情况:

tag-icon tag-icon debian iptables routing xen debian-wheezy
情况:

情况:

DomU:Debian SID

/etc/网络/接口

auto eth0
iface eth0 inet static
 address x.x.x.55
 gateway x.x.x.49
 netmask 255.255.255.255
 pointopoint x.x.x.49

Ping DomU -> xxx49 (又名 Dom0)

PING x.x.x.49 (x.x.x.49) 56(84) bytes of data.
64 bytes from x.x.x.49: icmp_req=1 ttl=64 time=0.107 ms

Ping DomU->8.8.8.8

PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
^C
--- 8.8.8.8 ping statistics ---
34 packets transmitted, 0 received, 100% packet loss, time 33263ms

tcpdump -Kn

21:03:30.316328 IP x.x.x.55 > 8.8.8.8: ICMP echo request, id 4904, seq 3, length 64
21:03:31.324344 IP x.x.x.55 > 8.8.8.8: ICMP echo request, id 4904, seq 4, length 64
21:03:32.332338 IP x.x.x.55 > 8.8.8.8: ICMP echo request, id 4904, seq 5, length 64
21:03:33.340323 IP x.x.x.55 > 8.8.8.8: ICMP echo request, id 4904, seq 6, length 64
21:03:34.348343 IP x.x.x.55 > 8.8.8.8: ICMP echo request, id 4904, seq 7, length 64

Dom0:带有 Xen 4.1 的 Debian Wheezy

/etc/网络/接口

auto eth0
iface eth0 inet static
 address x.x.x.49
 gateway x.x.x.33
 netmask 255.255.255.255
 pointopoint x.x.x.33

sysctl -a

net.ipv4.conf.eth0.forwarding = 1
net.ipv4.conf.eth0.proxy_arp = 1
net.ipv6.conf.eth0.forwarding = 1
net.ipv4.conf.vif1/0.proxy_arp = 1

iptables -L -n(vif-route 自动添加的规则)

Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0            PHYSDEV match --physdev-out vif1.0 --physdev-is-bridged
ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0            PHYSDEV match --physdev-in vif1.0 --physdev-is-bridged udp spt:bootpc dpt:bootps
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0            PHYSDEV match --physdev-out vif1.0 --physdev-is-bridged
ACCEPT     all  --  x.x.x.55             0.0.0.0/0            PHYSDEV match --physdev-in vif1.0 --physdev-is-bridged

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

cat /etc/xen/xend-config.sxp | grep -e 脚本

# (network-script network-bridge)
# (network-script 'network-bridge netdev=eth1')
# (network-script 'network-bridge bridge=<name>')
#(vif-script vif-bridge)
(network-script network-route)
(vif-script     vif-route)
#(network-script network-nat)
#(vif-script     vif-nat)
#(resource-label-change-script '')

Ping Dom0 -> DomU

PING x.x.x.55 (x.x.x.55) 56(84) bytes of data.
64 bytes from x.x.x.55: icmp_req=1 ttl=64 time=0.148 ms

tcpdump -Kn | grep 55

21:01:36.545890 IP x.x.x.55 > 8.8.8.8: ICMP echo request, id 4880, seq 4, length 64
21:01:36.551504 IP 8.8.8.8 > x.x.x.55: ICMP echo reply, id 4880, seq 4, length 64
21:01:37.545838 IP x.x.x.55 > 8.8.8.8: ICMP echo request, id 4880, seq 5, length 64
21:01:37.550473 IP 8.8.8.8 > x.x.x.55: ICMP echo reply, id 4880, seq 5, length 64

问题

为什么 Dom0 没有将传入的 TCP 包转发到我的 DomU?

答案1

解决方案

事实证明,上述所有设置都是完全正确。问题是,我的主机提供商为附加 IP 分配了一个专用 MAC 地址。因此 Dom0 立即丢弃了该包,因为它认为这不是自己的包。

删除这个虚拟 MAC 之后,数据包就被完美接受并路由到整个系统。

所以

如果你在互联网以太网设备上遇到奇怪的数据包丢失(eth0就我的情况而言),请确保其他一切都正确,并且确保 MAC 地址与您的主地址相同,即eth0

相关内容