c******n
发帖数: 4965 | 1 【 以下文字转载自 Programming 讨论区 】
发信人: creation (努力自由泳50m/45sec !), 信区: Programming
标 题: NAT MASQUERADE response packets not coming back into private network
发信站: BBS 未名空间站 (Tue Jul 13 03:41:57 2021, 美东)
I setup NAT for my Xen VM inside a real host, so the VM essentially forms
its private network with the virtual NIC inside the host.
so the network is like this:
[ (VM 10.0.0.3) ---- bridge 10.0.0.1 ---- real NIC 192.168.0.105] -------
internet
now I set up NAT by the steps in http://blog.manula.org/2012/04/manually-configuring-nat-networking-in.html
from inside VM, I ran "ping a_real_internet_IP " , the issue is that the
ping does not produce responses. I ran "tcpdump" on the traffic going out on
the NIC, and see packets masquerading as src=192.168.0.105,dst=a_real_
internet_IP. so this shows that the MASQUERADE is working. I also see the
response packets with reversed src and dst.
but the issue is that on the bridge, I only see packets src=10.0.0.3,dst=a_
real_internet_IP, and not the returning packets . since the response packets
are seen on the NIC, but not on this virtual bridge, where are they dropped?
I tried to put in some TRACE, but TRACE only works on raw table, not the nat
table.
weirdly the same setup works fine on my desktop server, but not on my laptop
. the former runs ubuntu 20, while the latter ubuntu 18, not sure if this
mattered at all. but NAT is a very basic network setup, both systems should
have respected it. |
