Hi all,
In order to create a -more or less- representative test configuration, I
tried to copy a real life situation into a xen-set-up:
-external firewal (kc3040)
-openvpn server (kc3072)
-Internal firewall (kc3041)
-management gateway (kc3075)
-asterisk pabx
-mysql server
To simulate different networks, I created dummy ethernet devices, and
connected bridges to it.
All of the four bridges are working OK, except ONE: BR2 and also only
from one virtual machine: openvpn/kc3072
If i ping on the vpn-box (vpn is not setup yet) towards internal
firewall i see no traffic at all ( 172.16.100.1 => 172.16.100.2 )
Even if i do an tcpdump on the bridge-device from DOM-0, i dont see
anything.
On the otherhand, if i do a ping the otherway round (int-fw towards vpn)
i see the icmp-request on the bridge device (but no repy, hence the
problem)
Looked at [internal] firewall, at the bridges, routing, but i'm
clue-less….
Tried to move the whole configuration towards a different DOM-0, with
the same result, rebuild the vpn-dom-U: still no show
All firewall's are down.
All boxes are suse: both firewals are open_11.4, mgnt+vpn are sles11sp1
and dom0 is also sles, but tried also with open.
Tried the lists at xen, but the only replies were questions what i used
to make the drawing ;-)
Any suggestion where to look next?
Kind regards, Hans
Oh, btw config of the vpn-box (kc3072) is as follows:
name="kc3072"
description="int vpn server"
uuid="99ee7c72-493b-e69d-3cfa-7b438fcd2988"
memory=1000
maxmem=1000
vcpus=1
on_poweroff="destroy"
on_reboot="restart"
on_crash="destroy"
localtime=0
keymap="en-us"
builder="linux"
bootloader="/usr/bin/pygrub"
bootargs=""
extra=" "
disk=[ 'phy:/dev/xen-productie/kc3072-boot,xvda,w',
'phy:/dev/xen-productie/kc3072-swap,xvdb,w',
'phy:/dev/xen-productie/kc3072-syst,xvdc,w',
'phy:/dev/xen-productie/kc3072-data,xvdd,w', ]
vif=[ 'mac=00:16:3e:30:72:01,bridge=br1',
'mac=00:16:3e:30:72:02,bridge=br2',
'mac=00:16:3e:30:72:03,bridge=br3', ]
vfb=['type=vnc,vncunused=1']
kc3072:~ # ifconfig -a
eth0 Link encap:Ethernet HWaddr 00:16:3E:30:72:01
inet addr:192.168.100.2 Bcast:192.168.100.255
Mask:255.255.255.0
inet6 addr: fe80::216:3eff:fe30:7201/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:14 errors:0 dropped:0 overruns:0 frame:0
TX packets:19 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:1140 (1.1 Kb) TX bytes:1530 (1.4 Kb)
eth1 Link encap:Ethernet HWaddr 00:16:3E:30:72:02
inet addr:172.16.100.1 Bcast:172.16.100.255
Mask:255.255.255.0
inet6 addr: fe80::216:3eff:fe30:7202/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:3 errors:0 dropped:0 overruns:0 frame:0
TX packets:77 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:230 (230.0 b) TX bytes:3518 (3.4 Kb)
eth2 Link encap:Ethernet HWaddr 00:16:3E:30:72:03
inet addr:192.168.0.236 Bcast:192.168.0.255
Mask:255.255.255.0
inet6 addr: fe80::216:3eff:fe30:7203/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:53 errors:0 dropped:0 overruns:0 frame:0
TX packets:14 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:2330 (2.2 Kb) TX bytes:872 (872.0 b)
