[ovs-discuss] iptables and ovs bridge vlan

Cristina Palomo Regidor cristina.palomo.regidor at ericsson.com
Wed Apr 13 12:45:37 UTC 2016 

Hello,
I have tried with following rules:
iptables -t nat -I PREROUTING 1 -p tcp --dport 8090 -j DNAT --to-destination 192.168.9.217:8090

iptables -t nat -I POSTROUTING 1 -p tcp -d 192.168.9.217 --dport 8090 -j SNAT --to-source 192.168.9.219

But dmesg is showing that it is executing only the PREROUTING
[77249.138968] PREROUTING: IN=eth0 OUT= MAC=ec:f4:bb:bf:e5:40:00:04:96:83:83:56:08:00 SRC=10.51.89.198 DST=10.95.80.19 LEN=60 TOS=0x10 PREC=0x00 TTL=61 ID=35912 DF PROTO=TCP SPT=35624 DPT=8090 WINDOW=14600 RES=0x00 SYN URGP=0

I have created the interface vlan1012 with this command:
ovs-vsctl add-port br-ext vlan1012 tag=1012 -- set interface vlan1012 type=internal

Any help would be much appreciated.

Thanks and BR/



From: discuss [mailto:discuss-bounces at openvswitch.org] On Behalf Of Cristina Palomo Regidor
Sent: martes, 12 de abril de 2016 11:25
To: discuss at openvswitch.org
Subject: [ovs-discuss] iptables and ovs bridge vlan


Hello,
I have a ovs bridge br-ext and a vlan1012 associated to this bridge. I am trying to create a iptable rule that forwards the incoming packets in the hypervisor eth0 to a virtual machine with ip address 192.168.9.217.  I can do telnet from the hypervisor to 192.168.9.217 8090. But I can not do telnet from outside hypervisor even if I have the ip tables rule described below in the hypervisor. if_oam = eth0 = 10.95.80.20 so I am trying from outside the hypervisor telnet 10.95.80.20 8090 but it is not working.

Could you help me?

# ifconfig br-ext
br-ext    Link encap:Ethernet  HWaddr A0:36:9F:43:DB:30
          inet6 addr: fe80::a236:9fff:fe43:db30/64 Scope:Link
          UP BROADCAST RUNNING  MTU:1500  Metric:1
          RX packets:437 errors:0 dropped:0 overruns:0 frame:0
          TX packets:24 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:35918 (35.0 Kb)  TX bytes:1776 (1.7 Kb)

# ifconfig vlan1012
vlan1012  Link encap:Ethernet  HWaddr A0:36:9F:43:DB:30
          inet addr:192.168.9.219  Bcast:192.168.9.223  Mask:255.255.255.248
          inet6 addr: fe80::a236:9fff:fe43:db30/64 Scope:Link
          UP BROADCAST RUNNING  MTU:1500  Metric:1
          RX packets:10 errors:0 dropped:0 overruns:0 frame:0
          TX packets:8 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:724 (724.0 b)  TX bytes:528 (528.0 b)


IPTABLES="iptables -A PREROUTING -t nat -j DNAT"
$IPTABLES -p tcp --dport 8090 -i $if_oam --to 192.168.9.217:8090

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://openvswitch.org/pipermail/ovs-discuss/attachments/20160413/9839fcd2/attachment-0002.html>

More information about the discuss mailing list