WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-users

[Xen-users] network traffic can't be seen by iptables when no bridge pre

To: xen-users@xxxxxxxxxxxxxxxxxxx
Subject: [Xen-users] network traffic can't be seen by iptables when no bridge presents
From: liang chen <chenlia@xxxxxxxxxxxxxxxxxx>
Date: Wed, 10 Aug 2005 12:05:01 -0400 (EDT)
Delivery-date: Thu, 11 Aug 2005 12:12:55 +0000
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx
In my project, I tried to use iptables, instead of bridge, to direct
networking traffics from one VM to another in one host. What I am doing is
I delete xen-br0, and I have two VMs that have IP addresses of 10.8.0.51
and 10.8.0.52. I use

iptables -t mangle -A FORWARD -d 10.8.0.51 -j ROUTE --oif vif1.0
iptables -t mangle -A FORWARD -d 10.8.0.52 -j ROUTE --oif vif2.0

vif1.0 and vif2.0 are the virtual network interfaces of two VMs. In order
to debug the above rules, I log all the traffics:

iptables -t mangle -A PREROUTING -j LOG --log-level debug --log-prefix
"log-everything"

I ping 10.8.0.52 from 10.8.0.51 and I expect to see the traffics would be
logged. However, I can't see any corresponding traffics are logging. Only
traffics looks like :

IN=lo OUT= ip-source=127.0.0.1 ip-destination=127.0.0.1........

I use tcpdump to listen on vif1.0 and I can see the icmp requsts from
10.8.0.51 to 10.8.0.52.

I am using the kernel linux-2.6.11-xen0. Does anybody have ideas about it?
Is it because there is no bridge presenting?


thanks
liang


_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users

<Prev in Thread] Current Thread [Next in Thread>
  • [Xen-users] network traffic can't be seen by iptables when no bridge presents, liang chen <=