[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-users] problem using NAT in dom0 + Xen


  • To: xen-users@xxxxxxxxxxxxxxxxxxx
  • From: Carles Pina i Estany <carles@xxxxxxxx>
  • Date: Sat, 15 Mar 2008 00:58:46 +0100
  • Delivery-date: Fri, 14 Mar 2008 16:59:17 -0700
  • List-id: Xen user discussion <xen-users.lists.xensource.com>

Hello,

We have a machine (Debian Etch, Xen from Debian repositories, etc.) with
two NICs: one for LAN (192.168.0.0/24) and another one with public IP
address.

After enable Bridging (in /etc/xen/xend-config.sxp):
(network-script 'network-bridge netdev=eth0')
(vif-script vif-bridge)

# eth0 is the LAN NIC

I have eth0, peth0, vif0.1 (I guess that it's usual for you) and this
bridge:
servidor:~# brctl show
bridge name     bridge id               STP enabled     interfaces
xenbr1          8000.feffffffffff       no              vif0.1
                                                        peth0

Then my NAT (to connect to internet from my internal network) stops to
work. In my iptables rules I don't have any reference to eth0 (only to
eth1, but it's not affected by Xen configuration). A simplification of
my rules:
--------
$IPTABLES -F 
$IPTABLES -t nat -F
$IPTABLES -t mangle -F
$IPTABLES -P INPUT ACCEPT 
$IPTABLES -P FORWARD DROP
$IPTABLES -P OUTPUT ACCEPT

$IPTABLES -A FORWARD -s 192.168.0.0/24 -j ACCEPT 
$IPTABLES -A FORWARD -m state --state ESTABLISHED,RELATED \
        -d 192.168.0.0/24 -j ACCEPT 
$IPTABLES -t nat -A POSTROUTING -o eth1 -s 192.168.0.0/24 -j MASQUERADE

echo 1 > /proc/sys/net/ipv4/ip_forward
---------

If I sniff traffic on eth1 (tcpdump -i eth1) I see that IP packets are
sent using the private address! Of course, before enable xen daemon, I
see that this IP packets are sent using my public IP address (-j
MASQUERADE, same effect if I use -j SNAT --to-address my_address)

Any clue? Why is it happening?

I think that I'm having all possible problems using Xen :-)

Thank you!

-- 
Carles Pina i Estany            GPG id: 0x8CBDAE64
        http://pinux.info       Manresa - Barcelona

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.