Hello, Thanks for your answer. I would like to use real NAT. Now I have changed ips to different subnet. So I have:
Client --> br0 --> web server Client: 192.168.9.218/29 Web server: 172.16.1.5/24 I am trying to reach the web server from the client with the below emails nat rules. I am trying to nat from 192.168.9.220 to 172.16.1.5: Client # curl 192.168.9.220:80 But in vnet1 I only see: 14:54:04.123349 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 192.168.9.220 tell 192.168.9.218, length 28 So the arp is not being translated. Do you have any idea? Thanks. From: D3c3 Balus [mailto:d3c3ba...@gmail.com] Sent: jueves, 07 de julio de 2016 14:25 To: Cristina Palomo Regidor <cristina.palomo.regi...@ericsson.com> Cc: discuss@openvswitch.org Subject: Re: [ovs-discuss] help on nat example Ah, sorry, now I got it: you try to NAT between 172.16.1.4 to 172.16.1.5, meaning 2 IPs in the same subnet ? Why would you do that ? If you just want to change the DST IP, you could use simple OF rules (set_field:ip_dst=x.x.x.x) - this is without conntrack. If, on the other hand you want the real NAT (with conntrack) then choose the NAT address in a different subnet. DC On Jul 7, 2016, at 1:11 PM, Cristina Palomo Regidor <cristina.palomo.regi...@ericsson.com<mailto:cristina.palomo.regi...@ericsson.com>> wrote: Hello, Thanks for your answer. I have set the same rules also for arp but the result is the same, the arp is not being translated: # ovs-ofctl add-flow br0 "in_port=4,arp,action=ct(commit,zone=1,nat(dst=172.16.1.5)),5" sccf16:~ # # ovs-ofctl add-flow br0 "in_port=5,ct_state=-trk,arp,action=ct(table=0,zone=1,nat)" # ovs-ofctl add-flow br0 "in_port=5,ct_state=+trk,ct_zone=1,arp,action=4" # ovs-ofctl dump-flows br0 NXST_FLOW reply (xid=0x4): cookie=0x0, duration=7194.171s, table=0, n_packets=12, n_bytes=956, idle_age=6454, ip,in_port=4 actions=ct(commit,zone=1,nat(dst=172.16.1.5)),output:5 cookie=0x0, duration=11.523s, table=0, n_packets=0, n_bytes=0, idle_age=11, arp,in_port=4 actions=ct(commit,zone=1,nat(dst=172.16.1.5)),output:5 cookie=0x0, duration=6784.876s, table=0, n_packets=8, n_bytes=1056, idle_age=6454, ct_state=-trk,ip,in_port=5 actions=ct(table=0,zone=1,nat) cookie=0x0, duration=11.516s, table=0, n_packets=0, n_bytes=0, idle_age=11, ct_state=-trk,arp,in_port=5 actions=ct(table=0,zone=1,nat) cookie=0x0, duration=6784.871s, table=0, n_packets=8, n_bytes=1056, idle_age=6454, ct_state=+trk,ct_zone=1,ip,in_port=5 actions=output:4 cookie=0x0, duration=9.001s, table=0, n_packets=0, n_bytes=0, idle_age=9, ct_state=+trk,ct_zone=1,arp,in_port=5 actions=output:4 cookie=0x0, duration=11482.919s, table=0, n_packets=851, n_bytes=108083, idle_age=40, priority=0 actions=NORMAL # tcpdump -vv -i vnet1 tcpdump: WARNING: vnet1: no IPv4 address assigned tcpdump: listening on vnet1, link-type EN10MB (Ethernet), capture size 65535 bytes 14:05:51.165961 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 172.16.1.4 tell 172.16.1.1, length 28 14:05:52.167191 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 172.16.1.4 tell 172.16.1.1, length 28 14:05:53.169157 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 172.16.1.4 tell 172.16.1.1, length 28 14:05:54.171330 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 172.16.1.4 tell 172.16.1.1, length 28 From: D3c3 Balus [mailto:d3c3ba...@gmail.com] Sent: jueves, 07 de julio de 2016 13:04 To: Cristina Palomo Regidor <cristina.palomo.regi...@ericsson.com<mailto:cristina.palomo.regi...@ericsson.com>> Cc: discuss@openvswitch.org<mailto:discuss@openvswitch.org> Subject: Re: [ovs-discuss] help on nat example Hello, Your first flow “in_port=4, ip, ….” matches only IP traffic, but ARP is not matched. You need another rule like “in_port, arp, actions….” to translate also ARP. Cheers, DC On Jul 7, 2016, at 11:36 AM, Cristina Palomo Regidor <cristina.palomo.regi...@ericsson.com<mailto:cristina.palomo.regi...@ericsson.com>> wrote: Hello, I would appreciate any help on this nat example. I want to do dst nat translation so the dst address is translated to 172.16.1.5 where I have a web server. I have implemented these flows: ovs-ofctl add-flow br0 "in_port=4,ip,action=ct(commit,zone=1,nat(dst=172.16.1.5)),5" ovs-ofctl add-flow br0 "in_port=5,ct_state=-trk,ip,action=ct(table=0,zone=1,nat)" ovs-ofctl add-flow br0 "in_port=5,ct_state=+trk,ct_zone=1,ip,action=4" Are they correct? If I do from my client (port 4) curl 172.16.1.4:80 with the purpose of nat translating the dst address to the web server address I only see arp requests of this type in a tcpdump: 12:17:52.196395 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 172.16.1.4 tell 172.16.1.1, length 28 12:17:53.199288 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 172.16.1.4 tell 172.16.1.1, length 28 Could you help me on how to make this work? Thanks and BR/ _______________________________________________ discuss mailing list discuss@openvswitch.org<mailto:discuss@openvswitch.org> http://openvswitch.org/mailman/listinfo/discuss
_______________________________________________ discuss mailing list discuss@openvswitch.org http://openvswitch.org/mailman/listinfo/discuss
