I don’t understand what you mean by “translating mac addresses” ?? NAT works at layer 3 - it translates IP, not MAC
> On Jul 7, 2016, at 4:06 PM, Cristina Palomo Regidor > <cristina.palomo.regi...@ericsson.com> wrote: > > Hi, > thanks for your answer. > > I have tried a different setup > > Machine1 à Machine2 mgmt0 internal port – br0 - web_server > > Now I am reaching machine2 mgmt0 internal port with ip 10.51.89.166, and I am > translating it with nat to 172.16.1.7, that is the ip of the web server. The > wget is reaching the web server but although nat is translating the ip, the > mac is not being translated so the web server is not answering to the Sync > message cause the mac address is the mgmt0 internal port mac address > d2:fc:69:1a:bb:12: > > Tcpdump in web server: > 16:49:22.443514 00:04:96:83:82:cb > d2:fc:69:1a:bb:12, ethertype IPv4 > (0x0800), length 74: (tos 0x0, ttl 59, id 6093, offset 0, flags [DF], proto > TCP (6), length 60) > 159.107.31.251.37052 > 172.16.1.7.80: Flags [S], cksum 0xa83e (correct), > seq 2804806146, win 5840, options [mss 1460,sackOK,TS val 208463311 ecr > 0,nop,wscale 2], length 0 > > > These are the rules I am setting: > ovs-ofctl add-flow br0 > "in_port=2,tcp,tp_dst=80,action=ct(commit,zone=1,nat(dst=172.16.1.7)),3" > > ovs-ofctl add-flow br0 > "in_port=3,ct_state=-trk,tcp,tp_src=80,action=ct(table=0,zone=1,nat)" > ovs-ofctl add-flow br0 > "in_port=3,ct_state=+trk,ct_zone=1,tcp,tp_src=80,action=2" > > Do you know what shall I do for the mac address being translated? > > Thanks and BR/ > > From: D3c3 Balus [mailto:d3c3ba...@gmail.com <mailto:d3c3ba...@gmail.com>] > Sent: jueves, 07 de julio de 2016 15:08 > To: Cristina Palomo Regidor <cristina.palomo.regi...@ericsson.com > <mailto:cristina.palomo.regi...@ericsson.com>> > Cc: discuss@openvswitch.org <mailto:discuss@openvswitch.org> > Subject: Re: [ovs-discuss] help on nat example > > The problem is not related to OpenFlow / Open vSwitch, but it’s a network > configuration on your machine. > Your machine is trying to find the MAC address of its gateway (192.168.9.220) > by ARPing for it. From what I see, noone replies. Where did you configure > this IP address 192.168.9.220 (that apparently acts as gateway) ? > > 2nd: you don’t need to translate ARP ! After you fix your ARP problem (make > your gateway respond to ARP), all traffic will be IP and that traffic will be > NATed according to your OF rules. > > > On Jul 7, 2016, at 2:03 PM, Cristina Palomo Regidor > <cristina.palomo.regi...@ericsson.com > <mailto:cristina.palomo.regi...@ericsson.com>> wrote: > > Hello, > Thanks for your answer. I would like to use real NAT. > > Now I have changed ips to different subnet. > So I have: > > Client à br0 à web server > > Client: 192.168.9.218/29 > Web server: 172.16.1.5/24 > > I am trying to reach the web server from the client with the below emails nat > rules. I am trying to nat from 192.168.9.220 to 172.16.1.5: > Client # curl 192.168.9.220:80 > > But in vnet1 I only see: > > 14:54:04.123349 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has > 192.168.9.220 tell 192.168.9.218, length 28 > > So the arp is not being translated. > > Do you have any idea? > > Thanks. > > From: D3c3 Balus [mailto:d3c3ba...@gmail.com <mailto:d3c3ba...@gmail.com>] > Sent: jueves, 07 de julio de 2016 14:25 > To: Cristina Palomo Regidor <cristina.palomo.regi...@ericsson.com > <mailto:cristina.palomo.regi...@ericsson.com>> > Cc: discuss@openvswitch.org <mailto:discuss@openvswitch.org> > Subject: Re: [ovs-discuss] help on nat example > > Ah, sorry, now I got it: you try to NAT between 172.16.1.4 to 172.16.1.5, > meaning 2 IPs in the same subnet ? Why would you do that ? > If you just want to change the DST IP, you could use simple OF rules > (set_field:ip_dst=x.x.x.x) - this is without conntrack. > > If, on the other hand you want the real NAT (with conntrack) then choose the > NAT address in a different subnet. > > DC > > On Jul 7, 2016, at 1:11 PM, Cristina Palomo Regidor > <cristina.palomo.regi...@ericsson.com > <mailto:cristina.palomo.regi...