|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-users] Bridge networking fail with no established connection
Hi all. I'm running in a strange situtation. I've the following schema. FW1 (firewall 1) ==== #more fw1 kernel = "/boot/vmlinuz-xenpae" ramdisk = "/boot/initrd-javera-reiserfs.gz" memory = 64 root = "/dev/hda1" name = "fw1" disk = ['phy:xen2_vg/fw1_lv,hda1,w'] #disk = ['file:/var/tmp/xen/fw1.vmdisk,hda1,w']vif = ['mac=aa:cc:00:00:00:22, bridge=xenbr-FW', ' mac=aa:cc:00:00:00:20, bridge=xenbr-E', 'mac=aa:cc:00:00:00:21, bridge=xenbr-E' ] fw1:ext3/root:#route -n Kernel IP routing tableDestination Gateway Genmask Flags Metric Ref Use Iface 172.26.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 192.168.33.0 0.0.0.0 255.255.255.0 U 0 0 0 eth2 169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0 127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo 0.0.0.0 172.26.0.1 0.0.0.0 UG 0 0 0 eth0 FW2 (firewall 2) =========== # more fw2 kernel = "/boot/vmlinuz-xenpae" ramdisk = "/boot/initrd-javera-reiserfs.gz" memory = 64 root = "/dev/hda1" name = "fw2" disk = ['phy:xen2_vg/fw2_lv,hda1,w'] #disk = ['file:/var/tmp/xen/fw1.vmdisk,hda1,w']vif = ['mac=aa:cc:00:00:00:41, bridge=xenbr-FW', ' mac=aa:cc:00:00:00:40, bridge=xenbr-SERVERS', mac=aa:cc:00:00:00:42, bridge=xenbr-I' ] fw2:ext3/var/log:#route -n Kernel IP routing tableDestination Gateway Genmask Flags Metric Ref Use Iface 192.168.33.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 192.168.41.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1 169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0 1.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 eth2 127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo 0.0.0.0 192.168.33.1 0.0.0.0 UG 0 0 0 eth0 WWW (Web server) # more www.sant-adria.net.EXTERNA kernel = "/boot/vmlinuz-xenpae" ramdisk = "/boot/initrd-javera-reiserfs.gz" memory = 128 name = "www_sant_adria_net" disk = ['phy:xen2_vg/www_externa_lv,hda1,w'] root = "/dev/hda1" vif = [ 'mac=aa:cc:00:00:00:11, bridge=xenbr-E' ] # route -n Kernel IP routing tableDestination Gateway Genmask Flags Metric Ref Use Iface 192.168.33.1 172.26.0.3 255.255.255.255 UGH 0 0 0 eth0 192.168.33.2 172.26.0.3 255.255.255.255 UGH 0 0 0 eth0 172.26.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0 127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo0.0.0.0 172.26.0.1
______
| |
| ADSL |
| |
--------
|
|
| 172.26.0.1
______________________________________ 172.26.0.0/16
|
|
eth0 |
-----------------------------------------------------------------------------------------------------------
|
------------
| -------------- |
| |
| www |
| xenbr-E |
----------------- | 172.26.0.50 |
------------
|___________ |
|
