On Fri, Jan 29, 2010 at 10:05 PM, Rainer Sokoll <r.sokoll@xxxxxxxxxxxx> wrote:
> Rainer Sokoll schrieb:
>> On Fri, Jan 29, 2010 at 09:09:23PM +0700, Fajar A. Nugraha wrote:
>>
>>> You might want to try changing the NAT conditions from using "-o eth2"
>>> to simply using --source and --destination first, with MASQUARADE for
>>> simplicity and easy-debugging. A colleague had some problems a while
>>> back, turned out he uses the wrong interface for "-o".
>>
>> If I follow your instructions, I see the natted (yeah!) packets on
>> vif0.1 - but nothing on eth2 (where the default route sits) - for both
>> SNAT and MASQUERADE.
>
> It is getting more strange:
>
> brctl show
> bridge name bridge id STP enabled interfaces
> xenbr0 8000.000000000000 no
> xenbr1 8000.00ff746a4f25 no vif0.1
> peth1
> vif1.0
> tap0
That is weird. Usually xenbr0 is connected to vif0.0 and peth0. Did
you change the default network-bridge script?
>
> As said, if I tcpdump on vif0.1, I see natted packets. But if I tcpdump
> on xenbr0, I see the same packets, but not natted.
That usually means packets come in (or originating from) xenbr0, and
routed to eth1 (thus mirrored to vif0.0, and go out the wire from
peth1)
> I worry that I am missing something fundamental :-(
What packets are you using to test, ping from the dom0? from domU?
from other hosts on the network? To where?
At this point I'd have to say a complete description of your network
might be necessary. netstat -nr, iptables -nL, iptables -nL -t nat,
and so on. Without that it's hard to diagnose further.
In any case, this is not really xen-specific issue (although the
bridge setup might make it a little bit more confusing). You might
find it easier to use domU as router/firewall.
--
Fajar
_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users
|
Home