[ovs-discuss] iptables issue in the domU

Salvatore Mazzarino apocalipse89 at gmail.com
Sun Mar 8 10:37:25 UTC 2015


this is my testbed.
I’m running a virtual machine created in VirtualBox in which I have installed CentOS 6.5 and Xen. In the dom0 I have created two Openvswitches and connected them to domU that is a virtual machine running CentOS6.6
The user to the left ping google.it <http://google.it/> and the packets in order to reach the destination it has to pass through the domU before passing from OVS0. then the domU has to do NAT and forwarding. Here are the rules that I set in the domU

net.ipv4.ip_forward = 1
iptables -t nat -A POSTROUTING -i eth0 -j MASQUERADE
iptables -A FORWARD -i eth0 -o eth1 -m state —state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT

NB. eth0 := vif1.0 and eth1:= vif1.1

the packets arrive to the domU through the eth1 and ovs0. I execute tcpdump on vif1.1 (eth0) and sees packet arrive but there is no forward from eth1 (domU) and eth0 (domU)
All the route in domU are set correctly. Everything is set correctly in domU.

I have tried even to use linux container (docker) by replacing domU with a docker container and using ovs and still doesn’t work. I have even implemented this testbed physically installing dom) cents and xen directly on a physical machine.

I’m running ovs 2.3.1 with kernel support

Now I think that this could be a problem related to openvswitch. you could try to reproduce this configuration 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://openvswitch.org/pipermail/ovs-discuss/attachments/20150308/d5c3e301/attachment-0004.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Untitled.pdf
Type: application/pdf
Size: 78285 bytes
Desc: not available
URL: <http://openvswitch.org/pipermail/ovs-discuss/attachments/20150308/d5c3e301/attachment-0002.pdf>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://openvswitch.org/pipermail/ovs-discuss/attachments/20150308/d5c3e301/attachment-0005.html>

More information about the discuss mailing list