liang chen
2005-Aug-10 16:05 UTC
[Xen-users] network traffic can''t be seen by iptables when no bridge presents
In my project, I tried to use iptables, instead of bridge, to direct networking traffics from one VM to another in one host. What I am doing is I delete xen-br0, and I have two VMs that have IP addresses of 10.8.0.51 and 10.8.0.52. I use iptables -t mangle -A FORWARD -d 10.8.0.51 -j ROUTE --oif vif1.0 iptables -t mangle -A FORWARD -d 10.8.0.52 -j ROUTE --oif vif2.0 vif1.0 and vif2.0 are the virtual network interfaces of two VMs. In order to debug the above rules, I log all the traffics: iptables -t mangle -A PREROUTING -j LOG --log-level debug --log-prefix "log-everything" I ping 10.8.0.52 from 10.8.0.51 and I expect to see the traffics would be logged. However, I can''t see any corresponding traffics are logging. Only traffics looks like : IN=lo OUT= ip-source=127.0.0.1 ip-destination=127.0.0.1........ I use tcpdump to listen on vif1.0 and I can see the icmp requsts from 10.8.0.51 to 10.8.0.52. I am using the kernel linux-2.6.11-xen0. Does anybody have ideas about it? Is it because there is no bridge presenting? thanks liang _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users