If you are just trying to solve your problem (and not using this as a test of OVS) you might want to just add another interface to the firewall and do two networks in XenServer.
VM ----[firewall network]--- Firewall ---[external network]--- eth0 What you described above sends all traffic to the firewall, does the firewall attempt to send traffic elsewhere afterwards? You may have configuration issues on that end. -Reid On Thu, Sep 26, 2013 at 4:02 AM, neuhuanghaijun <[email protected]>wrote: > hi: > i want to config the ovs to add flow for making a vm's traffic through > another vm(the firewall),what should i do? > my configure is the flow: > i have > 1 xenserver6.2 > xenserver6.2 has 1 vm(windows xp) and 1 vm(the firewall) > xenserver has 1 NIC > the vm(windows xp) has 1 vif and tap base the NIC and the vm(firewall) > too. > xenserver has a xenbr0 base ovs > the xenbr0 'configure is flow; > 1(eth0) > 2(vif1.0) > 3(tap1.0) > 4(vif2.0) > 5(tap2.0) > > 2,3 port belong the vm(windows xp) > 4,5 port belng the firewall > now ,i need to config the ovs,i wanna know what i should do? > w run a command: ovs-ofctl add-flow xenbr0 in_port=3,actions=output:5 > but it is not right, i test the flow, i find the windows xp can ping the > firewall success,but can't ping the xenserver or other ip success > i guess i'm wrong ,so ,i hope someone can help me! > thanks! > > > > > > > > At 2013-09-26 05:33:20,"Reid Price" <[email protected]> wrote: > > Hi there, > > I think you will have to describe what you want more carefully, perhaps by > including a diagram of the components and desired vs current behavior. > > -Reid > > > On Tue, Sep 24, 2013 at 7:57 PM, huanghj <[email protected]> wrote: > >> >> >> >> -------- 原始邮件 -------- >> 主题:[ovs-discuss] about ovs >> >> 发件人:huanghj <[email protected]> >> 收件人:[email protected] >> 抄送: >> >> >> >> >> >> hi all: >> i want to configure ovs at xenserver. It has 1 NIC, 2 vm and 1 >> filewall ,i want to make vm's network traffic through the FW to >> forward,what should i do? >> i add a flow: >> in_Port=4,6 actions=output:2, >> is it OK? >> i am a new guy ,i hope get answer. >> thanks! >> >> >> >> _______________________________________________ >> discuss mailing list >> [email protected] >> http://openvswitch.org/mailman/listinfo/discuss >> >> > > >
_______________________________________________ discuss mailing list [email protected] http://openvswitch.org/mailman/listinfo/discuss
