Xen users - Dec 2006 - Problem with vif-nat

Hello,

I''m having trouble with vif-nat under Xen 3.0.2 (I have to use this
version as I can''t get FreeBSD to boot under 3.0.3.) The traffic seems
to be masqueraded in one direction but not when it comes back. i.e.
when I try to resolve a hostname from my domU, I see the request with
the internal IP go through vifX.0 and then masqueraded on eth0. The
problem is that the reply never make it back to the vifX.0 interface.
They reach eth0 but don''t go any further.

I included my current setup at the end, any idea what''s wrong?

Thanks!

Albert

root@se-1:~# cat /etc/xen/xend-config.sxp |grep ''^(''
(xend-relocation-server yes)
(xend-relocation-hosts-allow ''^localhost$'')
(network-script network-nat)
(vif-script vif-nat)
(dom0-min-mem 196)
(dom0-cpus 0)

root@se-1:~# cat /etc/xen/linux
name="linux"
kernel="/boot/vmlinuz-2.6.16-xen"
root="/dev/hda1"
memory=32
disk=[''file:/vm/images/xen01.img,hda1,w'',''file:/vm/images/swap01.img,hda2,w'']

# network
vif=[ ''ip=10.0.0.1'' ]
dhcp="off"
ip="10.0.0.1"
netmask="255.0.0.0"
gateway="10.0.0.254"
hostname="linux"

extra="audit=1 3"


And the output of brctl and iptables:

root@se-1:~# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
ACCEPT     all  --  10.0.0.1             anywhere            PHYSDEV
match --physdev-in vif28.0
ACCEPT     udp  --  anywhere             anywhere            PHYSDEV
match --physdev-in vif28.0 udp spt:bootpc dpt:bootps

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

root@se-1:~# iptables -t nat -L -v
Chain PREROUTING (policy ACCEPT 1998 packets, 283K bytes)
 pkts bytes target     prot opt in     out     source
destination

Chain POSTROUTING (policy ACCEPT 1936 packets, 278K bytes)
 pkts bytes target     prot opt in     out     source
destination
  636 50838 MASQUERADE  all  --  any    eth0    anywhere
anywhere
    0     0 MASQUERADE  all  --  any    eth0    anywhere
anywhere

Chain OUTPUT (policy ACCEPT 649 packets, 52365 bytes)
 pkts bytes target     prot opt in     out     source               destination

root@se-1:~# brctl show
bridge name     bridge id               STP enabled     interfaces
xenbr0          8000.feffffffffff       no              peth0
                                                        vif0.0

_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users