Hi,
thanks for your answer.
I have tried a different setup
Machine1 --> Machine2 mgmt0 internal port – br0 - web_server
Now I am reaching machine2 mgmt0 internal port with ip 10.51.89.166, and I am
translating it with nat to 172.16.1.7, that is the ip of the web server. The
wget is reaching the web server but although nat is translating the ip, the mac
is not being translated so the web server is not answering to the Sync message
cause the mac address is the mgmt0 internal port mac address d2:fc:69:1a:bb:12:
Tcpdump in web server:
16:49:22.443514 00:04:96:83:82:cb > d2:fc:69:1a:bb:12, ethertype IPv4 (0x0800),
length 74: (tos 0x0, ttl 59, id 6093, offset 0, flags [DF], proto TCP (6),
length 60)
159.107.31.251.37052 > 172.16.1.7.80: Flags [S], cksum 0xa83e (correct),
seq 2804806146, win 5840, options [mss 1460,sackOK,TS val 208463311 ecr
0,nop,wscale 2], length 0
These are the rules I am setting:
ovs-ofctl add-flow br0
"in_port=2,tcp,tp_dst=80,action=ct(commit,zone=1,nat(dst=172.16.1.7)),3"
ovs-ofctl add-flow br0
"in_port=3,ct_state=-trk,tcp,tp_src=80,action=ct(table=0,zone=1,nat)"
ovs-ofctl add-flow br0
"in_port=3,ct_state=+trk,ct_zone=1,tcp,tp_src=80,action=2"
Do you know what shall I do for the mac address being translated?
Thanks and BR/
From: D3c3 Balus [mailto:d3c3ba...@gmail.com]
Sent: jueves, 07 de julio de 2016 15:08
To: Cristina Palomo Regidor <cristina.palomo.regi...@ericsson.com>
Cc: discuss@openvswitch.org
Subject: Re: [ovs-discuss] help on nat example
The problem is not related to OpenFlow / Open vSwitch, but it’s a network
configuration on your machine.
Your machine is trying to find the MAC address of its gateway (192.168.9.220)
by ARPing for it. From what I see, noone replies. Where did you configure this
IP address 192.168.9.220 (that apparently acts as gateway) ?
2nd: you don’t need to translate ARP ! After you fix your ARP problem (make
your gateway respond to ARP), all traffic will be IP and that traffic will be
NATed according to your OF rules.
On Jul 7, 2016, at 2:03 PM, Cristina Palomo Regidor
<cristina.palomo.regi...@ericsson.com<mailto:cristina.palomo.regi...@ericsson.com>>
wrote:
Hello,
Thanks for your answer. I would like to use real NAT.
Now I have changed ips to different subnet.
So I have:
Client --> br0 --> web server
Client: 192.168.9.218/29
Web server: 172.16.1.5/24
I am trying to reach the web server from the client with the below emails nat
rules. I am trying to nat from 192.168.9.220 to 172.16.1.5:
Client # curl 192.168.9.220:80
But in vnet1 I only see:
14:54:04.123349 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has
192.168.9.220 tell 192.168.9.218, length 28
So the arp is not being translated.
Do you have any idea?
Thanks.
From: D3c3 Balus [mailto:d3c3ba...@gmail.com]
Sent: jueves, 07 de julio de 2016 14:25
To: Cristina Palomo Regidor
<cristina.palomo.regi...@ericsson.com<mailto:cristina.palomo.regi...@ericsson.com>>
Cc: discuss@openvswitch.org<mailto:discuss@openvswitch.org>
Subject: Re: [ovs-discuss] help on nat example
Ah, sorry, now I got it: you try to NAT between 172.16.1.4 to 172.16.1.5,
meaning 2 IPs in the same subnet ? Why would you do that ?
If you just want to change the DST IP, you could use simple OF rules
(set_field:ip_dst=x.x.x.x) - this is without conntrack.
If, on the other hand you want the real NAT (with conntrack) then choose the
NAT address in a different subnet.
DC
On Jul 7, 2016, at 1:11 PM, Cristina Palomo Regidor
<cristina.palomo.regi...@ericsson.com<mailto:cristina.palomo.regi...@ericsson.com>>
wrote:
Hello,
Thanks for your answer.
