[ovs-discuss] Ovs 2.7.0 nat issue

Sun May 28 05:30:09 UTC 2017

 I am running into issue while configuring ovs with nat and using conntrack
I have one ovs bridge wit lan and wan interfaces added like below;

*ovs-vsctl add-port br0 myvirtlan tag=10 -- set  interface myvirtlan
type=internal  ( virtual lan interfae)*
* ovs-vsctl add-port br0 eth0  tag=10 ( actual physical lan interface )*

* ovs-vsctl add-port br0 myvirtwan tag=20 -- set  interface myvirtwan
type=internal ( virtual wan inetrface)*
* ovs-vsctl add-port br0 eth2 tag=20   ( actual physical lan interface )*

Lan ip subnet: 172.16.1.0/24
Wan ip subnet : 11.1.10.0/24

* I am using the following commands but not able to nat properly*

=============
// the lowest priority, regardless
Table = 0, priority = 1, action = normal
/ / Did not join the conntrack message, the implementation of ct joined
conntrack, the implementation of NAT, and sent to the table 1
Table = 0, priority = 10, ip, ct_state = -trk, action = ct (nat, table = 1)
// 1 message, and is a new connection, the implementation of ct commit,
create a connection, the implementation of NAT rules, and the message sent
to the two
Table = 1, in_port = 1, ip, ct_state = + trk + new, action = ct (nat (src =
172.16.1.10-172.16.1.255: 1-65535), commit), 2
// 1 message, the connection has been established to complete, establish
the state, issued directly to the two
Table = 1, in_port = 1, ip, ct_state = + trk + est, action = 2
// 2 to 1 message, the state is established, sent directly to the mouth
Table = 1, in_port = 2, ip, ct_state = + trk + est, action = 1
=============

I cannot find much explanation or proper commands for the same

On Sun, May 28, 2017 at 4:05 AM, Justin Pettit <jpettit at ovn.org> wrote:

> There have been some discussion about configuring NAT on the ovs-discuss
> mailing list.  If you still have questions, I'd suggest posting to that
> list.  It works best for us to discuss using OVS on the mailing list so
> that everyone can benefit from the discussion.
>
> Thanks,
>
> --Justin
>
>
> > On May 27, 2017, at 12:19 AM, Jimmy Carter <jimmycarter256 at gmail.com>
> wrote:
> >
> > Hi Justin
> >
> >       I am running into issue while configuring ovs with nat and using
> conntrack
> >       I have one ovs bridge wit lan and wan interfaces added like below;
> >
> >
> >       ovs-vsctl add-port br0 myvirtlan tag=10 -- set  interface
> myvirtlan type=internal  ( virtual lan interfae)
> >       ovs-vsctl add-port br0 eth0  tag=10 ( actual physical lan
> interface )
> >
> >       ovs-vsctl add-port br0 myvirtwan tag=20 -- set  interface
> myvirtwan type=internal ( virtual wan inetrface)
> >       ovs-vsctl add-port br0 eth2 tag=20   ( actual physical lan
> interface )
> >
> >       Lan ip subnet: 172.16.1.0/24
> >       Wan ip subnet : 11.1.10.0/24
> >
> >       I am using the following commands but not able to nat properly
> >
> >       =============
> >       // the lowest priority, regardless
> >       Table = 0, priority = 1, action = normal
> >       / / Did not join the conntrack message, the implementation of ct
> joined conntrack, the implementation of NAT, and sent to the table 1
> >       Table = 0, priority = 10, ip, ct_state = -trk, action = ct (nat,
> table = 1)
> >       // 1 message, and is a new connection, the implementation of ct
> commit, create a connection, the implementation of NAT rules, and the
> message sent to the two
> >       Table = 1, in_port = 1, ip, ct_state = + trk + new, action = ct
> (nat (src = 172.16.1.10-172.16.1.255: 1-65535), commit), 2
> >       // 1 message, the connection has been established to complete,
> establish the state, issued directly to the two
> >       Table = 1, in_port = 1, ip, ct_state = + trk + est, action = 2
> >       // 2 to 1 message, the state is established, sent directly to the
> mouth
> >       Table = 1, in_port = 2, ip, ct_state = + trk + est, action = 1
> >       =============
> >
> >
> >       I cannot find much explanation or proper commands for the same
> >
> >
> >
> >       Can you please advise
> >
> >
> >
> > Thanks
> >
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.openvswitch.org/pipermail/ovs-discuss/attachments/20170528/5ecc6033/attachment.html>