| |
|
 |
|
 |
|
|
|
| |
|
|
xen-users
[Xen-users] Dual Homed xen0 does not want to masq, packets not traversin
Hi all,
I have been wrestling with this all day. Some people state in the archives
this is not a Xen problem, but elsewhere I did not find answers as well.
System: Xen-3 + fc4 AMD Sempron. Dual NIC: eth1 to public internet, eth0 to
private LAN (192.168.x.x). There will be domU attached to eth0 in the
future, but at the moment none are running. They will need to be NAT'ed
as well though.
When I boot up the machine, the hosts on the private LAN are properly NAT'ed
(using a simple setup with system-config-securitylevel).
When I 'service start xend' and restart iptables NAT stops working.
I tried putting 'iptables -j LOG' entries in the -t nat POSTROUTING
chain, and I got these:
Dec 18 23:50:48 gw kernel: MASQ:IN= OUT=eth1 SRC=192.168.123.26 DST=217.170.32.40 LEN=84 TOS=0x00 PREC=0x00 TTL=63 ID=44 DF PROTO=ICMP TYPE=8
CODE=0 ID=60963 SEQ=44
but nothing shows up any more *after* xend is started.
What *does* show up is:
Dec 19 00:07:40 gw kernel: FORWARD:IN=xenbr0 OUT=xenbr0 PHYSIN=peth0 PHYSOUT=vif0.0 SRC=192.168.123.26 DST=217.170.32.40 LEN=84 TOS=0x00
PREC=0x00 TTL=64 ID=977 DF PROTO=ICMP TYPE=8 CODE=0 ID=61219 SEQ=977
Dec 19 00:07:40 gw kernel: FORWARD:IN=eth0 OUT=eth1 PHYSIN=peth0 PHYSOUT=vif0.0 SRC=192.168.123.26 DST=217.170.32.40 LEN=84 TOS=0x00 PREC=0x00
TTL=63 ID=977 DF PROTO=ICMP TYPE=8 CODE=0 ID=61219 SEQ=977
but nothing in the postrouting chain. And I need to do MASQ there.
I have looked everywhere. I have every feature in iptables and ebtables
compiled in, /proc/sys/net/bridge/bridge-nf-call-iptables holds '1'.
ip_forward is set of course.
Why don't the packets show up in the POSTROUTING chain?
For reference: this is my ifconfig before xend:
eth0 Link encap:Ethernet HWaddr 00:00:1C:81:E3:BA
inet addr:192.168.123.252 Bcast:192.168.123.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:29749 errors:0 dropped:0 overruns:0 frame:0
TX packets:8197 errors:0 dropped:0 overruns:0 carrier:0
collisions:78 txqueuelen:1000
RX bytes:3197935 (3.0 MiB) TX bytes:1696240 (1.6 MiB)
Interrupt:19 Base address:0x9400
eth1 Link encap:Ethernet HWaddr 00:0F:EA:E8:AC:0E
inet addr:62.163.35.217 Bcast:255.255.255.255 Mask:255.255.254.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:4270 errors:0 dropped:0 overruns:0 frame:0
TX packets:9464 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:490334 (478.8 KiB) TX bytes:1042276 (1017.8 KiB)
Interrupt:18 Base address:0xc800
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:59 errors:0 dropped:0 overruns:0 frame:0
TX packets:59 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:12148 (11.8 KiB) TX bytes:12148 (11.8 KiB)
And this is after:
eth0 Link encap:Ethernet HWaddr 00:00:1C:81:E3:BA
inet addr:192.168.123.252 Bcast:192.168.123.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:34 errors:0 dropped:0 overruns:0 frame:0
TX packets:10 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:2702 (2.6 KiB) TX bytes:892 (892.0 b)
eth1 Link encap:Ethernet HWaddr 00:0F:EA:E8:AC:0E
inet addr:62.163.35.217 Bcast:255.255.255.255 Mask:255.255.254.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:4283 errors:0 dropped:0 overruns:0 frame:0
TX packets:9688 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:491120 (479.6 KiB) TX bytes:1059972 (1.0 MiB)
Interrupt:18 Base address:0xc800
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:59 errors:0 dropped:0 overruns:0 frame:0
TX packets:59 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:12148 (11.8 KiB) TX bytes:12148 (11.8 KiB)
peth0 Link encap:Ethernet HWaddr FE:FF:FF:FF:FF:FF
UP BROADCAST RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:30067 errors:0 dropped:0 overruns:0 frame:0
TX packets:8244 errors:0 dropped:0 overruns:0 carrier:0
collisions:78 txqueuelen:1000
RX bytes:3230167 (3.0 MiB) TX bytes:1704724 (1.6 MiB)
Interrupt:19 Base address:0x9400
vif0.0 Link encap:Ethernet HWaddr FE:FF:FF:FF:FF:FF
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:12 errors:0 dropped:0 overruns:0 frame:0
TX packets:35 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:1248 (1.2 KiB) TX bytes:2776 (2.7 KiB)
xenbr0 Link encap:Ethernet HWaddr FE:FF:FF:FF:FF:FF
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:5 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:140 (140.0 b) TX bytes:0 (0.0 b)
other stuff:
[root@gw linux-2.6.12-xen0]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.123.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
62.163.35.0 0.0.0.0 255.255.254.0 U 0 0 0 eth1
0.0.0.0 62.163.35.1 0.0.0.0 UG 0 0 0 eth1
[root@gw linux-2.6.12-xen0]# brctl show
bridge name bridge id STP enabled interfaces
xenbr0 8000.feffffffffff no peth0
vif0.0
ron.arts.vcf
Description: Vcard
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users
|
| <Prev in Thread] |
Current Thread |
[Next in Thread> |
- [Xen-users] Dual Homed xen0 does not want to masq, packets not traversing POSTROUTING chain,
Ron Arts <=
|
|
|
| |
|
Home