WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-users

[Xen-users] Bridge networking fail with no established connection

To: xen-users@xxxxxxxxxxxxxxxxxxx
Subject: [Xen-users] Bridge networking fail with no established connection
From: "Juan Antonio Vera (Internet)" <javera@xxxxxxxxxxxxxx>
Date: Mon, 16 Oct 2006 15:12:39 +0200
Delivery-date: Mon, 16 Oct 2006 06:12:18 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
Organization: Ajuntament Sant Adrià del Besòs
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: Thunderbird 1.5.0.7 (Windows/20060909)
Hi all.


I'm running in a strange situtation. I've the following schema.


FW1 (firewall 1)
====

#more fw1
kernel = "/boot/vmlinuz-xenpae"
ramdisk = "/boot/initrd-javera-reiserfs.gz"
memory = 64
root = "/dev/hda1"
name = "fw1"
disk = ['phy:xen2_vg/fw1_lv,hda1,w']
#disk = ['file:/var/tmp/xen/fw1.vmdisk,hda1,w']
vif = ['mac=aa:cc:00:00:00:22, bridge=xenbr-FW', ' mac=aa:cc:00:00:00:20, bridge=xenbr-E', 'mac=aa:cc:00:00:00:21, bridge=xenbr-E' ]


fw1:ext3/root:#route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
172.26.0.0      0.0.0.0         255.255.255.0   U     0      0        0 eth0
192.168.33.0    0.0.0.0         255.255.255.0   U     0      0        0 eth2
169.254.0.0     0.0.0.0         255.255.0.0     U     0      0        0 eth0
127.0.0.0       0.0.0.0         255.0.0.0       U     0      0        0 lo
0.0.0.0         172.26.0.1      0.0.0.0         UG    0      0        0 eth0


FW2 (firewall 2)
===========

# more fw2
kernel = "/boot/vmlinuz-xenpae"
ramdisk = "/boot/initrd-javera-reiserfs.gz"
memory = 64
root = "/dev/hda1"
name = "fw2"
disk = ['phy:xen2_vg/fw2_lv,hda1,w']
#disk = ['file:/var/tmp/xen/fw1.vmdisk,hda1,w']
vif = ['mac=aa:cc:00:00:00:41, bridge=xenbr-FW', ' mac=aa:cc:00:00:00:40, bridge=xenbr-SERVERS', mac=aa:cc:00:00:00:42, bridge=xenbr-I' ]


fw2:ext3/var/log:#route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.33.0    0.0.0.0         255.255.255.0   U     0      0        0 eth0
192.168.41.0    0.0.0.0         255.255.255.0   U     0      0        0 eth1
169.254.0.0     0.0.0.0         255.255.0.0     U     0      0        0 eth0
1.0.0.0         0.0.0.0         255.0.0.0       U     0      0        0 eth2
127.0.0.0       0.0.0.0         255.0.0.0       U     0      0        0 lo
0.0.0.0         192.168.33.1    0.0.0.0         UG    0      0        0 eth0


WWW (Web server)

# more www.sant-adria.net.EXTERNA
kernel = "/boot/vmlinuz-xenpae"
ramdisk = "/boot/initrd-javera-reiserfs.gz"
memory = 128
name = "www_sant_adria_net"
disk = ['phy:xen2_vg/www_externa_lv,hda1,w']
root = "/dev/hda1"
vif      = [ 'mac=aa:cc:00:00:00:11, bridge=xenbr-E' ]


# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.33.1    172.26.0.3      255.255.255.255 UGH   0      0        0 eth0
192.168.33.2    172.26.0.3      255.255.255.255 UGH   0      0        0 eth0
172.26.0.0      0.0.0.0         255.255.255.0   U     0      0        0 eth0
169.254.0.0     0.0.0.0         255.255.0.0     U     0      0        0 eth0
127.0.0.0       0.0.0.0         255.0.0.0       U     0      0        0 lo
0.0.0.0 172.26.0.1




            ______
           |            |
           | ADSL |
           |            |
            --------
               |
               |
               | 172.26.0.1
______________________________________ 172.26.0.0/16
                                 |
                                 |
                       eth0    |
-----------------------------------------------------------------------------------------------------------
                                             |
------------ | -------------- | | | | www | | xenbr-E | ----------------- | 172.26.0.50 | ------------ |___________ |
                                                   |
                                             172.26.0.3
------------ | | | fw1 |
                                          ------------
                                                | 192.168.33.1
------------ | | | xenbr-FW | ------------ | 192.168.33.2
                                                |
------------ | | | fw2 | ------------ | 1.1.2.1
                                                |
                                                |
                                                |
                                                |
                                                |
------------ | -------------- | | | | servbbdd | | xenbr-I | ----------------- | 1.100.0.78 | ------------ |___________|
                                                |
                                                |
                                                |
                                                |
-----------------------------------------------------------------------------------------------------------
                                   eth1       |
                                                |
___________________________________________________________________ LAN (1.0.0.0/8)

