|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-users] Source NAT problems
I'm using Xen 3.0 on an FC5 (2.6.16.13-xen kernel) box with multiple
physical
interfaces, bridges, and domUs. I'm using the bridging setup, but also need
to source NAT traffic through its dom0 between two other boxes. Here is the
portion in question:
(internal network)
box1
|
/-peth1--------\
| | domUx |
| | / |
| xenbr1-domUy |
| | |
| (v)eth1 |
| | |
| dom0 |
| | |
| (v)eth0 |
| | |
| xenbr0-domUz |
| | |
\-peth0--------/
|
box2
(external network)
I've got to nat traffic from box1 on the internal network to box2 on the
external network. So I enabled ip forwarding and source nat on dom0:
# sysctl -w net.ipv4.ip_forward=1
# iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to <dom0ip>
This nearly works, but returning packets disappear after they hit peth0.
For example, I ping from box1 to box2. tcpdump on dom0 sees the echo
request
packets arriving via peth1 and xenbr1, and leaving with the new SNATted
address via eth0, xenbr0, and peth0. So far, so good.
tcpdump also sees the echo reply packets coming back from box2 on peth0,
but they never appear on xenbr0. This is the problem.
The echo request and reply packets have the same IPs and MACs as they do
when
I successfully ping directly from dom0 to box2. So what could be causing
the packets do disappear only when they've been SNATted?
I've searched the xen-users archives and tried a few things. I tried using
ethtool to turn off checksumming at xenbr0, vif0.0, and eth0, but that
didn't
help. I've been struggling with ebtables but having trouble understanding
them in the context of xen networking.
Any help would be appreciated.
Steve Brueckner, ATC-NY
_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |