Ron Arts
2005-Dec-19 00:03 UTC
[Xen-users] Dual Homed xen0 does not want to masq, packets not traversing POSTROUTING chain
Hi all, I have been wrestling with this all day. Some people state in the archives this is not a Xen problem, but elsewhere I did not find answers as well. System: Xen-3 + fc4 AMD Sempron. Dual NIC: eth1 to public internet, eth0 to private LAN (192.168.x.x). There will be domU attached to eth0 in the future, but at the moment none are running. They will need to be NAT''ed as well though. When I boot up the machine, the hosts on the private LAN are properly NAT''ed (using a simple setup with system-config-securitylevel). When I ''service start xend'' and restart iptables NAT stops working. I tried putting ''iptables -j LOG'' entries in the -t nat POSTROUTING chain, and I got these: Dec 18 23:50:48 gw kernel: MASQ:IN= OUT=eth1 SRC=192.168.123.26 DST=217.170.32.40 LEN=84 TOS=0x00 PREC=0x00 TTL=63 ID=44 DF PROTO=ICMP TYPE=8 CODE=0 ID=60963 SEQ=44 but nothing shows up any more *after* xend is started. What *does* show up is: Dec 19 00:07:40 gw kernel: FORWARD:IN=xenbr0 OUT=xenbr0 PHYSIN=peth0 PHYSOUT=vif0.0 SRC=192.168.123.26 DST=217.170.32.40 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=977 DF PROTO=ICMP TYPE=8 CODE=0 ID=61219 SEQ=977 Dec 19 00:07:40 gw kernel: FORWARD:IN=eth0 OUT=eth1 PHYSIN=peth0 PHYSOUT=vif0.0 SRC=192.168.123.26 DST=217.170.32.40 LEN=84 TOS=0x00 PREC=0x00 TTL=63 ID=977 DF PROTO=ICMP TYPE=8 CODE=0 ID=61219 SEQ=977 but nothing in the postrouting chain. And I need to do MASQ there. I have looked everywhere. I have every feature in iptables and ebtables compiled in, /proc/sys/net/bridge/bridge-nf-call-iptables holds ''1''. ip_forward is set of course. Why don''t the packets show up in the POSTROUTING chain? For reference: this is my ifconfig before xend: eth0 Link encap:Ethernet HWaddr 00:00:1C:81:E3:BA inet addr:192.168.123.252 Bcast:192.168.123.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:29749 errors:0 dropped:0 overruns:0 frame:0 TX packets:8197 errors:0 dropped:0 overruns:0 carrier:0 collisions:78 txqueuelen:1000 RX bytes:3197935 (3.0 MiB) TX bytes:1696240 (1.6 MiB) Interrupt:19 Base address:0x9400 eth1 Link encap:Ethernet HWaddr 00:0F:EA:E8:AC:0E inet addr:62.163.35.217 Bcast:255.255.255.255 Mask:255.255.254.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:4270 errors:0 dropped:0 overruns:0 frame:0 TX packets:9464 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:490334 (478.8 KiB) TX bytes:1042276 (1017.8 KiB) Interrupt:18 Base address:0xc800 lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:59 errors:0 dropped:0 overruns:0 frame:0 TX packets:59 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:12148 (11.8 KiB) TX bytes:12148 (11.8 KiB) And this is after: eth0 Link encap:Ethernet HWaddr 00:00:1C:81:E3:BA inet addr:192.168.123.252 Bcast:192.168.123.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:34 errors:0 dropped:0 overruns:0 frame:0 TX packets:10 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:2702 (2.6 KiB) TX bytes:892 (892.0 b) eth1 Link encap:Ethernet HWaddr 00:0F:EA:E8:AC:0E inet addr:62.163.35.217 Bcast:255.255.255.255 Mask:255.255.254.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:4283 errors:0 dropped:0 overruns:0 frame:0 TX packets:9688 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:491120 (479.6 KiB) TX bytes:1059972 (1.0 MiB) Interrupt:18 Base address:0xc800 lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:59 errors:0 dropped:0 overruns:0 frame:0 TX packets:59 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:12148 (11.8 KiB) TX bytes:12148 (11.8 KiB) peth0 Link encap:Ethernet HWaddr FE:FF:FF:FF:FF:FF UP BROADCAST RUNNING NOARP MULTICAST MTU:1500 Metric:1 RX packets:30067 errors:0 dropped:0 overruns:0 frame:0 TX packets:8244 errors:0 dropped:0 overruns:0 carrier:0 collisions:78 txqueuelen:1000 RX bytes:3230167 (3.0 MiB) TX bytes:1704724 (1.6 MiB) Interrupt:19 Base address:0x9400 vif0.0 Link encap:Ethernet HWaddr FE:FF:FF:FF:FF:FF UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:12 errors:0 dropped:0 overruns:0 frame:0 TX packets:35 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:1248 (1.2 KiB) TX bytes:2776 (2.7 KiB) xenbr0 Link encap:Ethernet HWaddr FE:FF:FF:FF:FF:FF UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:5 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:140 (140.0 b) TX bytes:0 (0.0 b) other stuff: [root@gw linux-2.6.12-xen0]# route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 192.168.123.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 62.163.35.0 0.0.0.0 255.255.254.0 U 0 0 0 eth1 0.0.0.0 62.163.35.1 0.0.0.0 UG 0 0 0 eth1 [root@gw linux-2.6.12-xen0]# brctl show bridge name bridge id STP enabled interfaces xenbr0 8000.feffffffffff no peth0 vif0.0 _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users