[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-users] combination of bridged and routed networking problem

Hi, 

I have placed the following log-targets
to the tables:

  iptables -I OUTPUT -j LOG --log-prefix "OUTPUT: "
  iptables -I FORWARD -j LOG --log-prefix "FORWARD: "
  iptables -t nat -I PREROUTING -j LOG --log-prefix "PREROUTING: "
  iptables -t nat -I POSTROUTING -j LOG --log-prefix "POSTROUTING: "
  iptables -I INPUT -j LOG --log-prefix "INPUT: "

The results below show, that the PREROUTING chain is visited
once by the packet with incoming interface xenbr0. Therefore,
I have placed the DNAT target into the chain as described in
my initial posting. Here, I have placed the DNAT as suggested by
Holger (b52@xxxx).

Chain PREROUTING (policy ACCEPT 2213 packets, 155K bytes)
 pkts bytes target     prot opt in     out     source               destination 
        
   66  4447 LOG        0    --  *      *       0.0.0.0/0            0.0.0.0/0   
        LOG flags 0 level 4 prefix `PREROUTING: ' 
    0     0 DNAT       tcp  --  eth0   *       0.0.0.0/0            10.32.18.38 
        tcp dpt:443 to:192.168.0.2:443 
    0     0 DNAT       tcp  --  eth0   *       0.0.0.0/0            10.32.18.38 
        tcp dpt:222 to:192.168.0.2:22 


(The ssh client has the IP 10.43.2.15 and the server 10.32.18.38.)

Mar  5 15:52:27 tachyon kernel: [718938.533000] PREROUTING: IN=xenbr0 OUT= 
PHYSIN=peth0 MAC=00:1e:0b:70:f6:96:00:0a:f3:e2:d4:0a:08:00 SRC=10.43.2.15 
DST=10.32.18.38 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=43542 DF PROTO=TCP 
SPT=53416 DPT=222 WINDOW=5840 RES=0x00 SYN URGP=0 
Mar  5 15:52:27 tachyon kernel: [718938.533016] FORWARD: IN=xenbr0 OUT=xenbr0 
PHYSIN=peth0 PHYSOUT=vif0.0 SRC=10.43.2.15 DST=10.32.18.38 LEN=60 TOS=0x00 
PREC=0x00 TTL=63 ID=43542 DF PROTO=TCP SPT=53416 DPT=222 WINDOW=5840 RES=0x00 
SYN URGP=0 
Mar  5 15:52:27 tachyon kernel: [718938.533025] POSTROUTING: IN= OUT=xenbr0 
PHYSIN=peth0 PHYSOUT=vif0.0 SRC=10.43.2.15 DST=10.32.18.38 LEN=60 TOS=0x00 
PREC=0x00 TTL=63 ID=43542 DF PROTO=TCP SPT=53416 DPT=222 WINDOW=5840 RES=0x00 
SYN URGP=0 
Mar  5 15:52:27 tachyon kernel: [718938.533048] INPUT: IN=eth0 OUT= 
MAC=00:1e:0b:70:f6:96:00:0a:f3:e2:d4:0a:08:00 SRC=10.43.2.15 DST=10.32.18.38 
LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=43542 DF PROTO=TCP SPT=53416 DPT=222 
WINDOW=5840 RES=0x00 SYN URGP=0 
Mar  5 15:52:27 tachyon kernel: [718938.533075] OUTPUT: IN= OUT=eth0 
SRC=10.32.18.38 DST=10.43.2.15 LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF 
PROTO=TCP SPT=222 DPT=53416 WINDOW=0 RES=0x00 ACK RST URGP=0 
Mar  5 15:52:27 tachyon kernel: [718938.533090] FORWARD: IN=xenbr0 OUT=xenbr0 
PHYSIN=vif0.0 PHYSOUT=peth0 SRC=10.32.18.38 DST=10.43.2.15 LEN=40 TOS=0x00 
PREC=0x00 TTL=64 ID=0 DF PROTO=TCP SPT=222 DPT=53416 WINDOW=0 RES=0x00 ACK RST 
URGP=0 

Best regards,

 Valentin
-- 
Ist Ihr Browser Vista-kompatibel? Jetzt die neuesten 
Browser-Versionen downloaden: http://www.gmx.net/de/go/browser

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.