@ericsson.com>> wrote: > > Hello, > Thanks for your answer. > I have set the same rules also for arp but the result is the same, the arp is > not being translated: > > # ovs-ofctl add-flow br0 > "in_port=4,arp,action=ct(commit,zone=1,nat(dst=172.16.1.5)),5" > sccf16:~ # > # ovs-ofctl add-flow br0 > "in_port=5,ct_state=-trk,arp,action=ct(table=0,zone=1,nat)" > > # ovs-ofctl add-flow br0 "in_port=5,ct_state=+trk,ct_zone=1,arp,action=4" > > > # ovs-ofctl dump-flows br0 > NXST_FLOW reply (xid=0x4): > cookie=0x0, duration=7194.171s, table=0, n_packets=12, n_bytes=956, > idle_age=6454, ip,in_port=4 > actions=ct(commit,zone=1,nat(dst=172.16.1.5)),output:5 > cookie=0x0, duration=11.523s, table=0, n_packets=0, n_bytes=0, idle_age=11, > arp,in_port=4 actions=ct(commit,zone=1,nat(dst=172.16.1.5)),output:5 > cookie=0x0, duration=6784.876s, table=0, n_packets=8, n_bytes=1056, > idle_age=6454, ct_state=-trk,ip,in_port=5 actions=ct(table=0,zone=1,nat) > cookie=0x0, duration=11.516s, table=0, n_packets=0, n_bytes=0, idle_age=11, > ct_state=-trk,arp,in_port=5 actions=ct(table=0,zone=1,nat) > cookie=0x0, duration=6784.871s, table=0, n_packets=8, n_bytes=1056, > idle_age=6454, ct_state=+trk,ct_zone=1,ip,in_port=5 actions=output:4 > cookie=0x0, duration=9.001s, table=0, n_packets=0, n_bytes=0, idle_age=9, > ct_state=+trk,ct_zone=1,arp,in_port=5 actions=output:4 > cookie=0x0, duration=11482.919s, table=0, n_packets=851, n_bytes=108083, > idle_age=40, priority=0 actions=NORMAL > > # tcpdump -vv -i vnet1 > tcpdump: WARNING: vnet1: no IPv4 address assigned > tcpdump: listening on vnet1, link-type EN10MB (Ethernet), capture size 65535 > bytes > 14:05:51.165961 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has > 172.16.1.4 tell 172.16.1.1, length 28 > 14:05:52.167191 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has > 172.16.1.4 tell 172.16.1.1, length 28 > 14:05:53.169157 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has > 172.16.1.4 tell 172.16.1.1, length 28 > 14:05:54.171330 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has > 172.16.1.4 tell 172.16.1.1, length 28 > > From: D3c3 Balus [mailto:d3c3ba...@gmail.com <mailto:d3c3ba...@gmail.com>] > Sent: jueves, 07 de julio de 2016 13:04 > To: Cristina Palomo Regidor <cristina.palomo.regi...@ericsson.com > <mailto:cristina.palomo.regi...@ericsson.com>> > Cc: discuss@openvswitch.org <mailto:discuss@openvswitch.org> > Subject: Re: [ovs-discuss] help on nat example > > Hello, > > Your first flow “in_port=4, ip, ….” matches only IP traffic, but ARP is not > matched. You need another rule like “in_port, arp, actions….” to translate > also ARP. > > Cheers, > > DC > > On Jul 7, 2016, at 11:36 AM, Cristina Palomo Regidor > <cristina.palomo.regi...@ericsson.com > <mailto:cristina.palomo.regi...@ericsson.com>> wrote: > > Hello, > I would appreciate any help on this nat example. I want to do dst nat > translation so the dst address is translated to 172.16.1.5 where I have a web > server. > > I have implemented these flows: > > ovs-ofctl add-flow br0 > "in_port=4,ip,action=ct(commit,zone=1,nat(dst=172.16.1.5)),5" > ovs-ofctl add-flow br0 > "in_port=5,ct_state=-trk,ip,action=ct(table=0,zone=1,nat)" > ovs-ofctl add-flow br0 "in_port=5,ct_state=+trk,ct_zone=1,ip,action=4" > > Are they correct? > > If I do from my client (port 4) curl 172.16.1.4:80 with the purpose of nat > translating the dst address to the web server address I only see arp requests > of this type in a tcpdump: > 12:17:52.196395 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has > 172.16.1.4 tell 172.16.1.1, length 28 > 12:17:53.199288 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has > 172.16.1.4 tell 172.16.1.1, length 28 > > Could you help me on how to make this work? > > Thanks and BR/ > > > _______________________________________________ > discuss mailing list > discuss@openvswitch.org <mailto:discuss@openvswitch.org> > http://openvswitch.org/mailman/listinfo/discuss > <http://openvswitch.org/mailman/listinfo/discuss>
_______________________________________________ discuss mailing list discuss@openvswitch.org http://openvswitch.org/mailman/listinfo/discuss
