Dual Homed xen0 does not want to masq, packets not traversing POSTROUTING chain

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

Dual Homed xen0 does not want to masq, packets not traversing POSTROUTING chain

Ron Arts
Hi all,

I have been wrestling with this all day. Some people state in the archives
this is not a Xen problem, but elsewhere I did not find answers as well.

System: Xen-3 + fc4 AMD Sempron. Dual NIC: eth1 to public internet, eth0 to
private LAN (192.168.x.x). There will be domU attached to eth0 in the
future, but at the moment none are running. They will need to be NAT'ed
as well though.

When I boot up the machine, the hosts on the private LAN are properly NAT'ed
(using a simple setup with system-config-securitylevel).

When I 'service start xend' and restart iptables NAT stops working.
I tried putting 'iptables -j LOG' entries in the -t nat POSTROUTING
chain, and I got these:

Dec 18 23:50:48 gw kernel: MASQ:IN= OUT=eth1 SRC=192.168.123.26 DST=217.170.32.40 LEN=84 TOS=0x00 PREC=0x00 TTL=63 ID=44 DF PROTO=ICMP TYPE=8
CODE=0 ID=60963 SEQ=44

but nothing shows up any more *after* xend is started.

What *does* show up is:

Dec 19 00:07:40 gw kernel: FORWARD:IN=xenbr0 OUT=xenbr0 PHYSIN=peth0 PHYSOUT=vif0.0 SRC=192.168.123.26 DST=217.170.32.40 LEN=84 TOS=0x00
PREC=0x00 TTL=64 ID=977 DF PROTO=ICMP TYPE=8 CODE=0 ID=61219 SEQ=977
Dec 19 00:07:40 gw kernel: FORWARD:IN=eth0 OUT=eth1 PHYSIN=peth0 PHYSOUT=vif0.0 SRC=192.168.123.26 DST=217.170.32.40 LEN=84 TOS=0x00 PREC=0x00
TTL=63 ID=977 DF PROTO=ICMP TYPE=8 CODE=0 ID=61219 SEQ=977

but nothing in the postrouting chain. And I need to do MASQ there.

I have looked everywhere. I have every feature in iptables and ebtables
compiled in, /proc/sys/net/bridge/bridge-nf-call-iptables holds '1'.
ip_forward is set of course.

Why don't the packets show up in the POSTROUTING chain?

For reference: this is my ifconfig before xend:

eth0      Link encap:Ethernet  HWaddr 00:00:1C:81:E3:BA
           inet addr:192.168.123.252  Bcast:192.168.123.255  Mask:255.255.255.0
           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
           RX packets:29749 errors:0 dropped:0 overruns:0 frame:0
           TX packets:8197 errors:0 dropped:0 overruns:0 carrier:0
           collisions:78 txqueuelen:1000
           RX bytes:3197935 (3.0 MiB)  TX bytes:1696240 (1.6 MiB)
           Interrupt:19 Base address:0x9400

eth1      Link encap:Ethernet  HWaddr 00:0F:EA:E8:AC:0E
           inet addr:62.163.35.217  Bcast:255.255.255.255  Mask:255.255.254.0
           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
           RX packets:4270 errors:0 dropped:0 overruns:0 frame:0
           TX packets:9464 errors:0 dropped:0 overruns:0 carrier:0
           collisions:0 txqueuelen:1000
           RX bytes:490334 (478.8 KiB)  TX bytes:1042276 (1017.8 KiB)
           Interrupt:18 Base address:0xc800

lo        Link encap:Local Loopback
           inet addr:127.0.0.1  Mask:255.0.0.0
           UP LOOPBACK RUNNING  MTU:16436  Metric:1
           RX packets:59 errors:0 dropped:0 overruns:0 frame:0
           TX packets:59 errors:0 dropped:0 overruns:0 carrier:0
           collisions:0 txqueuelen:0
           RX bytes:12148 (11.8 KiB)  TX bytes:12148 (11.8 KiB)

And this is after:

eth0      Link encap:Ethernet  HWaddr 00:00:1C:81:E3:BA
           inet addr:192.168.123.252  Bcast:192.168.123.255  Mask:255.255.255.0
           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
           RX packets:34 errors:0 dropped:0 overruns:0 frame:0
           TX packets:10 errors:0 dropped:0 overruns:0 carrier:0
           collisions:0 txqueuelen:0
           RX bytes:2702 (2.6 KiB)  TX bytes:892 (892.0 b)

eth1      Link encap:Ethernet  HWaddr 00:0F:EA:E8:AC:0E
           inet addr:62.163.35.217  Bcast:255.255.255.255  Mask:255.255.254.0
           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
           RX packets:4283 errors:0 dropped:0 overruns:0 frame:0
           TX packets:9688 errors:0 dropped:0 overruns:0 carrier:0
           collisions:0 txqueuelen:1000
           RX bytes:491120 (479.6 KiB)  TX bytes:1059972 (1.0 MiB)
           Interrupt:18 Base address:0xc800

lo        Link encap:Local Loopback
           inet addr:127.0.0.1  Mask:255.0.0.0
           UP LOOPBACK RUNNING  MTU:16436  Metric:1
           RX packets:59 errors:0 dropped:0 overruns:0 frame:0
           TX packets:59 errors:0 dropped:0 overruns:0 carrier:0
           collisions:0 txqueuelen:0
           RX bytes:12148 (11.8 KiB)  TX bytes:12148 (11.8 KiB)

peth0     Link encap:Ethernet  HWaddr FE:FF:FF:FF:FF:FF
           UP BROADCAST RUNNING NOARP MULTICAST  MTU:1500  Metric:1
           RX packets:30067 errors:0 dropped:0 overruns:0 frame:0
           TX packets:8244 errors:0 dropped:0 overruns:0 carrier:0
           collisions:78 txqueuelen:1000
           RX bytes:3230167 (3.0 MiB)  TX bytes:1704724 (1.6 MiB)
           Interrupt:19 Base address:0x9400

vif0.0    Link encap:Ethernet  HWaddr FE:FF:FF:FF:FF:FF
           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
           RX packets:12 errors:0 dropped:0 overruns:0 frame:0
           TX packets:35 errors:0 dropped:0 overruns:0 carrier:0
           collisions:0 txqueuelen:0
           RX bytes:1248 (1.2 KiB)  TX bytes:2776 (2.7 KiB)

xenbr0    Link encap:Ethernet  HWaddr FE:FF:FF:FF:FF:FF
           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
           RX packets:5 errors:0 dropped:0 overruns:0 frame:0
           TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
           collisions:0 txqueuelen:0
           RX bytes:140 (140.0 b)  TX bytes:0 (0.0 b)

other stuff:

[root@gw linux-2.6.12-xen0]# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
192.168.123.0   0.0.0.0         255.255.255.0   U     0      0        0 eth0
62.163.35.0     0.0.0.0         255.255.254.0   U     0      0        0 eth1
0.0.0.0         62.163.35.1     0.0.0.0         UG    0      0        0 eth1

[root@gw linux-2.6.12-xen0]# brctl show
bridge name     bridge id               STP enabled     interfaces
xenbr0          8000.feffffffffff       no              peth0
                                                         vif0.0

_______________________________________________
Xen-users mailing list
[hidden email]
http://lists.xensource.com/xen-users

ron.arts.vcf (283 bytes) Download Attachment
smime.p7s (4K) Download Attachment