172.26.0.3
------------
| |
| fw1 |
------------
| 192.168.33.1
------------
| |
| xenbr-FW |
------------
| 192.168.33.2
|
------------
| |
| fw2 |
------------
| 1.1.2.1
|
|
|
|
|
------------
| -------------- |
| |
| servbbdd |
| xenbr-I |
----------------- | 1.100.0.78 |
------------
|___________|
|
|
|
|
-----------------------------------------------------------------------------------------------------------
eth1 |
|
___________________________________________________________________
LAN (1.0.0.0/8)
|
|
------------
| |
| 1.100.0.66 |
------------
Fw1 and FW2 have iptables with MASQUERADE, so LAN appears to fw1 like 192.168.33.2 and fw2 appears to ADSL router like 172.26.0.3 (double NAT). So, I can do ping from servbbdd (1.100.0.78) to WWW (172.26.0.50) and from 1.100.0.66 to WWW too (all seems OK). From 1.100.0.78, I execute the following servbbdd:~ # telnet 172.26.0.50 143 Trying 172.26.0.50... Connected to 172.26.0.50. Escape character is '^]'. * OK blah, blah, blah Cyrus IMAP4 v2.2.12 server ready From 172.26.0.50 we can look the established connection www:reiserfs/root:#netstat -an | grep 143 tcp 0 0 0.0.0.0:143 0.0.0.0:* LISTENtcp 0 0 172.26.0.50:143 172.26.0.3:60547 ESTABLISHED tcp 0 0 :::143 :::* LISTENNote that all connections are masqueraded and appears to be from 172.26.0.3 (It's OK). But when I try do the same from 1.100.0.66, the connection never finished good telnet 172.26.0.50 143 Trying 172.26.0.50... Connected to 172.26.0.50. Escape character is '^]'.And from 172.26.0.50 we can look an established connection, but doesn't work. netstat -an | grep 143 tcp 0 0 0.0.0.0:143 0.0.0.0:* LISTENtcp 0 0 172.26.0.50:143 172.26.0.3:60547 TIME_WAIT tcp 0 59 172.26.0.50:143 172.26.0.3:3879 ESTABLISHED
tcp 0 0 :::143 :::* LISTEN
The following are the brctl output
xen2:XEN2:/root#brctl show
bridge name bridge id STP enabled interfaces
xenbr-E 8000.feffffffffff no vif0.1
peth1
vif9.2
vif13.0
xenbr-I 8000.feffffffffff no vif0.0
peth0
vif1.2
vif5.0
xenbr-DMZ 8000.feffffffffff no vif9.1
xenbr-FW 8000.feffffffffff no vif1.0
vif9.0
xenbr-SERVERS 8000.feffffffffff no vif1.1
vif3.0
xen2:XEN2:/root#brctl showmacs xenbr-E
port no mac addr is local? ageing timer
2 00:12:a9:d5:48:e4 no 0.15
4 aa:cc:00:00:00:11 no 13.72
3 aa:cc:00:00:00:21 no 0.04
1 fe:ff:ff:ff:ff:ff yes 0.00
xen2:XEN2:/root#brctl showmacs xenbr-I
port no mac addr is local? ageing timer
2 00:00:48:98:8e:ff no 9.28
2 00:00:48:9f:c7:35 no 1.29
2 00:00:48:9f:c7:8a no 9.24
2 00:00:48:9f:d3:8e no 9.24
2 00:00:48:9f:d4:2b no 9.27
2 00:00:48:b3:bd:b8 no 10.98
2 00:00:48:b8:e4:2b no 8.09
2 00:00:48:b8:e4:75 no 42.60
2 00:00:48:b8:e4:a9 no 34.16
2 00:00:48:b8:e4:b1 no 1.42
2 00:00:48:bc:fe:50 no 0.64
2 00:00:48:bf:57:c2 no 56.53
