You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@cloudstack.apache.org by Sachchidanand Vaidya <va...@juniper.net> on 2014/05/14 11:51:23 UTC
SNAT iptable entry on VirtualRouter
Hi,
I have an isolated network (192.168.3.x/24) being served by VirtualRouter, where 10.84.59.131 is SourceNAT address
and eth0 is VN interface of VirtualRouter & eth2 is the public interface of VirtualRouter.
When I look at the nat table entries on the VirtualRouter, it shows following :
root@r-6-VM:~# iptables -L -t nat -n -v
..
..
Chain POSTROUTING (policy ACCEPT 330 packets, 22113 bytes)
pkts bytes target prot opt in out source destination
0 0 SNAT all -- * eth0 0.0.0.0/0 0.0.0.0/0 to:10.84.59.131
--> Why the "out" interface for the SNAT entry is VN interface (eth0) instead of Public interface (eth2) ?
I'm using "Cloudstack Release 4.3.0 (64-bit) Thu Apr 10 20:27:11 UTC 2014" cloudstack-release template.
Thanks,
Sachin
---
root@r-6-VM:~# ifconfig
eth0 Link encap:Ethernet HWaddr 02:13:87:88:e6:dd
inet addr:192.168.3.226 Bcast:192.168.3.255 Mask:255.255.255.0
inet6 addr: fe80::13:87ff:fe88:e6dd/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:350 errors:0 dropped:0 overruns:0 frame:0
TX packets:7 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:29400 (28.7 KiB) TX bytes:602 (602.0 B)
Interrupt:25
eth1 Link encap:Ethernet HWaddr 0e:00:a9:fe:02:6b
inet addr:169.254.2.107 Bcast:169.254.255.255 Mask:255.255.0.0
inet6 addr: fe80::c00:a9ff:fefe:26b/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:3293 errors:0 dropped:0 overruns:0 frame:0
TX packets:2934 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:444768 (434.3 KiB) TX bytes:539100 (526.4 KiB)
Interrupt:26
eth2 Link encap:Ethernet HWaddr 06:d5:1c:00:00:0b
inet addr:10.84.59.131 Bcast:10.84.59.255 Mask:255.255.255.0
inet6 addr: fe80::4d5:1cff:fe00:b/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:133 errors:0 dropped:0 overruns:0 frame:0
TX packets:1451 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:4636 (4.5 KiB) TX bytes:113282 (110.6 KiB)
Interrupt:27
Re: SNAT iptable entry on VirtualRouter
Posted by Sheng Yang <sh...@yasker.org>.
correctVif is not null would means the network you want to is already
created.
Then ip would get device id later from:
ip.setNicDevId(Integer.valueOf(correctVif.getDevice(conn)));
So seems your correctVif is wrong with public network.
I am not very familiar with hypervisor part of find the correct network.
Anthony, could you help to take a look?
And yes, the command would also executed when you have any additional
public IPs to be associate with VR, like static nat and port forwarding.
The new interface would be only created if the public IPs are in the
different vlans.
--Sheng
On Sun, Jun 8, 2014 at 6:47 AM, Sachchidanand Vaidya <va...@juniper.net>
wrote:
> Hi Sheng,
> Thanks. We are using XenServer 6.2 SP1. After adding debug in the code,
> I see that addVif never gets called in my case.
> That's why nic deviceId is zero. Code falls thru the case where vif is
> already present.If I dump "correctVif.getDevice(conn)"
> it returns zero.
>
> Does this command handler also gets called when Public-ip is associated
> with VM's private ip (StaticNAT) ?
> Do we create a new interface in DomainRouter when staticNAT entry is
> created?
>
> Thanks,
> Sachin
>
> From: Sheng Yang <sh...@yasker.org>
> Date: Friday, June 6, 2014 4:12 PM
> To: "<de...@cloudstack.apache.org>" <de...@cloudstack.apache.org>,
> Sachchidanand Vaidya <va...@juniper.net>
> Subject: Re: SNAT iptable entry on VirtualRouter
>
> Hi Sachin,
>
> The nicDevId() you see is coming from
> prepareNetworkElementCommand(IpAssocCommand cmd) in CitrixResourceBase in
> case of Xen.
