This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
Home Products Support Community News


[Xen-users] Routing problem in bridged setup

To: xen-users@xxxxxxxxxxxxxxxxxxx
Subject: [Xen-users] Routing problem in bridged setup
From: Pepe Barbe <elventear@xxxxxxxxx>
Date: Fri, 9 May 2008 12:17:27 -0500
Delivery-date: Fri, 09 May 2008 10:18:43 -0700
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:from:to:content-type:content-transfer-encoding:mime-version:subject:date:x-mailer; bh=BM/M4lKqBIMIFD4RcY8n1XB5orOg/1sq7bJNJxsqt10=; b=HwP4o7Lk44MrkswLpV/kRcPl26WKYCh5nyKclHAbFGC6KsC2Fv1iqLmZUgd5gLj7/pweXuJkztSP8B5Ce6buMn7fV0LFtSDh2yGCYnepAfMcWD6zQ4Ne9gWWy1yavOD/xx7YU8Cr7i2UhKQ8dltDuZgxG8dF7XqZfAWETelJR6E=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:from:to:content-type:content-transfer-encoding:mime-version:subject:date:x-mailer; b=gHXMIG3JVx2mdQFpGLJq19AE4L5l1VE14gkamcDy60ptd2J1HOJ3apkp0zaW3oyy4mxxWW/6svWAqd6PzbUFGquRMPTpbWxp2N9TUkhPnjh/sO76C4xnsDzpv+9EhgWb8ncsM4tpTA0LNbnEb2j32PKiH9hodvOaZqVctyzGW10=
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx

I am having some routing troubles with my Xen setup.

I have two domUs, one running as a firewall and another running as a dmz:

The dom0 has the following:
- eth0 bridge (

The domU-firewall has the following:
- Direct passthrough PCI NIC (Public Internet)
- Virtual NIC connected to the eth0 bridge on dom0 (
- Bridge called brdmz for the dmz zone (

The domU-dmz has the following:
- Virtual NIC connected to the brdmz in domU-firewall (

So far can I can make the domU-firewall and domU-dmz talk to each other without problem. Using IPTables/NAT on domU-firewall I can route to the public internet from dom0/Local Lan and from the domU-dmz. But I can't communicate from the domU-dmz to local lan and viceversa. I've made sure that there are no IPTables rules blocking this kind of traffic, so all I am left is with the possiblity of a routing problem: domU-firewall not forwarding packets from the local lan to the dmz bridge for some reason.

Anyone has any idea of what could I do to troubleshoot this problem?


Xen-users mailing list

<Prev in Thread] Current Thread [Next in Thread>