                                                   |
                                                   |
------------ | |
                                         | 1.100.0.66  |
------------

Fw1 and FW2 have iptables with MASQUERADE, so LAN appears to fw1 like 192.168.33.2 and fw2 appears to ADSL router like 172.26.0.3 (double NAT). So, I can do ping from servbbdd (1.100.0.78) to WWW (172.26.0.50) and from 1.100.0.66 to WWW too (all seems OK).

From 1.100.0.78, I execute the following

servbbdd:~ # telnet 172.26.0.50 143
Trying 172.26.0.50...
Connected to 172.26.0.50.
Escape character is '^]'.
* OK blah, blah, blah Cyrus IMAP4 v2.2.12 server ready

From 172.26.0.50 we can look the established connection

www:reiserfs/root:#netstat -an | grep 143
tcp        0      0 0.0.0.0:143             0.0.0.0:*               LISTEN
tcp 0 0 172.26.0.50:143 172.26.0.3:60547 ESTABLISHED
tcp        0      0 :::143                  :::*                    LISTEN

Note that all connections are masqueraded and appears to be from 172.26.0.3 (It's OK).

But when I try do the same from 1.100.0.66, the connection never finished good

telnet 172.26.0.50 143
Trying 172.26.0.50...
Connected to 172.26.0.50.
Escape character is '^]'.

And from 172.26.0.50 we can look an established connection, but doesn't work.

netstat -an | grep 143
tcp        0      0 0.0.0.0:143             0.0.0.0:*               LISTEN
tcp 0 0 172.26.0.50:143 172.26.0.3:60547 TIME_WAIT tcp 0 59 172.26.0.50:143 172.26.0.3:3879 ESTABLISHED
tcp        0      0 :::143                  :::*                    LISTEN



The following are the brctl output

xen2:XEN2:/root#brctl show
bridge name     bridge id               STP enabled     interfaces
xenbr-E         8000.feffffffffff       no              vif0.1
                                                       peth1
                                                       vif9.2
                                                       vif13.0
xenbr-I         8000.feffffffffff       no              vif0.0
                                                       peth0
                                                       vif1.2
                                                       vif5.0
xenbr-DMZ               8000.feffffffffff       no              vif9.1
xenbr-FW                8000.feffffffffff       no              vif1.0
                                                       vif9.0
xenbr-SERVERS           8000.feffffffffff       no              vif1.1
                                                       vif3.0
xen2:XEN2:/root#brctl showmacs xenbr-E
port no mac addr                is local?       ageing timer
 2     00:12:a9:d5:48:e4       no                 0.15
 4     aa:cc:00:00:00:11       no                13.72
 3     aa:cc:00:00:00:21       no                 0.04
 1     fe:ff:ff:ff:ff:ff       yes                0.00
xen2:XEN2:/root#brctl showmacs xenbr-I
port no mac addr                is local?       ageing timer
 2     00:00:48:98:8e:ff       no                 9.28
 2     00:00:48:9f:c7:35       no                 1.29
 2     00:00:48:9f:c7:8a       no                 9.24
 2     00:00:48:9f:d3:8e       no                 9.24
 2     00:00:48:9f:d4:2b       no                 9.27
 2     00:00:48:b3:bd:b8       no                10.98
 2     00:00:48:b8:e4:2b       no                 8.09
 2     00:00:48:b8:e4:75       no                42.60
 2     00:00:48:b8:e4:a9       no                34.16
 2     00:00:48:b8:e4:b1       no                 1.42
 2     00:00:48:bc:fe:50       no                 0.64
 2     00:00:48:bf:57:c2       no                56.53
 2     00:00:74:78:4a:e6       no                58.83
 2     00:00:74:82:8f:86       no                 2.70
 2     00:00:74:9b:1a:72       no               227.31
 2     00:00:74:9b:4f:02       no               134.31
 2     00:00:85:42:47:6f       no                70.84
 2     00:00:e8:78:b9:f0       no                85.56
 2     00:00:e8:88:59:a7       no                56.96
 2     00:00:f8:10:d3:e4       no                 3.09
 2     00:01:6c:2c:17:dc       no               109.13
 2     00:01:e6:34:8f:ec       no                23.54
 2     00:04:23:40:2a:ed       no                59.35
 2     00:04:23:40:2c:09       no                77.52
 2     00:04:23:40:6f:e7       no                13.12
 2     00:04:76:cd:60:4f       no                11.61
 2     00:05:1a:0a:cd:84       no                 1.74
 2     00:06:4f:16:fb:27       no                10.71
 2     00:08:54:07:f9:ce       no                21.78
 2     00:08:c7:69:42:ce       no                18.75
 2     00:0b:cd:27:5c:9a       no                47.96
 2     00:0b:cd:d0:12:e0       no               281.18
 2     00:0c:76:06:a7:46       no                45.41
 2     00:0c:76:08:21:ca       no                 0.52
 2     00:0c:76:08:24:3d       no                67.38
 2     00:0c:76:61:5c:95       no               294.94
 2     00:0c:76:61:5c:b8       no                97.45
 2     00:0f:fe:10:f8:a7       no               290.36
 2     00:0f:fe:11:01:f7       no                 9.65
 2     00:0f:fe:11:01:fd       no               162.32
 2     00:10:5a:a1:10:26       no               166.30
 2     00:10:dc:d0:bb:5d       no                82.50
 1     00:12:79:94:79:20       no                 0.00
 2     00:13:21:1c:e7:82       no               258.92
 2     00:13:72:9d:69:b1       no                86.61
 2     00:13:72:9d:6b:bc       no               166.45
 2     00:13:d4:3a:a5:af       no                 0.00
 2     00:16:35:76:6f:3d       no               237.86
 2     00:16:35:77:58:51       no               120.25
 2     00:16:35:77:58:ed       no               256.57
 2     00:20:18:39:85:6c       no                 0.56
 2     00:20:18:39:93:9d       no                 9.11
 2     00:20:18:39:94:3f       no                 2.23
 2     00:20:18:3a:04:48       no                88.23
 2     00:20:18:3a:d8:db       no               101.97
 2     00:20:18:3a:dd:c4       no                82.93
 2     00:20:18:3b:22:10       no               125.62
 2     00:20:18:3b:5e:c0       no               283.91
 2     00:20:18:b9:34:08       no               182.79
 2     00:20:18:b9:35:0a       no               137.80
 2     00:30:05:52:9c:0e       no                14.68
 2     00:30:05:52:9c:3f       no               185.35
 2     00:30:05:52:df:59       no                38.65
 2     00:30:05:52:df:5c       no               115.78
 2     00:30:05:52:df:68       no               185.26
 2     00:30:05:52:df:75       no                32.49
 2     00:30:05:52:df:8a       no                 0.58
 2     00:30:05:52:e0:19       no                 0.91
 2     00:30:05:52:e0:1a       no                65.11
 2     00:30:05:52:e0:2d       no                85.19
 2     00:30:05:52:e0:30       no               127.25
 2     00:30:05:52:e0:3b       no                94.06
 2     00:30:05:52:e0:45       no                28.04
 2     00:30:05:52:e0:48       no                 0.42
 2     00:30:05:52:e0:57       no               116.83
 2     00:30:05:52:e0:5d       no                43.86
 2     00:30:c1:ae:20:9b       no                23.51
 2     00:40:95:30:16:7c       no                62.71
 2     00:4f:49:0d:43:7f       no               110.99
 2     00:4f:49:0d:86:dc       no                11.70
 2     00:4f:4e:10:33:d3       no                70.87
 2     00:4f:4e:11:72:8e       no               268.55
 2     00:50:fc:62:cc:31       no                65.30
 2     00:50:fc:a8:7b:0a       no                 2.57
 2     00:50:fc:aa:58:2f       no               101.34
 2     00:c0:a8:f2:80:71       no                 0.20
 2     00:c0:a8:f2:80:75       no                47.28
 2     00:c0:a8:f2:fc:9c       no                43.27
 2     00:c0:a8:f3:02:37       no               223.92
 2     00:e0:29:9d:2b:96       no                43.62
 4     aa:cc:00:00:00:04       no               124.69
 3     aa:cc:00:00:00:42       no                 0.32
 1     fe:ff:ff:ff:ff:ff       yes                0.00


Are there any problems about mixed bridges and real switches ?. Why i can't establish a TCP session ?



Thanks in advanced.




--


Juan Antonio Vera



Attachment: javera.vcf
Description: Vcard

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users
<Prev in Thread] Current Thread [Next in Thread>
  • [Xen-users] Bridge networking fail with no established connection, Juan Antonio Vera (Internet) <=