>
> You would see this:
>
> if (addVif) {
> // Add a new VIF to DomR
> String vifDeviceNum =
> getLowestAvailableVIFDeviceNum(conn, router);
>
> if (vifDeviceNum == null) {
> throw new InternalErrorException("There were no
> more available slots for a new VIF on router: " +
> router.getNameLabel(conn));
> }
>
> nic.setDeviceId(Integer.valueOf(vifDeviceNum));
>
> correctVif = createVif(conn, routerName, router,
> null, nic);
> correctVif.plug(conn);
> // Add iptables rule for network usage
> networkUsage(conn, routerIp, "addVif", "eth" +
> correctVif.getDevice(conn));
> }
>
> And nic.setDeviceId() should set the public nic id(which should be 2 in
> your case) to it.
>
> And what's the XenServer version you're using? Could you help to debug
> it further more? Sadly we cannot reproduce it in our lab...
>
> Thanks!
>
> --Sheng
>
>
> On Fri, Jun 6, 2014 at 12:29 AM, Sachchidanand Vaidya <
> vaidyasd@juniper.net> wrote:
>
>> Hi,
>> I'm seeing the same issue with 4.4 code. After further debug, I see
>> that CS mgmt server is sending
>> following command to XenHost,
>> xensource.log: <script> /opt/cloud/bin/ipassoc.sh -A -s -f -l
>> 10.84.59.131/24 -c eth0 -g 10.84.59.254 </script>
>> VirtualRouter's public interface is eth2. Also as per dump of VIF list on
>> XenHost, deviceid for public interface
>> of domainRouter is 2.
>> As part of VirtualRoutingResource.java:generateConfig(), CS mgmt server
>> generates this command.
>> It generates publicNic = "eth" + ip.getNicDevId()?
>> Which deviceId does it refer to? Shouldn't it be the deviceid as per the
>> XenHost dump?
>> Does anyone have input on what could he happening here ?
>>
>> Thanks,
>> Sachin
>>
>>
>>
>> >Hi,
>> > I have an isolated network (192.168.3.x/24) being served by
>> >VirtualRouter, where 10.84.59.131 is SourceNAT address
>> >and eth0 is VN interface of VirtualRouter & eth2 is the public interface
>> >of VirtualRouter.
>> >
>> > When I look at the nat table entries on the VirtualRouter, it shows
>> >following :
>> >
>> >root@r-6-VM:~# iptables -L -t nat -n -v
>> >..
>> >..
>> >Chain POSTROUTING (policy ACCEPT 330 packets, 22113 bytes)
>> > pkts bytes target prot opt in out source
>> >destination
>> > 0 0 SNAT all -- * eth0 0.0.0.0/0
>> >0.0.0.0/0 to:10.84.59.131
>> >
>> >--> Why the "out" interface for the SNAT entry is VN interface (eth0)
>> >instead of Public interface (eth2) ?
>> >
>> >I'm using "Cloudstack Release 4.3.0 (64-bit) Thu Apr 10 20:27:11 UTC
>> >2014" cloudstack-release template.
>> >
>> >Thanks,
>> >Sachin
>> >
>> >---
>> >root@r-6-VM:~# ifconfig
>> >eth0 Link encap:Ethernet HWaddr 02:13:87:88:e6:dd
>> > inet addr:192.168.3.226 Bcast:192.168.3.255
>> Mask:255.255.255.0
>> > inet6 addr: fe80::13:87ff:fe88:e6dd/64 Scope:Link
>> > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
>> > RX packets:350 errors:0 dropped:0 overruns:0 frame:0
>> > TX packets:7 errors:0 dropped:0 overruns:0 carrier:0
>> > collisions:0 txqueuelen:1000
>> > RX bytes:29400 (28.7 KiB) TX bytes:602 (602.0 B)
>> > Interrupt:25
>> >
>> >eth1 Link encap:Ethernet HWaddr 0e:00:a9:fe:02:6b
>> > inet addr:169.254.2.107 Bcast:169.254.255.255
>> Mask:255.255.0.0
>> > inet6 addr: fe80::c00:a9ff:fefe:26b/64 Scope:Link
>> > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
>> > RX packets:3293 errors:0 dropped:0 overruns:0 frame:0
>> > TX packets:2934 errors:0 dropped:0 overruns:0 carrier:0
>> > collisions:0 txqueuelen:1000
>> > RX bytes:444768 (434.3 KiB) TX bytes:539100 (526.4 KiB)
>> > Interrupt:26
>> >
>> >eth2 Link encap:Ethernet HWaddr 06:d5:1c:00:00:0b
>> > inet addr:10.84.59.131 Bcast:10.84.59.255 Mask:255.255.255.0
>> > inet6 addr: fe80::4d5:1cff:fe00:b/64 Scope:Link
>> > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
>> > RX packets:133 errors:0 dropped:0 overruns:0 frame:0
>> > TX packets:1451 errors:0 dropped:0 overruns:0 carrier:0
>> > collisions:0 txqueuelen:1000
>> > RX bytes:4636 (4.5 KiB) TX bytes:113282 (110.6 KiB)
>> > Interrupt:27
>> >
>> >
>>
>>
>
Re: SNAT iptable entry on VirtualRouter
Posted by Sachchidanand Vaidya <va...@juniper.net>.
Hi Sheng,
Thanks. We are using XenServer 6.2 SP1. After adding debug in the code, I see that addVif never gets called in my case.
That's why nic deviceId is zero. Code falls thru the case where vif is already present.If I dump "correctVif.getDevice(conn)"
it returns zero.
Does this command handler also gets called when Public-ip is associated with VM's private ip (StaticNAT) ?
Do we create a new interface in DomainRouter when staticNAT entry is created?
Thanks,
Sachin
From: Sheng Yang <sh...@yasker.org>>
Date: Friday, June 6, 2014 4:12 PM
To: "<de...@cloudstack.apache.org>>" <de...@cloudstack.apache.org>>, Sachchidanand Vaidya <va...@juniper.net>>
Subject: Re: SNAT iptable entry on VirtualRouter
Hi Sachin,
The nicDevId() you see is coming from prepareNetworkElementCommand(IpAssocCommand cmd) in CitrixResourceBase in case of Xen.
You would see this:
if (addVif) {
// Add a new VIF to DomR
String vifDeviceNum = getLowestAvailableVIFDeviceNum(conn, router);
if (vifDeviceNum == null) {
throw new InternalErrorException("There were no more available slots for a new VIF on router: " + router.getNameLabel(conn));
}
nic.setDeviceId(Integer.valueOf(vifDeviceNum));
correctVif = createVif(conn, routerName, router, null, nic);
correctVif.plug(conn);
// Add iptables rule for network usage
networkUsage(conn, routerIp, "addVif", "eth" + correctVif.getDevice(conn));
}
And nic.setDeviceId() should set the public nic id(which should be 2 in your case) to it.
And what's the XenServer version you're using? Could you help to debug it further more? Sadly we cannot reproduce it in our lab...
Thanks!
--Sheng
On Fri, Jun 6, 2014 at 12:29 AM, Sachchidanand Vaidya <va...@juniper.net>> wrote:
Hi,
I'm seeing the same issue with 4.4 code. After further debug, I see
that CS mgmt server is sending
following command to XenHost,
xensource.log: <script> /opt/cloud/bin/ipassoc.sh -A -s -f -l
10.84.59.131/24<http://10.84.59.131/24> -c eth0 -g 10.84.59.254 </script>
VirtualRouter's public interface is eth2. Also as per dump of VIF list on
XenHost, deviceid for public interface
of domainRouter is 2.
As part of VirtualRoutingResource.java:generateConfig(), CS mgmt server
generates this command.
It generates publicNic = "eth" + ip.getNicDevId()?
Which deviceId does it refer to? Shouldn't it be the deviceid as per the
XenHost dump?
Does anyone have input on what could he happening here ?
Thanks,
Sachin
>Hi,
> I have an isolated network (192.168.3.x/24) being served by
>VirtualRouter, where 10.84.59.131 is SourceNAT address
>and eth0 is VN interface of VirtualRouter & eth2 is the public interface
>of VirtualRouter.
>
> When I look at the nat table entries on the VirtualRouter, it shows
>following :
>
>root@r-6-VM:~# iptables -L -t nat -n -v
>..
>..
>Chain POSTROUTING (policy ACCEPT 330 packets, 22113 bytes)
> pkts bytes target prot opt in out source
>destination
> 0 0 SNAT all -- * eth0 0.0.0.0/0<http://0.0.0.0/0>
>0.0.0.0/0<http://0.0.0.0/0> to:10.84.59.131
>
>--> Why the "out" interface for the SNAT entry is VN interface (eth0)
>instead of Public interface (eth2) ?
>
>I'm using "Cloudstack Release 4.3.0 (64-bit) Thu Apr 10 20:27:11 UTC
>2014" cloudstack-release template.
>
>Thanks,
>Sachin
>
>---
>root@r-6-VM:~# ifconfig
>eth0 Link encap:Ethernet HWaddr 02:13:87:88:e6:dd
> inet addr:192.168.3.226 Bcast:192.168.3.255 Mask:255.255.255.0
> inet6 addr: fe80::13:87ff:fe88:e6dd/64 Scope:Link
> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
> RX packets:350 errors:0 dropped:0 overruns:0 frame:0
> TX packets:7 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:1000
> RX bytes:29400 (28.7 KiB) TX bytes:602 (602.0 B)
> Interrupt:25
>
>eth1 Link encap:Ethernet HWaddr 0e:00:a9:fe:02:6b
> inet addr:169.254.2.107 Bcast:169.254.255.255 Mask:255.255.0.0
> inet6 addr: fe80::c00:a9ff:fefe:26b/64 Scope:Link
> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
> RX packets:3293 errors:0 dropped:0 overruns:0 frame:0
> TX packets:2934 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:1000
> RX bytes:444768 (434.3 KiB) TX bytes:539100 (526.4 KiB)
> Interrupt:26
>
>eth2 Link encap:Ethernet HWaddr 06:d5:1c:00:00:0b
> inet addr:10.84.59.131 Bcast:10.84.59.255 Mask:255.255.255.0
> inet6 addr: fe80::4d5:1cff:fe00:b/64 Scope:Link
> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
> RX packets:133 errors:0 dropped:0 overruns:0 frame:0
> TX packets:1451 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:1000
> RX bytes:4636 (4.5 KiB) TX bytes:113282 (110.6 KiB)
> Interrupt:27
>
>
Re: SNAT iptable entry on VirtualRouter
Posted by Sheng Yang <sh...@yasker.org>.
Hi Sachin,
The nicDevId() you see is coming from
prepareNetworkElementCommand(IpAssocCommand cmd) in CitrixResourceBase in
case of Xen.
You would see this:
if (addVif) {
// Add a new VIF to DomR
String vifDeviceNum =
getLowestAvailableVIFDeviceNum(conn, router);
if (vifDeviceNum == null) {
throw new InternalErrorException("There were no
more available slots for a new VIF on router: " +
router.getNameLabel(conn));
}
nic.setDeviceId(Integer.valueOf(vifDeviceNum));
correctVif = createVif(conn, routerName, router, null,
nic);
correctVif.plug(conn);
// Add iptables rule for network usage
networkUsage(conn, routerIp, "addVif", "eth" +
correctVif.getDevice(conn));
}
And nic.setDeviceId() should set the public nic id(which should be 2 in
your case) to it.
And what's the XenServer version you're using? Could you help to debug it
further more? Sadly we cannot reproduce it in our lab...
Thanks!
--Sheng
On Fri, Jun 6, 2014 at 12:29 AM, Sachchidanand Vaidya <va...@juniper.net>
wrote:
> Hi,
> I'm seeing the same issue with 4.4 code. After further debug, I see
> that CS mgmt server is sending
> following command to XenHost,
> xensource.log: <script> /opt/cloud/bin/ipassoc.sh -A -s -f -l
> 10.84.59.131/24 -c eth0 -g 10.84.59.254 </script>
> VirtualRouter's public interface is eth2. Also as per dump of VIF list on
> XenHost, deviceid for public interface
> of domainRouter is 2.
> As part of VirtualRoutingResource.java:generateConfig(), CS mgmt server
> generates this command.
> It generates publicNic = "eth" + ip.getNicDevId()?
> Which deviceId does it refer to? Shouldn't it be the deviceid as per the
> XenHost dump?
> Does anyone have input on what could he happening here ?
>
> Thanks,
> Sachin
>
>
>
> >Hi,
> > I have an isolated network (192.168.3.x/24) being served by
> >VirtualRouter, where 10.84.59.131 is SourceNAT address
> >and eth0 is VN interface of VirtualRouter & eth2 is the public interface
> >of VirtualRouter.
> >
> > When I look at the nat table entries on the VirtualRouter, it shows
> >following :
> >
> >root@r-6-VM:~# iptables -L -t nat -n -v
> >..
> >..
> >Chain POSTROUTING (policy ACCEPT 330 packets, 22113 bytes)
> > pkts bytes target prot opt in out source
> >destination
> > 0 0 SNAT all -- * eth0 0.0.0.0/0
> >0.0.0.0/0 to:10.84.59.131
> >
> >--> Why the "out" interface for the SNAT entry is VN interface (eth0)
> >instead of Public interface (eth2) ?
