LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (https://www.linuxquestions.org/questions/linux-networking-3/)
-   -   Iptables and network bridge (https://www.linuxquestions.org/questions/linux-networking-3/iptables-and-network-bridge-850503/)

brianmcgee 12-15-2010 04:37 PM
Iptables and network bridge
 
Hello,

I have the following XEN network setup at hand:
Code:
IPTABLES
br0 - Public IP 123.123.123.123
+---eth0

vbr0 - DMZ IP 192.168.1.1
+---vif Virtual Machine with IP 192.168.1.42
Goals:

Forward requests on tcp port 80 to the virtual machine with the IP 192.168.1.42.
The virtual machine should get updates from the internet
The virtual machine should successfully ping Public IP 123.123.123.123
The virtual machine should successfully ping 192.168.1.1
The virtualization host should successfully ping 192.168.1.42
IPtables has default drop policy.

Some thoughts:
Code:
echo 1 > /proc/sys/net/ipv4/ip_forward 2> /dev/null
# Forward port 80 to httpd in virtual machine
iptables -I FORWARD -m physdev --physdev-is-bridged -j ACCEPT
iptables -A INPUT -i br0 -m state --state NEW -p tcp --dport 80 -j ACCEPT
iptables -A FORWARD -i br0 -m state --state NEW -p tcp -d 192.168.1.42 --dport 80 -j ACCEPT

# Allow internet access in virtual machine
iptables -t nat -A POSTROUTING -o br0 -j MASQUERADE
iptables -t nat -A POSTROUTING -s 192.168.1.42/255.255.255.0 -o br0 -j SNAT --to 123.123.123.123
Currently working/not working:
Internet in the virtual machine is ok: VM can ping google and wget index.html
VM does not get ping reply to ip 192.168.1.42, 192.168.1.1 nor 123.123.123.123

How can I further debug this issue? What did I miss? Thanks!

frankbell 12-16-2010 08:43 PM
Maybe this thread will help.

brianmcgee 12-17-2010 02:39 PM
Thanks for the help!

The solution was trivial. All was setup correct. Icmp was ignored by host. The following code solved the issue:

Code:
echo 0 > /proc/sys/net/ipv4/icmp_echo_ignore_all


All times are GMT -5. The time now is 01:46 AM.