NAT through Dom0 on unstable branch

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Eitan Isaacson <ee.jay.eye@gmail.com>
To: xen-devel@lists.xensource.com
Subject: NAT through Dom0 on unstable branch
Date: Mon, 20 Jun 2005 11:40:05 -0700	[thread overview]
Message-ID: <fa8d26480506201140246713f7@mail.gmail.com> (raw)

Hello,
I might be the first to encounter this issue, so I think it is worth posting...

I am trying to set up a configuration in which a DomU and Dom0 are on
their own subnet, and DomU accesses the real network through Dom0's
NAT.

These are the steps that I take (note, these steps worked fine in
"testing" and "stable" branches):

I first set up a bridge with a private IP:

brctl addbr mybr0
ip addr add 192.168.0.1/24 dev mybr0
ip link set mybr0 up

These are my network scripts in the xend config file:

(network-script     network-route)
(vif-script         vif-bridge)
(vif-bridge         mybr0)

I start a DomU with an IP of 192.168.0.101, and I am able to ping Dom0
(192.186.0.1).

I enable IP forwarding, and I set up NAT:

sysctl -w net.ipv4.ip_forward=1  # (if not allready done by xend)
iptables -t nat -A POSTROUTING -j MASQUERADE \
  -o eth0 -s 192.168.0.1/24

I am able to ping the outside world by IP, but name resolution, or any
other TCP/IP traffic does not work.
The very strange part is that tcpdump seems to show packets arriving
at their destination on the outside world hosts. but besides the ACKs,
the outside hosts do not respond.
I am not a networking expert, so I am sorry if my diagnoses is not full.

Here is a bit more info (on Dom0):
# iptables -t nat -L
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination
MASQUERADE  all  --  192.168.0.0/24       anywhere

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

# ifconfig
eth0      Link encap:Ethernet  HWaddr 00:0F:1F:8C:17:D6
          inet addr: 10.0.20.10  Bcast:10.0.255.255  Mask:255.255.0.0
          UP BROADCAST NOTRAILERS RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:30868 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1121 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:8172500 (7.7 Mb)  TX bytes:158965 (155.2 Kb)
          Base address:0xdf40 Memory:fcfe0000-fd000000

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:5 errors:0 dropped:0 overruns:0 frame:0
          TX packets:5 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:288 (288.0 b)  TX bytes:288 (288.0 b)

mybr0     Link encap:Ethernet  HWaddr FE:FF:FF:FF:FF:FF
          inet addr:192.168.0.1  Bcast:0.0.0.0  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:12 errors:0 dropped:0 overruns:0 frame:0
          TX packets:13 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:834 (834.0 b)  TX bytes:938 (938.0 b)

vif1.0    Link encap:Ethernet  HWaddr FE:FF:FF:FF:FF:FF
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:13 errors:0 dropped:0 overruns:0 frame:0
          TX packets:10 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:1044 (1.0 Kb)  TX bytes:812 (812.0 b)

# brctl show
bridge name     bridge id               STP enabled     interfaces
mybr0           8000.feffffffffff       no              vif1.0


Thanks!

next             reply	other threads:[~2005-06-20 18:40 UTC|newest]

Thread overview: 7+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2005-06-20 18:40 Eitan Isaacson [this message]
2005-06-20 22:10 ` NAT through Dom0 on unstable branch Nils Toedtmann
2005-06-21 12:03 ` Grzegorz Milos
2005-06-21 17:51 ` Bernhard Schmidt
2005-06-22  1:16   ` Sheng S Lu
2005-06-21 19:15 ` Toens Bueker
2005-06-21 23:21   ` Rusty Russell

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=fa8d26480506201140246713f7@mail.gmail.com \
    --to=ee.jay.eye@gmail.com \
    --cc=xen-devel@lists.xensource.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.