的/ etc /networking/接口
auto eth0 iface eth0 inet static address xxx55 gateway xxx49 netmask 255.255.255.255 pointopoint xxx49 Ping DomU – > xxx49(又名Dom0)
PING xxx49 (xxx49) 56(84) bytes of data. 64 bytes from xxx49: icmp_req=1 ttl=64 time=0.107 ms
Ping DomU – > 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data. ^C --- 8.8.8.8 ping statistics --- 34 packets transmitted, 0 received, 100% packet loss, time 33263ms
tcpdump -Kn
21:03:30.316328 IP xxx55 > 8.8.8.8: ICMP echo request, id 4904, seq 3, length 64 21:03:31.324344 IP xxx55 > 8.8.8.8: ICMP echo request, id 4904, seq 4, length 64 21:03:32.332338 IP xxx55 > 8.8.8.8: ICMP echo request, id 4904, seq 5, length 64 21:03:33.340323 IP xxx55 > 8.8.8.8: ICMP echo request, id 4904, seq 6, length 64 21:03:34.348343 IP xxx55 > 8.8.8.8: ICMP echo request, id 4904, seq 7, length 64
的/ etc /networking/接口
auto eth0 iface eth0 inet static address xxx49 gateway xxx33 netmask 255.255.255.255 pointopoint xxx33
sysctl -a
net.ipv4.conf.eth0.forwarding = 1 net.ipv4.conf.eth0.proxy_arp = 1 net.ipv6.conf.eth0.forwarding = 1 net.ipv4.conf.vif1/0.proxy_arp = 1
iptables -L -n (由vif-route自动添加的规则)
Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt source destination ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 PHYSDEV match --physdev-out vif1.0 --physdev-is-bridged ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 PHYSDEV match --physdev-in vif1.0 --physdev-is-bridged udp spt:bootpc dpt:bootps ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 PHYSDEV match --physdev-out vif1.0 --physdev-is-bridged ACCEPT all -- xxx55 0.0.0.0/0 PHYSDEV match --physdev-in vif1.0 --physdev-is-bridged Chain OUTPUT (policy ACCEPT) target prot opt source destination
cat /etc/xen/xend-config.sxp | grep -e脚本
# (network-script network-bridge) # (network-script 'network-bridge netdev=eth1') # (network-script 'network-bridge bridge=<name>') #(vif-script vif-bridge) (network-script network-route) (vif-script vif-route) #(network-script network-nat) #(vif-script vif-nat) #(resource-label-change-script '')
Ping Dom0 – > DomU
PING xxx55 (xxx55) 56(84) bytes of data. 64 bytes from xxx55: icmp_req=1 ttl=64 time=0.148 ms
tcpdump -Kn | grep 55
21:01:36.545890 IP xxx55 > 8.8.8.8: ICMP echo request, id 4880, seq 4, length 64 21:01:36.551504 IP 8.8.8.8 > xxx55: ICMP echo reply, id 4880, seq 4, length 64 21:01:37.545838 IP xxx55 > 8.8.8.8: ICMP echo request, id 4880, seq 5, length 64 21:01:37.550473 IP 8.8.8.8 > xxx55: ICMP echo reply, id 4880, seq 5, length 64
Dom0不能将传入的TCP包转发到我的DomU是什么?
那么,事实certificate,以上所有的设置是完全正确的 。 问题是,我的主机分配了一个专用的MAC地址到额外的IP地址。 所以Dom0立即丢弃了包装,因为它认为这不是一个包装。
删除这个虚拟MAC后,包被完全接受,并通过整个系统路由。
如果你的互联网以太网设备( eth0在我的情况下)遇到奇怪的包丢失,确保其他所有东西是正确的,并确保MAC地址与你的主地址相同,即eth0 !