thr3ads.net - Xen users - [Xen-users] XEN Bridging, Nating and VPN [Jul 2007]

If this information is useful, please help other people find it:
Share via:

Athanasios Zorbas

2007-Jul-12 09:30 UTC

[Xen-users] XEN Bridging, Nating and VPN

Hello all,

There is a Suse 10 dom0 machine which is acting as a router. It has two
ethernet cards, one assigned a public address and the other a private one.
The machine also logins to a VPN server on the public network (via eth0) and
it can route traffic requests from one network to another. This is the
configuration:

eth0      Link encap:Ethernet  HWaddr 00:30:05:AC:15:26
          inet addr:xxxxxxx  Bcast:xxxxxxxx  Mask:255.255.252.0
          inet6 addr: fe80::230:5ff:feac:1526/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

eth1      Link encap:Ethernet  HWaddr 00:10:A7:16:AC:E6
          inet addr:192.168.0.1  Bcast: 192.168.0.255  Mask:255.255.255.0
          inet6 addr: fe80::210:a7ff:fe16:ace6/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

ppp0      Link encap:Point-to-Point Protocol
          inet addr:10.1.251.25  P-t-P:xxxxxxxx  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1000  Metric:1

I use XEN with bridging on eth1 card and that results in that domUs have
adresses from 192.168.0.0 network. It all works fine, except that I cannot
access the 10.0.0.0/8 from 192.168.0.0/24 anymore. The following rules work
when XEN bridge is not enabled:

ip route add ''10.0.0.0/8'' dev ''ppp0''
iptables --insert OUTPUT 1 --source 0.0.0.0/0.0.0.0 --destination
10.0.0.0/8--jump ACCEPT --out-interface ''ppp0''
iptables --insert INPUT 1 --source 10.0.0.0/8 --destination
0.0.0.0/0.0.0.0--jump ACCEPT --in-interface ''ppp0''
iptables --insert FORWARD 1 --source 0.0.0.0/0.0.0.0 --destination
10.0.0.0/8 --jump ACCEPT --out-interface ''ppp0''
iptables --insert FORWARD 1 --source 10.0.0.0/8 --destination
0.0.0.0/0.0.0.0 --jump ACCEPT
iptables --table nat --append POSTROUTING --out-interface
''ppp0'' --jump
MASQUERADE
iptables --append FORWARD --protocol tcp --tcp-flags SYN,RST SYN --jump
TCPMSS --clamp-mss-to-pmtu

but they do no work when the packets come through the xen bridge. The
problem is that the packets that coming out from the ppp0 interface have
source ip 192.68.0.x rather than 10.1.251.25 , the address of the ppp0
interface, ie masquerading does not work.

What rules should I have to so both networks, 10.0.0.0/8 and
192.168.0.0/24, speak to each other? Do I have to use ebtables
together with iptables or
not?

Thanks in advance!
Regards,
Thanasis


_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users

Xen users - Jul 2007 - XEN Bridging, Nating and VPN

[Xen-users] XEN Bridging, Nating and VPN