Thanks very much Jesse, I want to tunnel two openvsiwtch on two physical xenserver behind the firewall. Only two firewalls at each site have the public ip. If there any way I can make that work ?
I heard that the GRE is using port 47 and I enable the NAT on the firewall for port 47. But It does not work. Any idea ? Thanks very much. On Sun, Oct 2, 2011 at 2:38 PM, Jesse Gross <je...@nicira.com> wrote: > On Oct 2, 2011 1:24 PM, "terryxing" <xingtia...@gmail.com> wrote: > > > > Thanks very much. > > > > So you mean, we can not setup the tunnel between two host residing in two > private network behind the gateway (gw has public ip not the xenserver > itself.) > > > > Since right now, our xenserver hosts are all within the private network > behind the GW, every traffic must go through the gateway which does the NAT > port forward to all traffic coming in and out. > > > > As you just said, the xenserver host must have no choice but to have > public ip and connect to the internet not behind the gateway to establish > the tunnel ? > > You just need IP connectivity between the hosts that are the tunnel > endpoints. It doesn't matter whether the addresses are public or private. > Can they ping each other? If yes, it should be fine. > -- Best regards, Tianyi Xing (邢天翼) PhD Student, Research & Teaching Associate SNAC:Secure Networking and Computing group School of Computing, Informatics, and Decision Systems Engineering Ira A. Fulton School of Engineering, Arizona State University Tempe, AZ 85281, USA Cell: (+1) 480-678-3090
_______________________________________________ discuss mailing list discuss@openvswitch.org http://openvswitch.org/mailman/listinfo/discuss
