WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-users

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Xen-users] Issues with Xen and iptables

from [Rainer Sokoll] [Permanent Link][Original]
Subject: Re: [Xen-users] Issues with Xen and iptables
From: Rainer Sokoll <r.sokoll@xxxxxxxxxxxx>
Date: Fri, 29 Jan 2010 16:05:02 +0100
Cc: Xen User-List <xen-users@xxxxxxxxxxxxxxxxxxx>
Delivery-date: Mon, 01 Feb 2010 03:17:14 -0800
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <20100129144112.GA9155@xxxxxxxxxxxxxx>
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
References: <20100129092932.GB4838@xxxxxxxxxxxxxx> <7207d96f1001290534q300a4264n9f3f5199138e7a9f@xxxxxxxxxxxxxx> <20100129135556.GB6901@xxxxxxxxxxxxxx> <7207d96f1001290609s447b2deanb7dff725ea67a116@xxxxxxxxxxxxxx> <20100129144112.GA9155@xxxxxxxxxxxxxx>
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: Thunderbird 2.0.0.23 (X11/20090817) 
Rainer Sokoll schrieb:
> On Fri, Jan 29, 2010 at 09:09:23PM +0700, Fajar A. Nugraha wrote:
> 
>> You might want to try changing the NAT conditions from using "-o eth2"
>> to simply using --source and --destination first, with MASQUARADE for
>> simplicity and easy-debugging. A colleague had some problems a while
>> back, turned out he uses the wrong interface for "-o".
> 
> If I follow your instructions, I see the natted (yeah!) packets on
> vif0.1 - but nothing on eth2 (where the default route sits) - for both
> SNAT and MASQUERADE.

It is getting more strange:

brctl show
bridge name     bridge id               STP enabled     interfaces
xenbr0          8000.000000000000       no
xenbr1          8000.00ff746a4f25       no              vif0.1
                                                        peth1
                                                        vif1.0
                                                        tap0

As said, if I tcpdump on vif0.1, I see natted packets. But if I tcpdump
on xenbr0, I see the same packets, but not natted.
I worry that I am missing something fundamental :-(

Rainer

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Xen-users] Full Virtualised DomU Hang on Boot, peter.chiu
Next by Date:  [Xen-users] How do I configure Virtual machines to DHCP from network instead of Dom0 ??, Tom80112
Previous by Thread:  [Xen-users] Full Virtualised DomU Hang on Boot, peter.chiu
Next by Thread:  Re: [Xen-users] Issues with Xen and iptables, Fajar A. Nugraha
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy