WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-users

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Xen-users] XEN Bridging, Natting and VPN

from [Athanasios Zorbas] [Permanent Link][Original]
To: xen-users@xxxxxxxxxxxxxxxxxxx
Subject: [Xen-users] XEN Bridging, Natting and VPN
From: "Athanasios Zorbas" <athanasios.zorbas@xxxxxxxxx>
Date: Fri, 6 Jul 2007 12:34:25 +0300
Delivery-date: Fri, 06 Jul 2007 02:32:27 -0700
Dkim-signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:mime-version:content-type; b=nuTKGIgXqGdQsnbJaWBQ4GBmvXWyNGWtWe9rg0yK08z9d4aYvBNTY0PoieTmbHJK/uq5h8NcQjafeE/rLtILiyLjQfhKNaHnzTia/emM9L1yJf1m/xvMBswPSoyA+RimT4xQ9wKiBFHZ/y6tmZzAN/XEl2HkCKZcvBsWKsq0kj0=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:mime-version:content-type; b=JDZJXwe4kJpxX+AAMH7dqopvN/Xu5Zy5ashDQ+hbBKjaWzCLtJbuezX9TkxpUpG63n7PxoMoyxPVZYeA+wfHaDTGIZRoMBM4vqj+BiWUUJWFgzj0OVS0m63x5l9VA1IaIVgscYTyHqUbpKugfB1H8EnKKGboY4Ij7HcaVbrRAV0=
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx
Hello all,

There is a Suse 10 dom0 machine which is acting as a router. It has two ethernet cards, one assinged a public address and the other a private one. The machine also logins to a VPN server on the public network (via eth0) and it can route traffic requests from one network to another. This is the configuration:

eth0      Link encap:Ethernet  HWaddr 00:30:05:AC:15:26
          inet addr:xxxxxxx  Bcast:xxxxxxxx  Mask:255.255.252.0
          inet6 addr: fe80::230:5ff:feac:1526/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
 
eth1      Link encap:Ethernet  HWaddr 00:10:A7:16:AC:E6
          inet addr:192.168.0.1  Bcast: 192.168.0.255  Mask:255.255.255.0
          inet6 addr: fe80::210:a7ff:fe16:ace6/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
 
ppp0      Link encap:Point-to-Point Protocol
          inet addr:10.1.251.25  P-t-P:xxxxxxxx  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1000  Metric:1
 
I use XEN with bridging on eth1 card and that results in that domUs have adresses from 192.168.0.0 network. It all works fine, except that I cannot access the 10.0.0.0/8 from 192.168.0.0/24 anymore. The following rules work when XEN bridge is not enabled:

ip route add '10.0.0.0/8' dev 'ppp0'
iptables --insert OUTPUT 1 --source 0.0.0.0/0.0.0.0 --destination 10.0.0.0/8 --jump ACCEPT --out-interface 'ppp0'
iptables --insert INPUT 1 --source 10.0.0.0/8 --destination 0.0.0.0/0.0.0.0 --jump ACCEPT --in-interface 'ppp0'
iptables --insert FORWARD 1 --source 0.0.0.0/0.0.0.0 --destination 10.0.0.0/8 --jump ACCEPT --out-interface 'ppp0'
iptables --insert FORWARD 1 --source 10.0.0.0/8 --destination 0.0.0.0/0.0.0.0 --jump ACCEPT
iptables --table nat --append POSTROUTING --out-interface 'ppp0' --jump MASQUERADE
iptables --append FORWARD --protocol tcp --tcp-flags SYN,RST SYN --jump TCPMSS --clamp-mss-to-pmtu

but they do no work when the packets come through the xen bridge. The problem is that the packets that coming out from the ppp0 interface have source ip 192.68.0.x rather than 10.1.251.25 , the address of the ppp0 interface, ie masquerading does not work.

What rules should I have to so both networks, 10.0.0.0/8 and 192.168.0.0/24 , speak to each other? Do I have to use ebtables together with iptables or not?

Thanks in advance!
Regards,
Thanasis


_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
  • [Xen-users] XEN Bridging, Natting and VPN, Athanasios Zorbas <=
Previous by Date:  [Xen-users] what creates the veth* devices?, Chris Stromsoe
Next by Date:  [Xen-users] How to change the value of uuid in the configure file of vm?, openbsd shen
Previous by Thread:  [Xen-users] what creates the veth* devices?, Chris Stromsoe
Next by Thread:  [Xen-users] How to change the value of uuid in the configure file of vm?, openbsd shen
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy