[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-users] SNAT XENBR0

  • To: xen-users@xxxxxxxxxxxxxxxxxxx
  • From: srawilliams <sean@xxxxxx>
  • Date: Tue, 18 Jun 2013 06:13:32 -0700 (PDT)
  • Delivery-date: Tue, 18 Jun 2013 14:05:13 +0000
  • List-id: Xen user discussion <xen-users.lists.xen.org>


I have a ubuntu 12.04 Xen host with a bridge network

# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface
allow-hotplug eth0
iface eth0 inet manual

auto xenbr0
iface xenbr0 inet static
        bridge_ports eth0

Because of firewall restrictions i have to SNAT or masquerade to the host,
which i do on the xenbr0 bridge.

iptables -t nat -A POSTROUTING -o xenbr0 -j MASQUERADE

I also have ipforwarding set on the host

net.ipv4.ip_forward = 1
net.ipv4.conf.eth0.proxy_arp = 1

This works fine.  My guests can see the world, however everything routed to
the guests from the world gets the ip address of Xenbr0.  I am presuming
because requests in to those guest go via xenbr0 which changes the source on
the way to the guest.   

I have tied taking off the postrouting form xenbr0 and tried both SNAT and
MASQUERADE on eth0 but this does not work.

Please help.  I don't have enough knowledge to figure out a solution.



View this message in context: 
Sent from the Xen - User mailing list archive at Nabble.com.

Xen-users mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.