> >
> >I'm using "Cloudstack Release 4.3.0 (64-bit) Thu Apr 10 20:27:11 UTC
> >2014" cloudstack-release template.
> >
> >Thanks,
> >Sachin
> >
> >---
> >root@r-6-VM:~# ifconfig
> >eth0 Link encap:Ethernet HWaddr 02:13:87:88:e6:dd
> > inet addr:192.168.3.226 Bcast:192.168.3.255 Mask:255.255.255.0
> > inet6 addr: fe80::13:87ff:fe88:e6dd/64 Scope:Link
> > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
> > RX packets:350 errors:0 dropped:0 overruns:0 frame:0
> > TX packets:7 errors:0 dropped:0 overruns:0 carrier:0
> > collisions:0 txqueuelen:1000
> > RX bytes:29400 (28.7 KiB) TX bytes:602 (602.0 B)
> > Interrupt:25
> >
> >eth1 Link encap:Ethernet HWaddr 0e:00:a9:fe:02:6b
> > inet addr:169.254.2.107 Bcast:169.254.255.255 Mask:255.255.0.0
> > inet6 addr: fe80::c00:a9ff:fefe:26b/64 Scope:Link
> > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
> > RX packets:3293 errors:0 dropped:0 overruns:0 frame:0
> > TX packets:2934 errors:0 dropped:0 overruns:0 carrier:0
> > collisions:0 txqueuelen:1000
> > RX bytes:444768 (434.3 KiB) TX bytes:539100 (526.4 KiB)
> > Interrupt:26
> >
> >eth2 Link encap:Ethernet HWaddr 06:d5:1c:00:00:0b
> > inet addr:10.84.59.131 Bcast:10.84.59.255 Mask:255.255.255.0
> > inet6 addr: fe80::4d5:1cff:fe00:b/64 Scope:Link
> > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
> > RX packets:133 errors:0 dropped:0 overruns:0 frame:0
> > TX packets:1451 errors:0 dropped:0 overruns:0 carrier:0
> > collisions:0 txqueuelen:1000
> > RX bytes:4636 (4.5 KiB) TX bytes:113282 (110.6 KiB)
> > Interrupt:27
> >
> >
>
>
Re: SNAT iptable entry on VirtualRouter
Posted by Sachchidanand Vaidya <va...@juniper.net>.
Hi,
I'm seeing the same issue with 4.4 code. After further debug, I see
that CS mgmt server is sending
following command to XenHost,
xensource.log: <script> /opt/cloud/bin/ipassoc.sh -A -s -f -l
10.84.59.131/24 -c eth0 -g 10.84.59.254 </script>
VirtualRouter's public interface is eth2. Also as per dump of VIF list on
XenHost, deviceid for public interface
of domainRouter is 2.
As part of VirtualRoutingResource.java:generateConfig(), CS mgmt server
generates this command.
It generates publicNic = "eth" + ip.getNicDevId()?
Which deviceId does it refer to? Shouldn't it be the deviceid as per the
XenHost dump?
Does anyone have input on what could he happening here ?
Thanks,
Sachin
>Hi,
> I have an isolated network (192.168.3.x/24) being served by
>VirtualRouter, where 10.84.59.131 is SourceNAT address
>and eth0 is VN interface of VirtualRouter & eth2 is the public interface
>of VirtualRouter.
>
> When I look at the nat table entries on the VirtualRouter, it shows
>following :
>
>root@r-6-VM:~# iptables -L -t nat -n -v
>..
>..
>Chain POSTROUTING (policy ACCEPT 330 packets, 22113 bytes)
> pkts bytes target prot opt in out source
>destination
> 0 0 SNAT all -- * eth0 0.0.0.0/0
>0.0.0.0/0 to:10.84.59.131
>
>--> Why the "out" interface for the SNAT entry is VN interface (eth0)
>instead of Public interface (eth2) ?
>
>I'm using "Cloudstack Release 4.3.0 (64-bit) Thu Apr 10 20:27:11 UTC
>2014" cloudstack-release template.
>
>Thanks,
>Sachin
>
>---
>root@r-6-VM:~# ifconfig
>eth0 Link encap:Ethernet HWaddr 02:13:87:88:e6:dd
> inet addr:192.168.3.226 Bcast:192.168.3.255 Mask:255.255.255.0
> inet6 addr: fe80::13:87ff:fe88:e6dd/64 Scope:Link
> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
> RX packets:350 errors:0 dropped:0 overruns:0 frame:0
> TX packets:7 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:1000
> RX bytes:29400 (28.7 KiB) TX bytes:602 (602.0 B)
> Interrupt:25
>
>eth1 Link encap:Ethernet HWaddr 0e:00:a9:fe:02:6b
> inet addr:169.254.2.107 Bcast:169.254.255.255 Mask:255.255.0.0
> inet6 addr: fe80::c00:a9ff:fefe:26b/64 Scope:Link
> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
> RX packets:3293 errors:0 dropped:0 overruns:0 frame:0
> TX packets:2934 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:1000
> RX bytes:444768 (434.3 KiB) TX bytes:539100 (526.4 KiB)
> Interrupt:26
>
>eth2 Link encap:Ethernet HWaddr 06:d5:1c:00:00:0b
> inet addr:10.84.59.131 Bcast:10.84.59.255 Mask:255.255.255.0
> inet6 addr: fe80::4d5:1cff:fe00:b/64 Scope:Link
> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
> RX packets:133 errors:0 dropped:0 overruns:0 frame:0
> TX packets:1451 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:1000
> RX bytes:4636 (4.5 KiB) TX bytes:113282 (110.6 KiB)
> Interrupt:27
>
>
Re: SNAT iptable entry on VirtualRouter
Posted by Sheng Yang <sh...@yasker.org>.
Hi Sachin,
I don't think it's normal. Could you please post iptables-save? It should
be eth2 I think.
--Sheng
On Wed, May 14, 2014 at 2:51 AM, Sachchidanand Vaidya
<va...@juniper.net>wrote:
> Hi,
> I have an isolated network (192.168.3.x/24) being served by
> VirtualRouter, where 10.84.59.131 is SourceNAT address
> and eth0 is VN interface of VirtualRouter & eth2 is the public interface
> of VirtualRouter.
>
> When I look at the nat table entries on the VirtualRouter, it shows
> following :
>
> root@r-6-VM:~# iptables -L -t nat -n -v
> ..
> ..
> Chain POSTROUTING (policy ACCEPT 330 packets, 22113 bytes)
> pkts bytes target prot opt in out source
> destination
> 0 0 SNAT all -- * eth0 0.0.0.0/0
> 0.0.0.0/0 to:10.84.59.131
>
> --> Why the "out" interface for the SNAT entry is VN interface (eth0)
> instead of Public interface (eth2) ?
>
> I'm using "Cloudstack Release 4.3.0 (64-bit) Thu Apr 10 20:27:11 UTC 2014"
> cloudstack-release template.
>
> Thanks,
> Sachin
>
> ---
> root@r-6-VM:~# ifconfig
> eth0 Link encap:Ethernet HWaddr 02:13:87:88:e6:dd
> inet addr:192.168.3.226 Bcast:192.168.3.255 Mask:255.255.255.0
> inet6 addr: fe80::13:87ff:fe88:e6dd/64 Scope:Link
> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
> RX packets:350 errors:0 dropped:0 overruns:0 frame:0
> TX packets:7 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:1000
> RX bytes:29400 (28.7 KiB) TX bytes:602 (602.0 B)
> Interrupt:25
>
> eth1 Link encap:Ethernet HWaddr 0e:00:a9:fe:02:6b
> inet addr:169.254.2.107 Bcast:169.254.255.255 Mask:255.255.0.0
> inet6 addr: fe80::c00:a9ff:fefe:26b/64 Scope:Link
> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
> RX packets:3293 errors:0 dropped:0 overruns:0 frame:0
> TX packets:2934 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:1000
> RX bytes:444768 (434.3 KiB) TX bytes:539100 (526.4 KiB)
> Interrupt:26
>
> eth2 Link encap:Ethernet HWaddr 06:d5:1c:00:00:0b
> inet addr:10.84.59.131 Bcast:10.84.59.255 Mask:255.255.255.0
> inet6 addr: fe80::4d5:1cff:fe00:b/64 Scope:Link
> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
> RX packets:133 errors:0 dropped:0 overruns:0 frame:0
> TX packets:1451 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:1000
> RX bytes:4636 (4.5 KiB) TX bytes:113282 (110.6 KiB)
> Interrupt:27
>
>
>