subject:"\[ovs\-discuss\] iptables with ovs"

Re: [ovs-discuss] iptables and ovs bridge vlan

2016-04-13 Thread Cristina Palomo Regidor

Hello,
I have tried with following rules:
iptables -t nat -I PREROUTING 1 -p tcp --dport 8090 -j DNAT --to-destination 
192.168.9.217:8090

iptables -t nat -I POSTROUTING 1 -p tcp -d 192.168.9.217 --dport 8090 -j SNAT 
--to-source 192.168.9.219

But dmesg is showing that it is executing only the PREROUTING
[77249.138968] PREROUTING: IN=eth0 OUT= 
MAC=ec:f4:bb:bf:e5:40:00:04:96:83:83:56:08:00 SRC=10.51.89.198 DST=10.95.80.19 
LEN=60 TOS=0x10 PREC=0x00 TTL=61 ID=35912 DF PROTO=TCP SPT=35624 DPT=8090 
WINDOW=14600 RES=0x00 SYN URGP=0

I have created the interface vlan1012 with this command:
ovs-vsctl add-port br-ext vlan1012 tag=1012 -- set interface vlan1012 
type=internal

Any help would be much appreciated.

Thanks and BR/



From: discuss [mailto:discuss-boun...@openvswitch.org] On Behalf Of Cristina 
Palomo Regidor
Sent: martes, 12 de abril de 2016 11:25
To: discuss@openvswitch.org
Subject: [ovs-discuss] iptables and ovs bridge vlan


Hello,
I have a ovs bridge br-ext and a vlan1012 associated to this bridge. I am 
trying to create a iptable rule that forwards the incoming packets in the 
hypervisor eth0 to a virtual machine with ip address 192.168.9.217.  I can do 
telnet from the hypervisor to 192.168.9.217 8090. But I can not do telnet from 
outside hypervisor even if I have the ip tables rule described below in the 
hypervisor. if_oam = eth0 = 10.95.80.20 so I am trying from outside the 
hypervisor telnet 10.95.80.20 8090 but it is not working.

Could you help me?

# ifconfig br-ext
br-extLink encap:Ethernet  HWaddr A0:36:9F:43:DB:30
  inet6 addr: fe80::a236:9fff:fe43:db30/64 Scope:Link
  UP BROADCAST RUNNING  MTU:1500  Metric:1
  RX packets:437 errors:0 dropped:0 overruns:0 frame:0
  TX packets:24 errors:0 dropped:0 overruns:0 carrier:0
  collisions:0 txqueuelen:0
  RX bytes:35918 (35.0 Kb)  TX bytes:1776 (1.7 Kb)

# ifconfig vlan1012
vlan1012  Link encap:Ethernet  HWaddr A0:36:9F:43:DB:30
  inet addr:192.168.9.219  Bcast:192.168.9.223  Mask:255.255.255.248
  inet6 addr: fe80::a236:9fff:fe43:db30/64 Scope:Link
  UP BROADCAST RUNNING  MTU:1500  Metric:1
  RX packets:10 errors:0 dropped:0 overruns:0 frame:0
  TX packets:8 errors:0 dropped:0 overruns:0 carrier:0
  collisions:0 txqueuelen:0
  RX bytes:724 (724.0 b)  TX bytes:528 (528.0 b)


IPTABLES="iptables -A PREROUTING -t nat -j DNAT"
$IPTABLES -p tcp --dport 8090 -i $if_oam --to 192.168.9.217:8090

___
discuss mailing list
discuss@openvswitch.org
http://openvswitch.org/mailman/listinfo/discuss

[ovs-discuss] iptables and ovs bridge vlan

2016-04-12 Thread Cristina Palomo Regidor


Hello,
I have a ovs bridge br-ext and a vlan1012 associated to this bridge. I am 
trying to create a iptable rule that forwards the incoming packets in the 
hypervisor eth0 to a virtual machine with ip address 192.168.9.217.  I can do 
telnet from the hypervisor to 192.168.9.217 8090. But I can not do telnet from 
outside hypervisor even if I have the ip tables rule described below in the 
hypervisor. if_oam = eth0 = 10.95.80.20 so I am trying from outside the 
hypervisor telnet 10.95.80.20 8090 but it is not working.

Could you help me?

