Guys, Can anyone point me on documentation that shows how to properly use NAT on 3.0.2? I''ve got bridging working fine, but trying to switch to NAT has given me problems. I''ve tried following the documentation here (http://www.howtoforge.com/perfect_setup_xen3_debian_p6) to no avail. I know I''m likely missing a few steps. Any help you could offer would be appreciated to no end! Thanks, John _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
On 8/8/06, John Wells <groups@sourceillustrated.com> wrote:> Guys, > > Can anyone point me on documentation that shows how to properly use NAT on > 3.0.2? I''ve got bridging working fine, but trying to switch to NAT has > given me problems. > > I''ve tried following the documentation here > (http://www.howtoforge.com/perfect_setup_xen3_debian_p6) to no avail. I > know I''m likely missing a few steps.What exactly is not working? Henning _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
On Wed, 9 Aug 2006, Henning Sprang wrote:> On 8/8/06, John Wells <groups@sourceillustrated.com> wrote: > > Guys, > > > > Can anyone point me on documentation that shows how to properly use NAT on > > 3.0.2? I''ve got bridging working fine, but trying to switch to NAT has > > given me problems. > > > > I''ve tried following the documentation here > > (http://www.howtoforge.com/perfect_setup_xen3_debian_p6) to no avail. I > > know I''m likely missing a few steps. > > > What exactly is not working?He seems to be at the same spot (or close) to where I was at... http://lists.xensource.com/archives/html/xen-users/2006-07/msg00368.html you can see packets leaving the domU, getting NAT''d by the dom0, going out to an external box, being echoed back... And here is where I run into trouble. I remember seeing the return packets on peth0 and not eth0 as John describes, but that means I still had a bridging config alive... and _that_ seems to trigger the kernel issue?/bug? which produces an error message "Performing cross-bridge DNAT requires IP forwarding to be enabled" and the packets not to make it across the bridge to dom0... and of course, if dom0 doesn''t get them, they do not get NAT''d back for forwarding to domU. I guess the problem is mixing bridging and routed modes. That said, I am not sure I ever got it to work correctly, even using both the network-script and the vif-script (I should test it... but my current test configs are AOE based, and pretty much _must_ be bridged.) I had spare IP addresses, so I just assigned a real IP and skipped trying to do NAT. -Tom> > Henning > > _______________________________________________ > Xen-users mailing list > Xen-users@lists.xensource.com > http://lists.xensource.com/xen-users > >---------------------------------------------------------------------- tbrown@BareMetal.com | Courage is doing what you''re afraid to do. http://BareMetal.com/ | There can be no courage unless you''re scared. | - Eddie Rickenbacker _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
Tom Brown said:>> What exactly is not working? > > He seems to be at the same spot (or close) to where I was at... > > http://lists.xensource.com/archives/html/xen-users/2006-07/msg00368.html > > you can see packets leaving the domU, getting NAT''d by the dom0, going out > to an external box, being echoed back... > > And here is where I run into trouble. I remember seeing the return packets > on peth0 and not eth0 as John describes, but that means I still had a > bridging config alive... and _that_ seems to trigger the kernel > issue?/bug? which produces an error message > > "Performing cross-bridge DNAT requires IP forwarding to be enabled"Yes. Even though I was getting this message, though, I was able to ping between domUs...just not outside our LAN. After rebooting and eliminating the bridge, keeping only NAT''ing in place and using the exact same config, I could not even ping between domUs. tcpdump''ing on the vifx.x device for the sending domU displayed the traffic...doing the same on the destination domU did not. It appears, after discussing it with many people, that few if any actually use the built in NAT''ing capability of Xen. Most recommend doing straight bridging, but then using one of your bridged domUs to do NAT''ing through. It might be that this approach will work for me, but it''ll take some thinking through. If you''re interested in my config, it mirrored at the time essentially exactly this: http://www.howtoforge.com/perfect_setup_xen3_debian_p6. I''m also on Debian Sarge. Thanks guys. John _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
Tom Brown said:>> What exactly is not working? > > He seems to be at the same spot (or close) to where I was at... > > http://lists.xensource.com/archives/html/xen-users/2006-07/msg00368.html > > you can see packets leaving the domU, getting NAT''d by the dom0, goingout to an external box, being echoed back...> > And here is where I run into trouble. I remember seeing the returnpackets on peth0 and not eth0 as John describes, but that means I still had a bridging config alive... and _that_ seems to trigger the kernel> issue?/bug? which produces an error message > > "Performing cross-bridge DNAT requires IP forwarding to be enabled"Yes. Even though I was getting this message, though, I was able to ping between domUs...just not outside our LAN. After rebooting and eliminating the bridge, keeping only NAT''ing in place and using the exact same config, I could not even ping between domUs. tcpdump''ing on the vifx.x device for the sending domU displayed the traffic...doing the same on the destination domU did not. It appears, after discussing it with many people, that few if any actually use the built in NAT''ing capability of Xen. Most recommend doing straight bridging, but then using one of your bridged domUs to do NAT''ing through. It might be that this approach will work for me, but it''ll take some thinking through. If you''re interested in my config, it mirrored at the time essentially exactly this: http://www.howtoforge.com/perfect_setup_xen3_debian_p6. I''m also on Debian Sarge. Thanks guys. John _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users