[Netkit.users] TAP interface & masquerade

Massimo Rimondini rimondin at dia.uniroma3.it
Thu Jul 9 15:18:54 CEST 2009 

Dear Cyrille,

> vstart r1 --con0=this --eth0=tap,10.0.0.2,10.0.0.3 => OK, r1 boot
> successfully.

Ok, fine.

> So, inside r1: eth0=10.0.0.3/24

Wrong. When using tap interfaces, the default classful addressing is
assumed. Therefore, eth0 is configured with 10.0.0.3/8.

> The host PC has a real network-interface eth0=10.0.0.2/24
> To reach internet, the next-hop is the 10.0.0.1/24 in another PC.

This is likely the problem: since the same subnet (or better, in your
case two overlapping subnets) is used for the tap interface and for
connecting the host to the Internet, traffic directed to that subnet may
be unpredictably routed to eth0 on your host or to the tap interface.
Because of the subnetting plan (10.0.0.0/8 assigned to Netkit,
10.0.0.0/24 assigned to your host), it is likely that echo request
packets correctly flow out of the virtual machine, while echo reply
packets are incorrectly routed to your host (because of the best prefix
match rule).

>  
> In the host PC, ping 10.0.0.1 is OK. ping 10.0.0.3 is OK.
> Inside r1 vm: ping 10.0.0.2 is OK. but ping 10.0.0.1 is NOK :(

If my conjecture is correct, your ping should report a timeout.

>  
> In the host PC, I check:
> - /proc/sys/net/ip4/ip_forward is 1 : OK
> - iptables -L does not display the masquerading in postrouting
> chain(result of 'iptables -t nat -A POSTROUTING -j MASQUERADE') but
> its seems OK.

It does not show the entry because masquerading rules lie in a different
table. The entry would show up if you used "iptables -t nat -L".

>  
> Any idea why ping from VM to external gw is NOK ?

At this point, I suggest using a different subnet for the tap interface.
Note that any subnet is fine because it will be hidden by masquerading.

>  
> Thanks,
> Best regards to all,
> Cyrille

Regards,
Massimo.

>  
>  
>  
>  
>
> ------------------------------------------------------------------------
> Souhaitez vous  « être au bureau sans y être » ? Oui je le veux !
> <http://www.microsoft.com/france/windows/bts/default.mspx>
> ------------------------------------------------------------------------
>
> _______________________________________________
> Netkit.users mailing list
> Netkit.users a list.dia.uniroma3.it
> http://list.dia.uniroma3.it/mailman/listinfo/netkit.users
>   
-------------- parte successiva --------------
Un allegato HTML ? stato rimosso...
URL: http://list.dia.uniroma3.it/pipermail/netkit.users/attachments/20090709/8a4d6899/attachment.htm

More information about the Netkit.users mailing list