I have set the same rules also for arp but the result is the same, the arp is
not being translated:
# ovs-ofctl add-flow br0
"in_port=4,arp,action=ct(commit,zone=1,nat(dst=172.16.1.5)),5"
sccf16:~ #
# ovs-ofctl add-flow br0
"in_port=5,ct_state=-trk,arp,action=ct(table=0,zone=1,nat)"
# ovs-ofctl add-flow br0 "in_port=5,ct_state=+trk,ct_zone=1,arp,action=4"
# ovs-ofctl dump-flows br0
NXST_FLOW reply (xid=0x4):
cookie=0x0, duration=7194.171s, table=0, n_packets=12, n_bytes=956,
idle_age=6454, ip,in_port=4
actions=ct(commit,zone=1,nat(dst=172.16.1.5)),output:5
cookie=0x0, duration=11.523s, table=0, n_packets=0, n_bytes=0, idle_age=11,
arp,in_port=4 actions=ct(commit,zone=1,nat(dst=172.16.1.5)),output:5
cookie=0x0, duration=6784.876s, table=0, n_packets=8, n_bytes=1056,
idle_age=6454, ct_state=-trk,ip,in_port=5 actions=ct(table=0,zone=1,nat)
cookie=0x0, duration=11.516s, table=0, n_packets=0, n_bytes=0, idle_age=11,
ct_state=-trk,arp,in_port=5 actions=ct(table=0,zone=1,nat)
cookie=0x0, duration=6784.871s, table=0, n_packets=8, n_bytes=1056,
idle_age=6454, ct_state=+trk,ct_zone=1,ip,in_port=5 actions=output:4
cookie=0x0, duration=9.001s, table=0, n_packets=0, n_bytes=0, idle_age=9,
ct_state=+trk,ct_zone=1,arp,in_port=5 actions=output:4
cookie=0x0, duration=11482.919s, table=0, n_packets=851, n_bytes=108083,
idle_age=40, priority=0 actions=NORMAL
# tcpdump -vv -i vnet1
tcpdump: WARNING: vnet1: no IPv4 address assigned
tcpdump: listening on vnet1, link-type EN10MB (Ethernet), capture size 65535
bytes
14:05:51.165961 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 172.16.1.4
tell 172.16.1.1, length 28
14:05:52.167191 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 172.16.1.4
tell 172.16.1.1, length 28
14:05:53.169157 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 172.16.1.4
tell 172.16.1.1, length 28
14:05:54.171330 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 172.16.1.4
tell 172.16.1.1, length 28
From: D3c3 Balus [mailto:d3c3ba...@gmail.com]
Sent: jueves, 07 de julio de 2016 13:04
To: Cristina Palomo Regidor
<cristina.palomo.regi...@ericsson.com<mailto:cristina.palomo.regi...@ericsson.com>>
Cc: discuss@openvswitch.org<mailto:discuss@openvswitch.org>
Subject: Re: [ovs-discuss] help on nat example
Hello,
Your first flow “in_port=4, ip, ….” matches only IP traffic, but ARP is not
matched. You need another rule like “in_port, arp, actions….” to translate
also ARP.
Cheers,
DC
On Jul 7, 2016, at 11:36 AM, Cristina Palomo Regidor
<cristina.palomo.regi...@ericsson.com<mailto:cristina.palomo.regi...@ericsson.com>>
wrote:
Hello,
I would appreciate any help on this nat example. I want to do dst nat
translation so the dst address is translated to 172.16.1.5 where I have a web
server.
I have implemented these flows:
ovs-ofctl add-flow br0
"in_port=4,ip,action=ct(commit,zone=1,nat(dst=172.16.1.5)),5"
ovs-ofctl add-flow br0
"in_port=5,ct_state=-trk,ip,action=ct(table=0,zone=1,nat)"
ovs-ofctl add-flow br0 "in_port=5,ct_state=+trk,ct_zone=1,ip,action=4"
Are they correct?
If I do from my client (port 4) curl 172.16.1.4:80 with the purpose of nat
translating the dst address to the web server address I only see arp requests
of this type in a tcpdump:
12:17:52.196395 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 172.16.1.4
tell 172.16.1.1, length 28
12:17:53.199288 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 172.16.1.4
tell 172.16.1.1, length 28
Could you help me on how to make this work?
Thanks and BR/
_______________________________________________
discuss mailing list
discuss@openvswitch.org<mailto:discuss@openvswitch.org>
http://openvswitch.org/mailman/listinfo/discuss
_______________________________________________
discuss mailing list
discuss@openvswitch.org
http://openvswitch.org/mailman/listinfo/discuss
