the default layout:
bridge name bridge id STP enabled interfaces
xenbr0 8000.feffffffffff no vif0.0
peth0
vif1.0
vif2.0
vif3.0
vif4.0
I already read the Netfilter Howto and Netfilter NAT Howto. Also I read the
XenNetworking-FAQ found in XenWiki. I don't understand why this setup is not
working. Is there anybody who has a hint, link or iptables-snippet for me,
helping me to understand why this is not working out?
Thank you
Marcel
_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |