[Netkit.users] TAP interface & masquerade

Massimo Rimondini rimondin at dia.uniroma3.it
Thu Jul 9 15:18:54 CEST 2009

Dear Cyrille,

> vstart r1 --con0=this --eth0=tap,, => OK, r1 boot
> successfully.

Ok, fine.

> So, inside r1: eth0=

Wrong. When using tap interfaces, the default classful addressing is
assumed. Therefore, eth0 is configured with

> The host PC has a real network-interface eth0=
> To reach internet, the next-hop is the in another PC.

This is likely the problem: since the same subnet (or better, in your
case two overlapping subnets) is used for the tap interface and for
connecting the host to the Internet, traffic directed to that subnet may
be unpredictably routed to eth0 on your host or to the tap interface.
Because of the subnetting plan ( assigned to Netkit, assigned to your host), it is likely that echo request
packets correctly flow out of the virtual machine, while echo reply
packets are incorrectly routed to your host (because of the best prefix
match rule).

> In the host PC, ping is OK. ping is OK.
> Inside r1 vm: ping is OK. but ping is NOK :(

If my conjecture is correct, your ping should report a timeout.

> In the host PC, I check:
> - /proc/sys/net/ip4/ip_forward is 1 : OK
> - iptables -L does not display the masquerading in postrouting
> chain(result of 'iptables -t nat -A POSTROUTING -j MASQUERADE') but
> its seems OK.

It does not show the entry because masquerading rules lie in a different
table. The entry would show up if you used "iptables -t nat -L".

> Any idea why ping from VM to external gw is NOK ?

At this point, I suggest using a different subnet for the tap interface.
Note that any subnet is fine because it will be hidden by masquerading.

> Thanks,
> Best regards to all,
> Cyrille


> ------------------------------------------------------------------------
> Souhaitez vous  « être au bureau sans y être » ? Oui je le veux !
> <http://www.microsoft.com/france/windows/bts/default.mspx>
> ------------------------------------------------------------------------
> _______________________________________________
> Netkit.users mailing list
> Netkit.users a list.dia.uniroma3.it
> http://list.dia.uniroma3.it/mailman/listinfo/netkit.users
-------------- parte successiva --------------
Un allegato HTML ? stato rimosso...
URL: http://list.dia.uniroma3.it/pipermail/netkit.users/attachments/20090709/8a4d6899/attachment.htm 

More information about the Netkit.users mailing list