Götz Reinicke - IT-Koordinator
2010-Jan-12 14:06 UTC
martian source, xen server and VMs share same physical interface
Hi, today I wanted to set up an Citrix Xen Server host and some VMs in my DMZ. All systems should get a public IP and like all "old", other physical systems in our DMZ proxy arp is configured. But installing the first VM fails, because I''m not able to mount my softwareinsatll nfs share and shorewall shows this in the log: kernel: martian source 193.196.129.1 from 193.196.129.29, on dev eth2 The Xen Server ip is 193.196.129.30, the default gateway and the externel ip of my shorewall is 193.196.129.1, the VM has got the 193.196.129.29. Both, the Xen Server and the VM use the same physical interface. I can ping both IPs from my internal NFS server. I run shorewall 4.2.10 on Red Hat EL. May be someone can help ma or point me to the documentation for this; I have''nt found any yet. If neede, I''ll send the shorewall show/dump output. Thanks and best regards, Götz -- Götz Reinicke IT-Koordinator Tel. +49 7141 969 420 Fax +49 7141 969 55 420 E-Mail goetz.reinicke@filmakademie.de Filmakademie Baden-Württemberg GmbH Akademiehof 10 71638 Ludwigsburg www.filmakademie.de Eintragung Amtsgericht Stuttgart HRB 205016 Vorsitzende des Aufsichtsrats: Prof. Dr. Claudia Hübner Staatsrätin für Demographischen Wandel und für Senioren im Staatsministerium Geschäftsführer: Prof. Thomas Schadt ------------------------------------------------------------------------------ This SF.Net email is sponsored by the Verizon Developer Community Take advantage of Verizon''s best-in-class app development support A streamlined, 14 day to market process makes app distribution fast and easy Join now and get one step closer to millions of Verizon customers http://p.sf.net/sfu/verizon-dev2dev
Tom Eastep
2010-Jan-12 15:00 UTC
Re: martian source, xen server and VMs share same physical interface
Götz Reinicke - IT-Koordinator wrote:> Hi, > > today I wanted to set up an Citrix Xen Server host and some VMs in my DMZ. > > All systems should get a public IP and like all "old", other physical > systems in our DMZ proxy arp is configured. > > But installing the first VM fails, because I''m not able to mount my > softwareinsatll nfs share and shorewall shows this in the log: > > kernel: martian source 193.196.129.1 from 193.196.129.29, on dev eth2That message has nothing to do with Shorewall.> > The Xen Server ip is 193.196.129.30, the default gateway and the > externel ip of my shorewall is 193.196.129.1, the VM has got the > 193.196.129.29. > > Both, the Xen Server and the VM use the same physical interface. >A martians occur when a host using reverse path filtering (in your case, /proc/sys/net/ipv4/conf/eth2/rp_filter = 1) receives a packet from a host that is not routed out of that interface. In the case of the above message, 193.196.129.1 is receiving a packet from 193.196.129.29 but the route to 193.196.129.29 does not go out through eth2. Looks like the sub-netting/routing on the Shorewall box is incorrect. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ This SF.Net email is sponsored by the Verizon Developer Community Take advantage of Verizon''s best-in-class app development support A streamlined, 14 day to market process makes app distribution fast and easy Join now and get one step closer to millions of Verizon customers http://p.sf.net/sfu/verizon-dev2dev
Götz Reinicke - IT-Koordinator
2010-Jan-12 15:07 UTC
Re: martian source, xen server and VMs share same physical interface - Argh
Some coworker used the VMs ip already .... sorry for the noise, regards, Götz -- Götz Reinicke IT-Koordinator Tel. +49 7141 969 420 Fax +49 7141 969 55 420 E-Mail goetz.reinicke@filmakademie.de Filmakademie Baden-Württemberg GmbH Akademiehof 10 71638 Ludwigsburg www.filmakademie.de Eintragung Amtsgericht Stuttgart HRB 205016 Vorsitzende des Aufsichtsrats: Prof. Dr. Claudia Hübner Staatsrätin für Demographischen Wandel und für Senioren im Staatsministerium Geschäftsführer: Prof. Thomas Schadt ------------------------------------------------------------------------------ This SF.Net email is sponsored by the Verizon Developer Community Take advantage of Verizon''s best-in-class app development support A streamlined, 14 day to market process makes app distribution fast and easy Join now and get one step closer to millions of Verizon customers http://p.sf.net/sfu/verizon-dev2dev