[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-users] Bridged network traffic from wrong IP address

To: xen-users@xxxxxxxxxxxxx
From: Andrew Sorensen <andrewx192@xxxxxxxxx>
Date: Sun, 09 Dec 2012 14:31:45 -0800
Delivery-date: Sun, 09 Dec 2012 22:33:13 +0000
List-id: Xen user discussion <xen-users.lists.xen.org>

I'm having an issue where outbound traffic from my DomUs shows up with
the IP address of the Xen Dom0.

eg:

user@domu:~$ ssh user@anotherhost

where anotherhost sees the request coming from dom0, not the specific
domU (as it would in a NAT environment).

However, it is possible to ssh into the domU using it's IP address on
the same subnet.

Here are my relevant configuration files:

# Dom0 /etc/network/interfaces:

auto br2
iface br2 inet static
        address 172.24.90.1
        network 172.24.0.0
        netmask 255.248.0.0
        bridge_ports eth2
        bridge_stp off
        bridge_fd 0
        bridge_maxwait 0

# DomU /etc/network/interfaces:

auto eth1
iface eth1 inet static
        address 172.16.3.1
        netmask 255.248.0.0
        broadcast 172.16.248.255

DomU xen configuration file:

vif         = [ 'bridge=br1,ip=172.16.3.1,mac=xx:xx:xx:xx:xx:xx']


The host is Debian Squeeze (6.0), and the guest is Ubuntu 10.04

** The Dom0 also has a NAT network, on another interface, here's the
relevant lines for that in /etc/network/interfaces: **

auto br3
iface br3 inet static
        address 192.168.53.1
        netmask 255.255.255.0

        bridge_ports dummy0
        bridge_stp yes
        post-up /sbin/iptables --table filter --insert INPUT --source \
                192.168.53.0/255.255.255.0 --jump ACCEPT
        post-up /sbin/iptables --table filter --insert FORWARD --source \
                192.168.53.0/255.255.255.0 --jump ACCEPT
        post-up /sbin/iptables --table filter --insert FORWARD
--destination \
                192.168.53.0/255.255.255.0 --match state \
                --state ESTABLISHED,RELATED --jump ACCEPT
        post-up /sbin/iptables --table nat --insert POSTROUTING --source \
                192.168.53.0/255.255.255.0 \
                ! --destination 192.168.53.0/255.255.255.0 --jump MASQUERADE

        pre-down /sbin/iptables --table filter --delete INPUT --source \
                192.168.53.0/255.255.255.0 --jump ACCEPT
        pre-down /sbin/iptables --table filter --delete FORWARD --source \
                192.168.53.0/255.255.255.0 --jump ACCEPT
        pre-down /sbin/iptables --table filter --delete FORWARD
--destination \
                192.168.53.0/255.255.255.0 --match state \
                --state ESTABLISHED,RELATED --jump ACCEPT
        pre-down /sbin/iptables --table nat --delete POSTROUTING --source \
                192.168.53.0/255.255.255.0 \
                ! --destination 192.168.53.0/255.255.255.0 --jump MASQUERADE

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxx
http://lists.xen.org/xen-users

Follow-Ups:
- Re: [Xen-users] Bridged network traffic from wrong IP address
  - From: Ian Campbell

Prev by Date: Re: [Xen-users] Problem with secondary sata controller
Next by Date: Re: [Xen-users] Bridged network traffic from wrong IP address
Previous by thread: [Xen-users] Problem with secondary sata controller
Next by thread: Re: [Xen-users] Bridged network traffic from wrong IP address
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.