Xen project Mailing List

[Xen-users] routing domU packet in the outside network

From: Hugues Obolonsky <hugues.obolonsky@xxxxxxxxxxxx>

Date: Wed, 04 Apr 2007 04:27:47 +0200

Delivery-date: Tue, 03 Apr 2007 19:27:05 -0700

List-id: Xen user discussion <xen-users.lists.xensource.com>

Hello, i've read a lot about xen networking, but there is a lot of confusing stuff. Anyway, i'm trying to get a simple configuration working, and here is my setup in 2 words. A single eth0 on my laptop Xen Ubuntu kernel 2.6.19-4-generic from Feisty dist Dom0 with a eth0 ip address that change every day DHCP or Wireless but located in the 192.168.1.0/24 network All DomU are configured with static IP in network 192.168.2.0/24 So i made the following config: (network-script 'network-bridge bridge=xen-intbr') (vif-script vif-bridge) auto xen-intbr iface xen-intbr inet static pre-up brctl addbr xen-intbr post-down brctl delbr xen-intbr address 192.168.2.1 netmask 255.255.255.0 network 192.168.2.0 broadcast 192.168.2.255 bridge_fd 0 bridge_hello 0 bridge_stp off For the exemple On Dom0 eth0 192.168.1.3/24 gw 192.168.1.1 <- my internet gateway On DomU eth0 192.168.2.100/24 gw 192.168.2.1 Vif interface for domU are attached to the xen-intbr bridge Vif0.0 & peth0 to the xenbr0 bridge I'm also adding a iptables nat rules as follow iptables -t nat -A POSTROUTING -s 192.168.2.0/24 -o eth0 -j MASQUERADE The strange behavior is the following from the DomU i can ping on the internet, fine, but i cannot use any other protocol. domain, http or ssh is not working. Cannot explain how icmp can work and no tcp/udp proto ? Here is some trace ------------------------------------------------------------------------ here is the iptables nat log for a working ping on internet Apr 4 04:04:43 thula kernel: [16132.991047] IN= OUT=eth0 PHYSIN=vif8.0 SRC=192.168.2.100 DST=195.1XX.2XX.166 LEN=84 TOS=0x00 PREC=0x00 TTL=63 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=43533 SEQ=1 Apr 4 04:04:43 thula kernel: [16132.991078] IN= OUT=xenbr0 PHYSIN=vif0.0 PHYSOUT=peth0 SRC=192.168.1.3 DST=195.1XX.2XX.166 LEN=84 TOS=0x00 PREC=0x00 TTL=63 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=0 SEQ=1 Nat log for a non working http attempt Apr 4 04:06:21 thula kernel: [16231.258293] IN= OUT=eth0 PHYSIN=vif8.0 SRC=192.168.2.100 DST=91.1XX.89.6 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=26793 DF PROTO=TCP SPT=4635 DPT=80 WINDOW=5840 RES=0x00 SYN URGP=0 Apr 4 04:06:21 thula kernel: [16231.258327] IN= OUT=xenbr0 PHYSIN=vif0.0 PHYSOUT=peth0 SRC=192.168.1.3 DST=91.1XX.89.6 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=26793 DF PROTO=TCP SPT=4635 DPT=80 WINDOW=5840 RES=0x00 SYN URGP=0 TCPDUMP from the eth0 on dom0 when testing http from the domU: 04:09:33.797916 IP thula.4639 > forster.canonical.com.www: S 592124:592124(0) win 5840 <mss 1460,sackOK,timestamp 1039865 0,nop,wscale 1> 04:09:33.835704 IP forster.canonical.com.www > thula.4639: S 2685827776:2685827776(0) ack 592125 win 5792 <mss 1460,sackOK,timestamp 1863773122 1039865,nop,wscale 8> 04:09:33.835799 IP thula.4639 > forster.canonical.com.www: . ack 1 win 2920 <nop,nop,timestamp 1039876 1863773122> 04:09:33.836005 IP thula.4639 > forster.canonical.com.www: P 1:752(751) ack 1 win 2920 <nop,nop,timestamp 1039876 1863773122> ... got ack 1 but no http session, and non update from canonical in domU :( ... ----------------------------------------------------------------------- Cannot figured out my mistake, Did anyone get a similar configuration working ? Best Regards Hugues _______________________________________________ Xen-users mailing list Xen-users@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-users

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.