c******n
发帖数: 4965 | 1 I setup NAT for my Xen VM inside a real host, so the VM essentially forms
its private network with the virtual NIC inside the host.
so the network is like this:
[ (VM 10.0.0.3) ---- bridge 10.0.0.1 ---- real NIC 192.168.0.105] -------
internet
now I set up NAT by the steps in http://blog.manula.org/2012/04/manually-configuring-nat-networking-in.html
from inside VM, I ran "ping a_real_internet_IP " , the issue is that the
ping does not produce responses. I ran "tcpdump" on the traffic going out on
the NIC, and see packets masquerading as src=192.168.0.105,dst=a_real_
internet_IP. so this shows that the MASQUERADE is working. I also see the
response packets with reversed src and dst.
but the issue is that on the bridge, I only see packets src=10.0.0.3,dst=a_
real_internet_IP, and not the returning packets . since the response packets
are seen on the NIC, but not on this virtual bridge, where are they dropped?
I tried to put in some TRACE, but TRACE only works on raw table, not the nat
table.
weirdly the same setup works fine on my desktop server, but not on my laptop
. the former runs ubuntu 20, while the latter ubuntu 18, not sure if this
mattered at all. but NAT is a very basic network setup, both systems should
have respected it. | p***o
发帖数: 1252 | 2 Have you checked the rules in iptables? Docker is known to mess up those
rules.
on
【在 c******n 的大作中提到】
: I setup NAT for my Xen VM inside a real host, so the VM essentially forms
: its private network with the virtual NIC inside the host.
: so the network is like this:
: [ (VM 10.0.0.3) ---- bridge 10.0.0.1 ---- real NIC 192.168.0.105] -------
: internet
: now I set up NAT by the steps in http://blog.manula.org/2012/04/manually-configuring-nat-networking-in.html
: from inside VM, I ran "ping a_real_internet_IP " , the issue is that the
: ping does not produce responses. I ran "tcpdump" on the traffic going out on
: the NIC, and see packets masquerading as src=192.168.0.105,dst=a_real_
: internet_IP. so this shows that the MASQUERADE is working. I also see the
| c******n
发帖数: 4965 | 3 thanks I did "iptables -F && iptables -F -t nat " beforehand, then applied
my new rules. still same.
also just tried all this on a setup on a fresh machine without docker
【在 p***o 的大作中提到】
: Have you checked the rules in iptables? Docker is known to mess up those
: rules.
:
: on
| c******n
发帖数: 4965 | 4 thanks, turns out you are right.
I HAD TO "apt remove" docker completely
without removing, even just manually removing the virtual NICs created by
docker , won't work.
【在 p***o 的大作中提到】
: Have you checked the rules in iptables? Docker is known to mess up those
: rules.
:
: on
|
|
