[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-users] bridge and iptables

Hi everybody,
I am new to the XEN world and I have a problem on a simple installation.
My machine have two network interfaces, named eth100 (DSL connection)
and eth1000 (LAN connection). I already installed a XEN kernel for a
while, using "(network-script network-dummy)" but now I created a new
image and I have to configure the network. Since I would like to have a
bridge on the eth1000 (LAN) interface, I wrote this line
in /etc/xen/xend-config.sxp:

(network-script 'network-bridge vifnum=0 netdev=eth1000 antispoof=no')

It seems to be working, since I can still access to the LAN and the
internet, but all other machines that used this machine as gateway
cannot access internet anymore.

The script I used in order to make them access internet is very simple:

#!bin/sh
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables --table nat --append POSTROUTING \
        --out-interface eth100 \
        --protocol tcp --source 192.168.215.1/27 \
        --destination '!' 192.168.215.1/27
        --jump SNAT --to-source $PUBLIC_IP

now, the script does not give any error, but the connection doesn't work
anymore.

ipconfig show these interfaces:
eth100    Link encap:Ethernet  HWaddr 00:10:A7:02:A4:79  
          inet addr:$PUBLIC_IP  Bcast:89.255.255.255  Mask:255.255.255.255
eth1000   Link encap:Ethernet  HWaddr 00:15:C5:F6:CD:9A  
          inet addr:192.168.215.1  Bcast:192.168.215.31  Mask:255.255.255.224
lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
peth1000  Link encap:Ethernet  HWaddr FE:FF:FF:FF:FF:FF  
          inet6 addr: fe80::fcff:ffff:feff:ffff/64 Scope:Link
vif0.0    Link encap:Ethernet  HWaddr FE:FF:FF:FF:FF:FF  
          inet6 addr: fe80::fcff:ffff:feff:ffff/64 Scope:Link
xenbr0    Link encap:Ethernet  HWaddr FE:FF:FF:FF:FF:FF  
          inet6 addr: fe80::200:ff:fe00:0/64 Scope:Link

What am I missing here? Is there any problem with bridging and iptables?

Thanks,
Giuseppe

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.