WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-users

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Xen-users] Issues with Xen and iptables

from [Rainer Sokoll] [Permanent Link][Original]
To: xen-users@xxxxxxxxxxxxxxxxxxx
Subject: [Xen-users] Issues with Xen and iptables
From: Rainer Sokoll <rainer@xxxxxxxxxx>
Date: Fri, 29 Jan 2010 10:29:32 +0100
Delivery-date: Fri, 29 Jan 2010 01:31:12 -0800
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: Mutt/1.5.20 (2009-06-14) 
Hi,

I have a remote office connected to the head quarter through openvpn.
Works fine, as long as I route every traffic through the vpn. Now I need
to set up a splitted tunnel - all traffic to the head quarter must go
through the vpn, regular traffic goes directly into the internet.
The router in the remote office is a Xen dom0.
Routing works. I set up a (testing) rule for doing NAT:

iptables -o eth2 -t nat -A POSTROUTING -j SNAT -d x.x.x.x/32 --to-source y.y.y.y

I can see the rule in the POSTROUTING chain.
But if I do a "tcpdump -i eth2 -n host x.x.x.x", I can see that the
packets are not natted. Also "iptables -L -v -n -t nat" shows all
counters as 0 (zero) - it looks like my rule does not match any packet.
So my question is: are there issues with netfilter and Xen (in my case,
still 3.1)?

Any hint is appreciated,
Rainer

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Xen-users] 2.6.31.6 pv_ops can't boot pv_ops DomU kernel, Pasi Kärkkäinen
Next by Date:  Re: [Xen-users] 2.6.31.6 pv_ops can't boot pv_ops DomU kernel, Stefan Kuhne
Previous by Thread:  [Xen-users] support for hvm, Aclhk Aclhk
Next by Thread:  Re: [Xen-users] Issues with Xen and iptables, Fajar A. Nugraha
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy