|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-users] Issues with Xen and iptables
On Fri, Jan 29, 2010 at 8:55 PM, Rainer Sokoll <rainer@xxxxxxxxxx> wrote: > On Fri, Jan 29, 2010 at 08:34:39PM +0700, Fajar A. Nugraha wrote: > >> I don't quite understand what you're trying to achieve (why are you >> using NAT over vpn?), > > There is no NAT over vpn. Routing looks like: > If the target is the companies network, route the packets into the > tunnel, no NAT. > If the target is the internet, route the packets to the ISP's gateway > and do NAT. so eth2 is the interface to your ISP? Have you set up routing correctly? >> - openvpn works just fine on dom0 or domU. Same setup (choice of >> tun/tap, bridge setup, etc.) that you'd do on a normal box. > > Openvpn is not my problem, it works fine. My problem is that I cannot > get SNAT working. And I am wondering whether Xen could bo the root of my > problem. It shouldn't be. RHEL/Centos5 comes with Xen 3.1+ and libvirt, which creates virbr0 bridge, which does MASQUARADE for domUs on that bridge. It works as expected. I haven't tried SNAT on it, but if MASQUARADE works then SNAT should work as well. You might want to try changing the NAT conditions from using "-o eth2" to simply using --source and --destination first, with MASQUARADE for simplicity and easy-debugging. A colleague had some problems a while back, turned out he uses the wrong interface for "-o". -- Fajar _______________________________________________ Xen-users mailing list Xen-users@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-users
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |