|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-users] Issues with Xen and iptables
On Fri, Jan 29, 2010 at 9:41 PM, Rainer Sokoll <rainer@xxxxxxxxxx> wrote: > On Fri, Jan 29, 2010 at 09:09:23PM +0700, Fajar A. Nugraha wrote: > >> You might want to try changing the NAT conditions from using "-o eth2" >> to simply using --source and --destination first, with MASQUARADE for >> simplicity and easy-debugging. A colleague had some problems a while >> back, turned out he uses the wrong interface for "-o". > > If I follow your instructions, I see the natted (yeah!) packets on > vif0.1 - but nothing on eth2 (where the default route sits) - for both > SNAT and MASQUERADE. > Hm, ist that a step forward? Yup, it's getting somewhere. At this point we need a closer detail on what your setup looks like. I assume you use RHEL/Centos 5 with the default bridge setup? A "brctl show" and "netstat -nr" on dom0 would help. Also a bit explanation on where the packet is coming from. vif0.1 -> that comes as a pair with dom0's eth1 (which is actually veth1 renamed to eth1, while the real eth1 is renamed to peth1). So assuming the packet comes from outside of dom0 (from domU or other hosts), and dom0 does the routing, it's safe to say that you have a routing problem: the packets go to eth1 instead of eth2. There's another possible alternative explanation, one that's more complicated. In this scenario you have domUs bridged on xenbr1, and they have their own routing setup (NOT go through dom0). But from your previous description this should not be the case. -- Fajar _______________________________________________ Xen-users mailing list Xen-users@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-users
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |