[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-users] XEN Bridging, Nating and VPN
Hello all, There is a Suse 10 dom0 machine which is acting as a router. It has two ethernet cards, one assigned a public address and the other a private one. The machine also logins to a VPN server on the public network (via eth0) and it can route traffic requests from one network to another. This is the configuration: eth0 Link encap:Ethernet HWaddr 00:30:05:AC:15:26 inet addr:xxxxxxx Bcast:xxxxxxxx Mask:255.255.252.0 inet6 addr: fe80::230:5ff:feac:1526/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 eth1 Link encap:Ethernet HWaddr 00:10:A7:16:AC:E6 inet addr: 192.168.0.1 Bcast: 192.168.0.255 Mask:255.255.255.0 inet6 addr: fe80::210:a7ff:fe16:ace6/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 ppp0 Link encap:Point-to-Point Protocol inet addr:10.1.251.25 P-t-P:xxxxxxxx Mask: 255.255.255.255 UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1000 Metric:1 I use XEN with bridging on eth1 card and that results in that domUs have adresses from 192.168.0.0 network. It all works fine, except that I cannot access the 10.0.0.0/8 from 192.168.0.0/24 anymore. The following rules work when XEN bridge is not enabled: ip route add ' 10.0.0.0/8' dev 'ppp0' iptables --insert OUTPUT 1 --source 0.0.0.0/0.0.0.0 --destination 10.0.0.0/8 --jump ACCEPT --out-interface 'ppp0' iptables --insert INPUT 1 --source 10.0.0.0/8 --destination 0.0.0.0/0.0.0.0 --jump ACCEPT --in-interface 'ppp0' iptables --insert FORWARD 1 --source 0.0.0.0/0.0.0.0 --destination 10.0.0.0/8 --jump ACCEPT --out-interface 'ppp0' iptables --insert FORWARD 1 --source 10.0.0.0/8 --destination 0.0.0.0/0.0.0.0 --jump ACCEPT iptables --table nat --append POSTROUTING --out-interface 'ppp0' --jump MASQUERADE iptables --append FORWARD --protocol tcp --tcp-flags SYN,RST SYN --jump TCPMSS --clamp-mss-to-pmtu but they do no work when the packets come through the xen bridge. The problem is that the packets that coming out from the ppp0 interface have source ip 192.68.0.x rather than 10.1.251.25 , the address of the ppp0 interface, ie masquerading does not work. What rules should I have to so both networks, 10.0.0.0/8 and 192.168.0.0/24 , speak to each other? Do I have to use ebtables together with iptables or not? Thanks in advance! Regards, Thanasis _______________________________________________ Xen-users mailing list Xen-users@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-users
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |