[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-users] problem using NAT in dom0 + Xen
Hello, We have a machine (Debian Etch, Xen from Debian repositories, etc.) with two NICs: one for LAN (192.168.0.0/24) and another one with public IP address. After enable Bridging (in /etc/xen/xend-config.sxp): (network-script 'network-bridge netdev=eth0') (vif-script vif-bridge) # eth0 is the LAN NIC I have eth0, peth0, vif0.1 (I guess that it's usual for you) and this bridge: servidor:~# brctl show bridge name bridge id STP enabled interfaces xenbr1 8000.feffffffffff no vif0.1 peth0 Then my NAT (to connect to internet from my internal network) stops to work. In my iptables rules I don't have any reference to eth0 (only to eth1, but it's not affected by Xen configuration). A simplification of my rules: -------- $IPTABLES -F $IPTABLES -t nat -F $IPTABLES -t mangle -F $IPTABLES -P INPUT ACCEPT $IPTABLES -P FORWARD DROP $IPTABLES -P OUTPUT ACCEPT $IPTABLES -A FORWARD -s 192.168.0.0/24 -j ACCEPT $IPTABLES -A FORWARD -m state --state ESTABLISHED,RELATED \ -d 192.168.0.0/24 -j ACCEPT $IPTABLES -t nat -A POSTROUTING -o eth1 -s 192.168.0.0/24 -j MASQUERADE echo 1 > /proc/sys/net/ipv4/ip_forward --------- If I sniff traffic on eth1 (tcpdump -i eth1) I see that IP packets are sent using the private address! Of course, before enable xen daemon, I see that this IP packets are sent using my public IP address (-j MASQUERADE, same effect if I use -j SNAT --to-address my_address) Any clue? Why is it happening? I think that I'm having all possible problems using Xen :-) Thank you! -- Carles Pina i Estany GPG id: 0x8CBDAE64 http://pinux.info Manresa - Barcelona _______________________________________________ Xen-users mailing list Xen-users@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-users
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |