|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-users] vif/network-bridge and SNAT ?
On Jul 14, 2006 at 1729 -0700, tbrown@xxxxxxxxxxxxx appeared and said: > > Has anyone managed to combine bridged network model and SNAT? No, but I stumbled into the same problem. > [...] Looking at TCPdump output, my packets were going out of the domU > correctly, being nat'd correctly by dom0 (to the dom0 ip address), being > sent across the wire to a target box, which was replying. On dom0, I could > see the replies on peth0, but not eth0 ... so of course dom0 never got > them to nat back to domU. The MAC addresses for the returning packets > appeared to be correct. I have two bridges - one for the external IPs and one for DomUs in a LAN. The Dom0 is an IPsec and OpenVPN gateway linking the DomU LAN with a remote office and roadwarriors. This works all fine. The only thing that needs to be done is a SNAT for the DomU LAN. I used the standard SNAT rule iptables -t nat -A POSTROUTING -s 10.0.2.0/24 -d ! 10.0.1.0/24 -m physdev ! --physdev-is-bridged --jump SNAT --to-source 11.22.33.44 which does SNAT, but the return packets get dropped inside Dom0. tcpdump shows TCP SYNs getting out, NATted correctly, only the return packets disappear. I also tried the ethtool checksum magick, it makes no difference. It's a recent Xen 3.0.2 on Gentoo Linux. Ideas anyone? Best, RenÃ, melting in Vienna. -- "From the delicate strands, between minds we weave our mesh: a blanket to warm the soul." --- Lady Deirdre Skye (SMAC) --- _______________________________________________ Xen-users mailing list Xen-users@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-users
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |