WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-users

[Xen-users] Issues with Xen and iptables

To: xen-users@xxxxxxxxxxxxxxxxxxx
Subject: [Xen-users] Issues with Xen and iptables
From: Rainer Sokoll <rainer@xxxxxxxxxx>
Date: Fri, 29 Jan 2010 10:29:32 +0100
Delivery-date: Fri, 29 Jan 2010 01:31:12 -0800
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: Mutt/1.5.20 (2009-06-14)
Hi,

I have a remote office connected to the head quarter through openvpn.
Works fine, as long as I route every traffic through the vpn. Now I need
to set up a splitted tunnel - all traffic to the head quarter must go
through the vpn, regular traffic goes directly into the internet.
The router in the remote office is a Xen dom0.
Routing works. I set up a (testing) rule for doing NAT:

iptables -o eth2 -t nat -A POSTROUTING -j SNAT -d x.x.x.x/32 --to-source y.y.y.y

I can see the rule in the POSTROUTING chain.
But if I do a "tcpdump -i eth2 -n host x.x.x.x", I can see that the
packets are not natted. Also "iptables -L -v -n -t nat" shows all
counters as 0 (zero) - it looks like my rule does not match any packet.
So my question is: are there issues with netfilter and Xen (in my case,
still 3.1)?

Any hint is appreciated,
Rainer

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users

<Prev in Thread] Current Thread [Next in Thread>