[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-users] masquarading traffic from domU
hello, i'm having a firewall / xen-networking problem where i got stuck ... any help would be very appreciated! My dom0 has a openvpn connection to a openvpn-server, which gives access to a 192.168.1.0/24 network. Accessing 192.168.1.0/24 from dom0 works without a problem. In a domU i'd like to access 192.168.1.0/24, too ... therefore i added the IP of dom0 as gateway for packages to this network. If i try to ping any host in the 192.168.1.0/24 network, i get no response - as the hosts see the original IP of the domU (which is 192.168.72.186) and for that IP there is no route back ... so far, so good. If i access a host in the remote network from dom0, the connection can be established - as the remote hosts see the IP which was assigned from openVPN to dom0 - and for these IPs there is a route back. Now i tried to use shorewall, to have all traffic originating in domU, with destination at 192.168.1.0/24, masquararded with the openVPN-IP of dom0. I tried a line like that in /etc/shorewall/masq: tun0:192.168.1.0/24 192.168.72.186/32 But for any reason the traffic is not masquaraded ... the remote hosts still see the original IP fo domU. For fun i tried to use in shorewall/masq xenbr0: 192.168.1.0/24 192.168.72.186/32 In that case a ping from domU to a host in 192.168.1.0/24 does not even arrive - strange enough, a tcpdump on xenbr0 shows the original IP of domU, but on eth0 i see the openVPN IP ... so masquarading occured ... but then the packages seem to vanish, at least they don't reach tun0. Just to mention: The shorewall rules/policies are all to "accept". Logs show no strange messages, all seems to be ok. I assumed this to be a simple task - as the szenario should be almost the same as in a common "eth0 connected to LAN and eth1 to the internet" szenario ... but i don't get it working. What am i missing? What do i need to do, to have may traffic from domU masquaraded ... Thanks for any help! Christian _______________________________________________ Xen-users mailing list Xen-users@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-users
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |