Hi there, i have now a working domU which is bridged into the dom0. I have set as gateway the bridge device. So far this works i can access the domU from the dom0 (for example using ssh or http). The access from domU into dom0 works, too. But i can not get a working NAT setup to route the traffic from domU into the internet. I tried a few variants, switching of tx checks on the ethernet device, disabling connection tracking via NOTRACK target of iptables etc. IP forwarding is enabled in the kernel and via echo 1 /proc/... all no luck. So i ask you is there somewhere a document detailing a debbuging of such an behavour or something like that? I looked around for quite a while and tried some howtos, but nothing could help to get that beast working. I used the following rules: iptables -A PREROUTING -t nat -p tcp \ -d $von/32 -j DNAT --dport ! 22 --to-destination $zu iptables -t nat -A POSTROUTING -d $zu/32 -j MASQUERADE The bridge is configured and has an IP, which is used as the default gateway inside the domU. The eth interface is configured inside the domU and has an IP. The dom0 has a static connection to the network (which is working:). Oh, another question is, if i destroy a domain and create a new one the id counter is incremented by one. Is it possible to configure the system in a way that one domain always has the same id? Thanks and a good evening from rainy north germany --lars _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
* Lars Wilke wrote:> i have now a working domU which is bridged into the dom0. > I have set as gateway the bridge device. So far this works > i can access the domU from the dom0 (for example using ssh > or http). The access from domU into dom0 works, too. > But i can not get a working NAT setup to route the traffic > from domU into the internet. > I tried a few variants, switching of tx checks on the > ethernet device, disabling connection tracking via NOTRACK > target of iptables etc. > > IP forwarding is enabled in the kernel and via echo 1 /proc/... > all no luck. So i ask you is there somewhere a document > detailing a debbuging of such an behavour or something like that? > I looked around for quite a while and tried some howtos, but > nothing could help to get that beast working.The ebtables documentation explains at least partially this behaviour. The traversal of the packages changes when a bridge comes into play. So i switched to the nat scripts. These works insofar as i can now ping the world from inside a domU. But things like traceroute and dns lookups won''t work now. These tools just "hang", though a ping send to my DNS server gets a reply as expected. I use the standdard MASQ and FORWARD rules setup by the nat scripts. Has anybody an idea how i could debug this any further? thanks --lars _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
Am Samstag, 8. Juli 2006 11:34 schrieb Lars Wilke:> * Lars Wilke wrote: > > i have now a working domU which is bridged into the dom0. > > I have set as gateway the bridge device. So far this works > > i can access the domU from the dom0 (for example using ssh > > or http). The access from domU into dom0 works, too. > > But i can not get a working NAT setup to route the traffic > > from domU into the internet. > > I tried a few variants, switching of tx checks on the > > ethernet device, disabling connection tracking via NOTRACK > > target of iptables etc. > > > > IP forwarding is enabled in the kernel and via echo 1 /proc/... > > all no luck. So i ask you is there somewhere a document > > detailing a debbuging of such an behavour or something like that? > > I looked around for quite a while and tried some howtos, but > > nothing could help to get that beast working. > > The ebtables documentation explains at least partially this behaviour. > The traversal of the packages changes when a bridge comes into play. > So i switched to the nat scripts. These works insofar as i can now > ping the world from inside a domU. But things like traceroute and > dns lookups won''t work now. These tools just "hang", though a ping > send to my DNS server gets a reply as expected. > > I use the standdard MASQ and FORWARD rules setup by the nat scripts. > Has anybody an idea how i could debug this any further?I have the same behaviour. Has anyone an idea, what went wrong in the nat scripts? Johnny> > thanks > > --lars > > _______________________________________________ > Xen-users mailing list > Xen-users@lists.xensource.com > http://lists.xensource.com/xen-users >_______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
* Hans-Christian Armingeon wrote:> Am Samstag, 8. Juli 2006 11:34 schrieb Lars Wilke: > > [packet loss] > > > > The ebtables documentation explains at least partially this behaviour. > > The traversal of the packages changes when a bridge comes into play. > > So i switched to the nat scripts. These works insofar as i can now > > ping the world from inside a domU. But things like traceroute and > > dns lookups won''t work now. These tools just "hang", though a ping > > send to my DNS server gets a reply as expected. > > I have the same behaviour. Has anyone an idea, what went wrong in the nat > scripts?Jepp, i found the problem. It''s a faq. UDP Packets get lost because the checksums are wrong. In the domU use ''ethtool -K eth0 tx off'' and it should work. regards --lars _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users