Xen users - Mar 2006 - masquarading traffic from domU

Hello,

i''m trying to connect a domU to a VPN-Network, but i have problems ...
may
be someone can give me a hint:

My Dom0 is connected to a VPN using openvpn ... domU should be able to
access the VPN. Therefore i have created a route in domU to send all traffic
to dom0. dom0 is configured to forward the traffic.
Basically this works all well - but my problem is, that all machines in the
VPN see traffic originating from the domU with the IP of domU - therefore
they can''t send any answer back, as there is no route available (i
could
setup a route, but i''d prefer to have it working without doing it).

What have i to do, to get the traffic from the domU to the VPN masquaraded
by the dom0 with the IP which openvpn assigned to the dom0 ?

Any help welcome!

Christian


_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users

hello, i''m having a firewall / xen-networking problem where i got stuck
...
any help would be very appreciated!

My dom0 has a openvpn connection to a openvpn-server, which gives access to
a 192.168.1.0/24 network. Accessing 192.168.1.0/24 from dom0 works without a
problem.

In a domU i''d like to access 192.168.1.0/24, too ... therefore i added
the
IP of dom0 as gateway for packages to this network. If i try to ping any
host in the 192.168.1.0/24 network, i get no response - as the hosts see the
original IP of the domU (which is 192.168.72.186) and for that IP there is
no route back ... so far, so good.

If i access a host in the remote network from dom0, the connection can be
established - as the remote hosts see the IP which was assigned from openVPN
to dom0 - and for these IPs there is a route back.

Now i tried to use shorewall, to have all traffic originating in domU, with
destination at 192.168.1.0/24, masquararded with the openVPN-IP of dom0.
I tried a line like that in /etc/shorewall/masq:
tun0:192.168.1.0/24      192.168.72.186/32
But for any reason the traffic is not masquaraded ... the remote hosts still
see the original IP fo domU.

For fun i tried to use in shorewall/masq
xenbr0:192.168.1.0/24   192.168.72.186/32
In that case a ping from domU to a host in 192.168.1.0/24 does not even
arrive - strange enough, a tcpdump on xenbr0 shows the original IP of domU,
but on eth0 i see the openVPN IP ... so masquarading occured ... but then
the packages seem to vanish, at least they don''t reach tun0.

Just to mention:
The shorewall rules/policies are all to "accept". Logs show no strange
messages, all seems to be ok.

I assumed this to be a simple task - as the szenario should be almost the
same as in a common "eth0 connected to LAN and eth1 to the internet"
szenario ... but i don''t get it working.

What am i missing? What do i need to do, to have may traffic from domU
masquaraded ...

Thanks for any help!
Christian


_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users