<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type">
</head>
<body bgcolor="#ffffff" text="#000000">
<tt>Dear Cyrille,<br>
<br>
I'm glad to hear you solved the problem.<br>
Setting up the tunnel is surely possible (provided that the remote PC
supports tunneling as well), but may be impaired by the
masquerading that is automatically enabled when using tap interfaces.
If you want, you can disable it by running:<br>
<blockquote type="cite"><tt>iptables -t nat -D POSTROUTING -j MASQUERADE</tt></blockquote>
However, be careful because the IP address of the virtual machine would
then become visible on the network!<br>
<br>
As a reference in setting up the tunnel you may consider looking at:
<a class="moz-txt-link-freetext"
href="http://www.ibiblio.org/pub/Linux/docs/HOWTO/other-formats/html_single/Linux+IPv6-HOWTO.html">http://www.ibiblio.org/pub/Linux/docs/HOWTO/other-formats/html_single/Linux+IPv6-HOWTO.html</a><br>
<br>
Regards,<br>
Massimo.<br>
</tt><br>
Cyrille OLIVIER wrote:
<blockquote cite="mid:SNT102-W10A7C699780F7EC2C09AC6C4270@phx.gbl"
type="cite">
<style>
.hmmessage P
{
margin:0px;
padding:0px
}
body.hmmessage
{
font-size: 10pt;
font-family:Verdana
}
</style><font
face="Courier New">Hi,</font><br>
<font face="Courier New">Thanks these informations.</font><br>
<font face="Courier New">I realized my misunderstanding of the "man
vstart" content about tap interface. I thought the network interface to
use in the host PC has to be a real and existing one. That's why I
choose the all the IP in the same subnet :(</font><br>
<font face="Courier New">Using a complete different subnet solves
the issue. Thanks again.</font><br>
<br>
<font face="Courier New">Now, as I need to build a lab related to
IPv6, I need to setup a v4/v6 tunnel between eth0 inside r1 (so I will
put a v6 IP) and the remote real PC:</font><br>
<font face="Courier New"> </font><br>
<font face="Courier New">
--------
-------------</font><br>
<font face="Courier New"> | r1 |eth0
----------------- ------------------ real ethernet cable eth0 |
|</font><br>
<font face="Courier New"> | (vm) |------------------|nk_tap_root
dev|---| eth0 of host PC|------------------------------| remote PC | </font><br>
<font face="Courier New"><font face="Courier New"> -------- v6
IP
----------------- ------------------ v6
IP | |</font><br>
</font><font face="Courier New"><font face="Courier New"> (------------------------------------------------------------------------------------)
-------------<br>
</font></font><font face="Courier New">
( IPv4/v6
tunnel )<br>
<font face="Courier New"> (------------------------------------------------------------------------------------)<br>
</font> <br>
I hope it's possible. If it's seems interesting for the mailing list
users, I will give feedback about my work.<br>
<br>
Rgds,<br>
Cyrille<br>
<br>
</font><br>
<font face="Courier New">
<hr id="stopSpelling">Date: Thu, 9 Jul 2009 15:18:54 +0200<br>
From: <a class="moz-txt-link-abbreviated"
href="mailto:rimondin@dia.uniroma3.it">rimondin@dia.uniroma3.it</a><br>
To: <a class="moz-txt-link-abbreviated"
href="mailto:netkit.users@list.dia.uniroma3.it">netkit.users@list.dia.uniroma3.it</a><br>
Subject: Re: [Netkit.users] TAP interface & masquerade<br>
<br>
</font><tt>Dear Cyrille,<br>
<br>
</tt>
<blockquote cite="mid:SNT102-W2167489B77677FF14D0FCEC4260@phx.gbl"><font
face="Courier New">vstart r1 --con0=this --eth0=tap,10.0.0.2,10.0.0.3
=> OK, r1 boot successfully.<br>
</font></blockquote>
<br>
<font face="Courier New">Ok, fine.<br>
<br>
</font>
<blockquote cite="mid:SNT102-W2167489B77677FF14D0FCEC4260@phx.gbl"><font
face="Courier New">So, inside r1: eth0=10.0.0.3/24<br>
</font></blockquote>
<br>
<font face="Courier New">Wrong. When using tap interfaces, the
default classful addressing is assumed. Therefore, eth0 is configured
with 10.0.0.3/8.<br>
<br>
</font>
<blockquote cite="mid:SNT102-W2167489B77677FF14D0FCEC4260@phx.gbl"><font
face="Courier New">The host PC has a real network-interface
eth0=10.0.0.2/24<br>
To reach internet, the next-hop is the 10.0.0.1/24 in another PC.<br>
</font></blockquote>
<br>
<font face="Courier New">This is likely the problem: since the same
subnet (or better, in your case two overlapping subnets) is used for
the tap interface and for connecting the host to the Internet, traffic
directed to that subnet may be unpredictably routed to eth0 on your
host or to the tap interface. Because of the subnetting plan
(10.0.0.0/8 assigned to Netkit, 10.0.0.0/24 assigned to your host), it
is likely that echo request packets correctly flow out of the virtual
machine, while echo reply packets are incorrectly routed to your host
(because of the best prefix match rule).<br>
<br>
</font>
<blockquote cite="mid:SNT102-W2167489B77677FF14D0FCEC4260@phx.gbl"><font
face="Courier New"> <br>
In the host PC, ping 10.0.0.1 is OK. ping 10.0.0.3 is OK.<br>
Inside r1 vm: ping 10.0.0.2 is OK. but ping 10.0.0.1 is NOK :(<br>
</font></blockquote>
<br>
<font face="Courier New">If my conjecture is correct, your ping
should report a timeout.<br>
<br>
</font>
<blockquote cite="mid:SNT102-W2167489B77677FF14D0FCEC4260@phx.gbl"><font
face="Courier New"> <br>
In the host PC, I check: <br>
- /proc/sys/net/ip4/ip_forward is 1 : OK<br>
- iptables -L does not display the masquerading in postrouting
chain(result of '<font size="3"><font size="2">iptables -t nat -A
POSTROUTING -j MASQUERADE') but its seems OK.</font></font><br>
</font></blockquote>
<br>
<font face="Courier New">It does not show the entry because
masquerading rules lie in a different table. The entry would show up if
you used "iptables -t nat -L".<br>
<br>
</font>
<blockquote cite="mid:SNT102-W2167489B77677FF14D0FCEC4260@phx.gbl"><font
face="Courier New"> <br>
<font size="3"><font size="2">Any idea why ping from VM to external
gw is NOK ?</font></font><br>
</font></blockquote>
<br>
<font face="Courier New">At this point, I suggest using a different
subnet for the tap interface. Note that any subnet is fine because it
will be hidden by masquerading.<br>
<br>
</font>
<blockquote cite="mid:SNT102-W2167489B77677FF14D0FCEC4260@phx.gbl"><font
face="Courier New"> <br>
<font size="3"><font size="2">Thanks,</font></font><br>
<font size="3"><font size="2">Best regards to all,</font></font><br>
<font size="3"><font size="2">Cyrille</font></font><br>
</font></blockquote>
<br>
<font face="Courier New">Regards,<br>
Massimo.<br>
<br>
</font>
<blockquote cite="mid:SNT102-W2167489B77677FF14D0FCEC4260@phx.gbl"><font
face="Courier New"><font size="3"><font size="2"> <br>
</font></font> <br>
<br>
<br>
<br>
<hr>Souhaitez vous « être au bureau sans y être » ? </font><a
moz-do-not-send="true"
href="http://www.microsoft.com/france/windows/bts/default.mspx"><font
face="Courier New">Oui je le veux !</font></a><font face="Courier New">
</font>
<pre><hr size="4" width="90%">
_______________________________________________
Netkit.users mailing list
<a moz-do-not-send="true" class="EC_moz-txt-link-abbreviated"
href="mailto:Netkit.users@list.dia.uniroma3.it">Netkit.users@list.dia.uniroma3.it</a>
<a moz-do-not-send="true" class="EC_moz-txt-link-freetext"
href="http://list.dia.uniroma3.it/mailman/listinfo/netkit.users">http://list.dia.uniroma3.it/mailman/listinfo/netkit.users</a>
</pre>
</blockquote>
<br>
<hr>Souhaitez vous « être au bureau sans y être » ? <a
moz-do-not-send="true"
href="http://www.microsoft.com/france/windows/bts/default.mspx"
target="_new">Oui je le veux !</a>
<pre wrap=""><hr size="4" width="90%">
_______________________________________________
Netkit.users mailing list
<a class="moz-txt-link-abbreviated"
href="mailto:Netkit.users@list.dia.uniroma3.it">Netkit.users@list.dia.uniroma3.it</a>
<a class="moz-txt-link-freetext"
href="http://list.dia.uniroma3.it/mailman/listinfo/netkit.users">http://list.dia.uniroma3.it/mailman/listinfo/netkit.users</a>
</pre>
</blockquote>
</body>
</html>