# ifconfig br-ext
br-extLink encap:Ethernet  HWaddr A0:36:9F:43:DB:30
  inet6 addr: fe80::a236:9fff:fe43:db30/64 Scope:Link
  UP BROADCAST RUNNING  MTU:1500  Metric:1
  RX packets:437 errors:0 dropped:0 overruns:0 frame:0
  TX packets:24 errors:0 dropped:0 overruns:0 carrier:0
  collisions:0 txqueuelen:0
  RX bytes:35918 (35.0 Kb)  TX bytes:1776 (1.7 Kb)

# ifconfig vlan1012
vlan1012  Link encap:Ethernet  HWaddr A0:36:9F:43:DB:30
  inet addr:192.168.9.219  Bcast:192.168.9.223  Mask:255.255.255.248
  inet6 addr: fe80::a236:9fff:fe43:db30/64 Scope:Link
  UP BROADCAST RUNNING  MTU:1500  Metric:1
  RX packets:10 errors:0 dropped:0 overruns:0 frame:0
  TX packets:8 errors:0 dropped:0 overruns:0 carrier:0
  collisions:0 txqueuelen:0
  RX bytes:724 (724.0 b)  TX bytes:528 (528.0 b)


IPTABLES="iptables -A PREROUTING -t nat -j DNAT"
$IPTABLES -p tcp --dport 8090 -i $if_oam --to 192.168.9.217:8090

___
discuss mailing list
discuss@openvswitch.org
http://openvswitch.org/mailman/listinfo/discuss

Re: [ovs-discuss] iptables with ovs

2013-10-04 Thread kevin parker

Thanks anant,
 i went through their documentation it says they have
connected vif to bridge and applied rules on that and then connected bridge
to ovs,but i couldn't find a documentation to connect bridge to ovs.

Can some one please help me with solving this.

Thanks
kevin


On Thu, Oct 3, 2013 at 9:25 PM, ananthan ananthannair...@gmail.com wrote:


 I dont think iptables -m physdev vif can work with ovs,but in openstack
 i think they made it to work by attaching virtual interface to  Linux
 bridge and then to ovs bridge,may be some one can explain it better.





 On Thu, Oct 3, 2013 at 2:45 PM, kevin parker kevin.parker...@gmail.comwrote:

 Hi,
Is there any way that i can make iptables filtering to work with
 ovs.

 NAT is working but not able to filter traffic coming into the vm.

 Earlier with bridge i was able to filter using *-m physdev* ,but its not
 working with ovs.

 Is there any work around or changes that i can make for iptables to work
 with ovs.

 Currently i use ovs-ofctl to filter port and ip ,but need to use iptables
 to do the filtering part.

 Regards,
 kevin




 ___
 discuss mailing list
 discuss@openvswitch.org
 http://openvswitch.org/mailman/listinfo/discuss



___
discuss mailing list
discuss@openvswitch.org
http://openvswitch.org/mailman/listinfo/discuss

[ovs-discuss] iptables with ovs

2013-10-03 Thread kevin parker

Hi,
   Is there any way that i can make iptables filtering to work with ovs.

NAT is working but not able to filter traffic coming into the vm.

Earlier with bridge i was able to filter using *-m physdev* ,but its not
working with ovs.

Is there any work around or changes that i can make for iptables to work
with ovs.

Currently i use ovs-ofctl to filter port and ip ,but need to use iptables
to do the filtering part.

Regards,
kevin
___
discuss mailing list
discuss@openvswitch.org
http://openvswitch.org/mailman/listinfo/discuss

Re: [ovs-discuss] iptables with ovs

2013-10-03 Thread ananthan

I dont think iptables -m physdev vif can work with ovs,but in openstack i
think they made it to work by attaching virtual interface to  Linux bridge
and then to ovs bridge,may be some one can explain it better.





On Thu, Oct 3, 2013 at 2:45 PM, kevin parker kevin.parker...@gmail.comwrote:

 Hi,
Is there any way that i can make iptables filtering to work with
 ovs.

 NAT is working but not able to filter traffic coming into the vm.

 Earlier with bridge i was able to filter using *-m physdev* ,but its not
 working with ovs.

 Is there any work around or changes that i can make for iptables to work
 with ovs.

 Currently i use ovs-ofctl to filter port and ip ,but need to use iptables
 to do the filtering part.

 Regards,
 kevin




 ___
 discuss mailing list
 discuss@openvswitch.org
 http://openvswitch.org/mailman/listinfo/discuss


___
discuss mailing list
discuss@openvswitch.org
http://openvswitch.org/mailman/listinfo/discuss

Re: [ovs-discuss] iptables and ovs bridge vlan

[ovs-discuss] iptables and ovs bridge vlan

Re: [ovs-discuss] iptables with ovs

[ovs-discuss] iptables with ovs

Re: [ovs-discuss] iptables with ovs

5 matches

Site Navigation

Mail list logo

Footer information