|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-users] problem using NAT in dom0 + Xen
Hello,
We have a machine (Debian Etch, Xen from Debian repositories, etc.) with
two NICs: one for LAN (192.168.0.0/24) and another one with public IP
address.
After enable Bridging (in /etc/xen/xend-config.sxp):
(network-script 'network-bridge netdev=eth0')
(vif-script vif-bridge)
# eth0 is the LAN NIC
I have eth0, peth0, vif0.1 (I guess that it's usual for you) and this
bridge:
servidor:~# brctl show
bridge name bridge id STP enabled interfaces
xenbr1 8000.feffffffffff no vif0.1
peth0
Then my NAT (to connect to internet from my internal network) stops to
work. In my iptables rules I don't have any reference to eth0 (only to
eth1, but it's not affected by Xen configuration). A simplification of
my rules:
--------
$IPTABLES -F
$IPTABLES -t nat -F
$IPTABLES -t mangle -F
$IPTABLES -P INPUT ACCEPT
$IPTABLES -P FORWARD DROP
$IPTABLES -P OUTPUT ACCEPT
$IPTABLES -A FORWARD -s 192.168.0.0/24 -j ACCEPT
$IPTABLES -A FORWARD -m state --state ESTABLISHED,RELATED \
-d 192.168.0.0/24 -j ACCEPT
$IPTABLES -t nat -A POSTROUTING -o eth1 -s 192.168.0.0/24 -j MASQUERADE
echo 1 > /proc/sys/net/ipv4/ip_forward
---------
If I sniff traffic on eth1 (tcpdump -i eth1) I see that IP packets are
sent using the private address! Of course, before enable xen daemon, I
see that this IP packets are sent using my public IP address (-j
MASQUERADE, same effect if I use -j SNAT --to-address my_address)
Any clue? Why is it happening?
I think that I'm having all possible problems using Xen :-)
Thank you!
--
Carles Pina i Estany GPG id: 0x8CBDAE64
http://pinux.info Manresa - Barcelona
_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |