|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-users] bridge and masquerade
Hi all, I'm crazing with nat! My environment: xen debian etch amd64 (default deb kernel, so xen 3.0.3). eth0 192.168.1.240/24 gw 192.168.1.254 eth1 10.0.0.1/8network if bridged and only the eth0/1 has a valid address (so all except eth0/1 has "inet addr"): srv-xen:~# ifconfig | grep HWadd eth0 Link encap:Ethernet HWaddr 00:15:17:18:5D:AC eth1 Link encap:Ethernet HWaddr 00:15:17:18:5D:AD peth0 Link encap:Ethernet HWaddr FE:FF:FF:FF:FF:FF peth1 Link encap:Ethernet HWaddr FE:FF:FF:FF:FF:FF vif0.0 Link encap:Ethernet HWaddr FE:FF:FF:FF:FF:FF vif0.1 Link encap:Ethernet HWaddr FE:FF:FF:FF:FF:FF vif1.0 Link encap:Ethernet HWaddr FE:FF:FF:FF:FF:FF vif2.0 Link encap:Ethernet HWaddr FE:FF:FF:FF:FF:FF vif2.1 Link encap:Ethernet HWaddr FE:FF:FF:FF:FF:FF xenbr0 Link encap:Ethernet HWaddr FE:FF:FF:FF:FF:FF xenbr1 Link encap:Ethernet HWaddr FE:FF:FF:FF:FF:FF on eth1 I have a pc with 10.0.19.254 (that have gw 10.0.0.1) that try to connect to 66.249.93.104 (google.it), but on the xen machine logs I see "martian source" :(. I try all the configurations found on the net, but none work!. My iptables: $IP -t nat -A PREROUTING -j LOG --log-prefix "$PREFIX MASQ-PRE- " $IP -t nat -A POSTROUTING -j LOG --log-prefix "$PREFIX MASQ-POST- "$IP -t nat -A POSTROUTING -s 10.0.0.0/8 -m physdev --physdev-in peth1 -j MASQUERADE Log:Jun 3 12:48:12 srv-xen kernel: Firewall MASQ-PRE- IN=xenbr1 OUT= PHYSIN=peth1 MAC=00:15:17:18:5d:ad:00:0f:b0:df:f9:82:08:00 SRC=10.0.19.254 DST=66.249.93.104 LEN=60 TOS=0x10 PREC=0x00 TTL=64 ID=52054 DF PROTO=TCP SPT=58536 DPT=80 WINDOW=5840 RES=0x00 SYN URGP=0 Jun 3 12:48:12 srv-xen kernel: Firewall DROPPRE- IN=xenbr1 OUT= PHYSIN=peth1 MAC=00:15:17:18:5d:ad:00:0f:b0:df:f9:82:08:00 SRC=10.0.19.254 DST=66.249.93.104 LEN=60 TOS=0x10 PREC=0x00 TTL=64 ID=52054 DF PROTO=TCP SPT=58536 DPT=80 WINDOW=5840 RES=0x00 SYN URGP=0 Jun 3 12:48:12 srv-xen kernel: Firewall MASQ-POST- IN= OUT=xenbr1 PHYSIN=peth1 PHYSOUT=vif0.1 SRC=10.0.19.254 DST=66.249.93.104 LEN=60 TOS=0x10 PREC=0x00 TTL=64 ID=52054 DF PROTO=TCP SPT=58536 DPT=80 WINDOW=5840 RES=0x00 SYN URGP=0 Jun 3 12:48:12 srv-xen kernel: Firewall MASQ-PRE- IN=eth1 OUT= MAC=00:15:17:18:5d:ad:00:0f:b0:df:f9:82:08:00 SRC=192.168.1.240 DST=66.249.93.104 LEN=60 TOS=0x10 PREC=0x00 TTL=64 ID=52054 DF PROTO=TCP SPT=58536 DPT=80 WINDOW=5840 RES=0x00 SYN URGP=0 Jun 3 12:48:12 srv-xen kernel: Firewall DROPPRE- IN=eth1 OUT= MAC=00:15:17:18:5d:ad:00:0f:b0:df:f9:82:08:00 SRC=192.168.1.240 DST=66.249.93.104 LEN=60 TOS=0x10 PREC=0x00 TTL=64 ID=52054 DF PROTO=TCP SPT=58536 DPT=80 WINDOW=5840 RES=0x00 SYN URGP=0 Jun 3 12:48:12 srv-xen kernel: martian source 66.249.93.104 from 192.168.1.240, on dev eth1 Jun 3 12:48:12 srv-xen kernel: ll header: 00:15:17:18:5d:ad:00:0f:b0:df:f9:82:08:00 If I try to DNAT all the come from peth1 (that wants to go outside) to 10.0.0.0 or 192.168.1.240 (my xen addr), the "out" interface are, of course ,"lo" so xen machine reply!. If I try to DNAT all the come from peth1 to the "external" gw (192.168.1.254) I receive: "Performing cross-bridge DNAT requires IP forwarding to be enabled" (but, of course, I have forwarding enable!) I don't know how do for solve this... :( Someone? Thanks, Michele _______________________________________________ Xen-users mailing list Xen-users@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-users
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |