I setup NAT for my Xen VM inside a real host, so the VM essentially forms its private network with the virtual NIC inside the host.
so the network is like this:
[ (VM 10.0.0.3) ---- bridge 10.0.0.1 ---- real NIC 192.168.0.105] ------- internet
now I set up NAT by the steps in http://blog.manula.org/2012/04/manually-configuring-nat-networking-in.html
from inside VM, I ran "ping a_real_internet_IP " , the issue is that the ping does not produce responses. I ran "tcpdump" on the traffic going out on the NIC, and see packets masquerading as src=192.168.0.105,dst=a_real_ internet_IP. so this shows that the MASQUERADE is working. I also see the response packets with reversed src and dst.
but the issue is that on the bridge, I only see packets src=10.0.0.3,dst=a_ real_internet_IP, and not the returning packets . since the response packets are seen on the NIC, but not on this virtual bridge, where are they dropped?
I tried to put in some TRACE, but TRACE only works on raw table, not the nat table.
weirdly the same setup works fine on my desktop server, but not on my laptop. the former runs ubuntu 20, while the latter ubuntu 18, not sure if this mattered at all. but NAT is a very basic network setup, both systems should have respected it.
Have you checked the rules in iptables? Docker is known to mess up those rules.
【 在 creation (努力自由泳50m/45sec !) 的大作中提到: 】 : I setup NAT for my Xen VM inside a real host, so the VM essentially forms : its private network with the virtual NIC inside the host. : so the network is like this: : [ (VM 10.0.0.3) ---- bridge 10.0.0.1 ---- real NIC 192.168.0.105] ------- : internet : now I set up NAT by the steps in http://blog.manula.org/2012/04/manually-configuring-nat-networking-in.html : from inside VM, I ran "ping a_real_internet_IP " , the issue is that the : ping does not produce responses. I ran "tcpdump" on the traffic going out on : the NIC, and see packets masquerading as src=192.168.0.105,dst=a_real_ : internet_IP. so this shows that the MASQUERADE is working. I also see the : ...................
thanks I did "iptables -F && iptables -F -t nat " beforehand, then applied my new rules. still same.
also just tried all this on a setup on a fresh machine without docker 【 在 pptwo (pp) 的大作中提到: 】 : Have you checked the rules in iptables? Docker is known to mess up those : rules. : on
without removing, even just manually removing the virtual NICs created by docker , won't work. 【 在 pptwo (pp) 的大作中提到: 】 : Have you checked the rules in iptables? Docker is known to mess up those : rules. : on
I setup NAT for my Xen VM inside a real host, so the VM essentially forms
its private network with the virtual NIC inside the host.
so the network is like this:
[ (VM 10.0.0.3) ---- bridge 10.0.0.1 ---- real NIC 192.168.0.105] -------
internet
now I set up NAT by the steps in http://blog.manula.org/2012/04/manually-configuring-nat-networking-in.html
from inside VM, I ran "ping a_real_internet_IP " , the issue is that the
ping does not produce responses. I ran "tcpdump" on the traffic going out on the NIC, and see packets masquerading as src=192.168.0.105,dst=a_real_
internet_IP. so this shows that the MASQUERADE is working. I also see the
response packets with reversed src and dst.
but the issue is that on the bridge, I only see packets src=10.0.0.3,dst=a_
real_internet_IP, and not the returning packets . since the response packets are seen on the NIC, but not on this virtual bridge, where are they dropped?
I tried to put in some TRACE, but TRACE only works on raw table, not the nat table.
weirdly the same setup works fine on my desktop server, but not on my laptop. the former runs ubuntu 20, while the latter ubuntu 18, not sure if this
mattered at all. but NAT is a very basic network setup, both systems should have respected it.
Have you checked the rules in iptables? Docker is known to mess up those
rules.
【 在 creation (努力自由泳50m/45sec !) 的大作中提到: 】
: I setup NAT for my Xen VM inside a real host, so the VM essentially forms : its private network with the virtual NIC inside the host.
: so the network is like this:
: [ (VM 10.0.0.3) ---- bridge 10.0.0.1 ---- real NIC 192.168.0.105] ------- : internet
: now I set up NAT by the steps in http://blog.manula.org/2012/04/manually-configuring-nat-networking-in.html
: from inside VM, I ran "ping a_real_internet_IP " , the issue is that the
: ping does not produce responses. I ran "tcpdump" on the traffic going out on
: the NIC, and see packets masquerading as src=192.168.0.105,dst=a_real_
: internet_IP. so this shows that the MASQUERADE is working. I also see the : ...................
thanks I did "iptables -F && iptables -F -t nat " beforehand, then applied my new rules. still same.
also just tried all this on a setup on a fresh machine without docker
【 在 pptwo (pp) 的大作中提到: 】
: Have you checked the rules in iptables? Docker is known to mess up those
: rules.
: on
thanks, turns out you are right.
I HAD TO "apt remove" docker completely
without removing, even just manually removing the virtual NICs created by
docker , won't work.
【 在 pptwo (pp) 的大作中提到: 】
: Have you checked the rules in iptables? Docker is known to mess up those
: rules.
: on