2 00:00:74:78:4a:e6 no 58.83
2 00:00:74:82:8f:86 no 2.70
2 00:00:74:9b:1a:72 no 227.31
2 00:00:74:9b:4f:02 no 134.31
2 00:00:85:42:47:6f no 70.84
2 00:00:e8:78:b9:f0 no 85.56
2 00:00:e8:88:59:a7 no 56.96
2 00:00:f8:10:d3:e4 no 3.09
2 00:01:6c:2c:17:dc no 109.13
2 00:01:e6:34:8f:ec no 23.54
2 00:04:23:40:2a:ed no 59.35
2 00:04:23:40:2c:09 no 77.52
2 00:04:23:40:6f:e7 no 13.12
2 00:04:76:cd:60:4f no 11.61
2 00:05:1a:0a:cd:84 no 1.74
2 00:06:4f:16:fb:27 no 10.71
2 00:08:54:07:f9:ce no 21.78
2 00:08:c7:69:42:ce no 18.75
2 00:0b:cd:27:5c:9a no 47.96
2 00:0b:cd:d0:12:e0 no 281.18
2 00:0c:76:06:a7:46 no 45.41
2 00:0c:76:08:21:ca no 0.52
2 00:0c:76:08:24:3d no 67.38
2 00:0c:76:61:5c:95 no 294.94
2 00:0c:76:61:5c:b8 no 97.45
2 00:0f:fe:10:f8:a7 no 290.36
2 00:0f:fe:11:01:f7 no 9.65
2 00:0f:fe:11:01:fd no 162.32
2 00:10:5a:a1:10:26 no 166.30
2 00:10:dc:d0:bb:5d no 82.50
1 00:12:79:94:79:20 no 0.00
2 00:13:21:1c:e7:82 no 258.92
2 00:13:72:9d:69:b1 no 86.61
2 00:13:72:9d:6b:bc no 166.45
2 00:13:d4:3a:a5:af no 0.00
2 00:16:35:76:6f:3d no 237.86
2 00:16:35:77:58:51 no 120.25
2 00:16:35:77:58:ed no 256.57
2 00:20:18:39:85:6c no 0.56
2 00:20:18:39:93:9d no 9.11
2 00:20:18:39:94:3f no 2.23
2 00:20:18:3a:04:48 no 88.23
2 00:20:18:3a:d8:db no 101.97
2 00:20:18:3a:dd:c4 no 82.93
2 00:20:18:3b:22:10 no 125.62
2 00:20:18:3b:5e:c0 no 283.91
2 00:20:18:b9:34:08 no 182.79
2 00:20:18:b9:35:0a no 137.80
2 00:30:05:52:9c:0e no 14.68
2 00:30:05:52:9c:3f no 185.35
2 00:30:05:52:df:59 no 38.65
2 00:30:05:52:df:5c no 115.78
2 00:30:05:52:df:68 no 185.26
2 00:30:05:52:df:75 no 32.49
2 00:30:05:52:df:8a no 0.58
2 00:30:05:52:e0:19 no 0.91
2 00:30:05:52:e0:1a no 65.11
2 00:30:05:52:e0:2d no 85.19
2 00:30:05:52:e0:30 no 127.25
2 00:30:05:52:e0:3b no 94.06
2 00:30:05:52:e0:45 no 28.04
2 00:30:05:52:e0:48 no 0.42
2 00:30:05:52:e0:57 no 116.83
2 00:30:05:52:e0:5d no 43.86
2 00:30:c1:ae:20:9b no 23.51
2 00:40:95:30:16:7c no 62.71
2 00:4f:49:0d:43:7f no 110.99
2 00:4f:49:0d:86:dc no 11.70
2 00:4f:4e:10:33:d3 no 70.87
2 00:4f:4e:11:72:8e no 268.55
2 00:50:fc:62:cc:31 no 65.30
2 00:50:fc:a8:7b:0a no 2.57
2 00:50:fc:aa:58:2f no 101.34
2 00:c0:a8:f2:80:71 no 0.20
2 00:c0:a8:f2:80:75 no 47.28
2 00:c0:a8:f2:fc:9c no 43.27
2 00:c0:a8:f3:02:37 no 223.92
2 00:e0:29:9d:2b:96 no 43.62
4 aa:cc:00:00:00:04 no 124.69
3 aa:cc:00:00:00:42 no 0.32
1 fe:ff:ff:ff:ff:ff yes 0.00
Are there any problems about mixed bridges and real switches ?. Why i
can't establish a TCP session ?
Thanks in advanced. -- Juan Antonio Vera Attachment:
javera.vcf _______________________________________________ Xen-users mailing list Xen-users@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-users
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |