Re: [ovs-discuss] iptables and ovs bridge vlan

Wed, 13 Apr 2016 05:46:26 -0700 

Hello,
I have tried with following rules:
iptables -t nat -I PREROUTING 1 -p tcp --dport 8090 -j DNAT --to-destination 
192.168.9.217:8090

iptables -t nat -I POSTROUTING 1 -p tcp -d 192.168.9.217 --dport 8090 -j SNAT 
--to-source 192.168.9.219

But dmesg is showing that it is executing only the PREROUTING
[77249.138968] PREROUTING: IN=eth0 OUT= 
MAC=ec:f4:bb:bf:e5:40:00:04:96:83:83:56:08:00 SRC=10.51.89.198 DST=10.95.80.19 
LEN=60 TOS=0x10 PREC=0x00 TTL=61 ID=35912 DF PROTO=TCP SPT=35624 DPT=8090 
WINDOW=14600 RES=0x00 SYN URGP=0

I have created the interface vlan1012 with this command:
ovs-vsctl add-port br-ext vlan1012 tag=1012 -- set interface vlan1012 
type=internal

Any help would be much appreciated.

Thanks and BR/



From: discuss [mailto:discuss-boun...@openvswitch.org] On Behalf Of Cristina 
Palomo Regidor
Sent: martes, 12 de abril de 2016 11:25
To: discuss@openvswitch.org
Subject: [ovs-discuss] iptables and ovs bridge vlan


Hello,
I have a ovs bridge br-ext and a vlan1012 associated to this bridge. I am 
trying to create a iptable rule that forwards the incoming packets in the 
hypervisor eth0 to a virtual machine with ip address 192.168.9.217.  I can do 
telnet from the hypervisor to 192.168.9.217 8090. But I can not do telnet from 
outside hypervisor even if I have the ip tables rule described below in the 
hypervisor. if_oam = eth0 = 10.95.80.20 so I am trying from outside the 
hypervisor telnet 10.95.80.20 8090 but it is not working.

Could you help me?

# ifconfig br-ext
br-ext    Link encap:Ethernet  HWaddr A0:36:9F:43:DB:30
          inet6 addr: fe80::a236:9fff:fe43:db30/64 Scope:Link
          UP BROADCAST RUNNING  MTU:1500  Metric:1
          RX packets:437 errors:0 dropped:0 overruns:0 frame:0
          TX packets:24 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:35918 (35.0 Kb)  TX bytes:1776 (1.7 Kb)

# ifconfig vlan1012
vlan1012  Link encap:Ethernet  HWaddr A0:36:9F:43:DB:30
          inet addr:192.168.9.219  Bcast:192.168.9.223  Mask:255.255.255.248
          inet6 addr: fe80::a236:9fff:fe43:db30/64 Scope:Link
          UP BROADCAST RUNNING  MTU:1500  Metric:1
          RX packets:10 errors:0 dropped:0 overruns:0 frame:0
          TX packets:8 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:724 (724.0 b)  TX bytes:528 (528.0 b)


IPTABLES="iptables -A PREROUTING -t nat -j DNAT"
$IPTABLES -p tcp --dport 8090 -i $if_oam --to 192.168.9.217:8090


_______________________________________________
discuss mailing list
discuss@openvswitch.org
http://openvswitch.org/mailman/listinfo/discuss

Reply via email to