> Ну и побольше сделайте tcpdump-ов при попытках пинга внешнего шлюза из domU.
> Т.е. подампьте трафик vif, eth,peth.... Там всё и будет ясно.Значит так...
Запустил domU, вот его ifconfig и route:
[root@centos-x86 ~]# ifconfig
eth0 Link encap:Ethernet HWaddr 00:50:56:29:D5:7A
inet addr:95.163.69.50 Bcast:95.163.69.255 Mask:255.255.255.0
inet6 addr: fe80::250:56ff:fe29:d57a/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:55 errors:0 dropped:0 overruns:0 frame:0
TX packets:13 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:6762 (6.6 KiB) TX bytes:762 (762.0 b)lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
[root@centos-x86 ~]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
95.163.69.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0
0.0.0.0 95.163.69.1 0.0.0.0 UG 0 0 0 eth0
Пингую с domU ip-адрес dom0, все в порядке:
[root@centos-x86 ~]# ping -c 2 95.163.69.48
PING 95.163.69.48 (95.163.69.48) 56(84) bytes of data.
64 bytes from 95.163.69.48: icmp_seq=1 ttl=64 time=0.097 ms
64 bytes from 95.163.69.48: icmp_seq=2 ttl=64 time=0.067 ms
Выхожу из domU в dom0 и пингую с него domU, тоже норма:
root@t1-debian:~# ping -c 2 95.163.69.50
PING 95.163.69.50 (95.163.69.50) 56(84) bytes of data.
64 bytes from 95.163.69.50: icmp_seq=1 ttl=64 time=0.063 ms
64 bytes from 95.163.69.50: icmp_seq=2 ttl=64 time=0.054 ms
Пакеты dom0 <-> domU ходят.
Далее.. Начинаю пинговать что-нибудь внешнее, например, шлюз 95.163.69.1 (но цель пинга не важна, с 8.8.8.8 будет так же). Внешка c domU уже не работает:
[root@centos-x86 ~]# ping -c 2 95.163.69.1
PING 95.163.69.1 (95.163.69.1) 56(84) bytes of data.
From 95.163.69.50 icmp_seq=1 Destination Host Unreachable
From 95.163.69.50 icmp_seq=2 Destination Host Unreachable--- 95.163.69.1 ping statistics ---
2 packets transmitted, 0 received, +2 errors, 100% packet loss, time 1010ms, pipe 2
Сразу говорю, что на dom0 с сетью порядок, иначе я бы не смог подключаться и т.п. :)
Теперь. Смотрю список интерфейсов для tcpdump:
root@t1-debian:~# tcpdump -D
1.peth0
2.eth0
3.vif10.0
4.any (Pseudo-device that captures on all interfaces)
5.lo
Запускаю ping 95.163.69.1 с domU и смотрю вывод tcpdump сначала на интерфейсе vif10.0:
[root@centos-x86 ~]# ping 95.163.69.1
PING 95.163.69.1 (95.163.69.1) 56(84) bytes of data.
root@t1-debian:~# tcpdump -nq -i vif10.0 host 95.163.69.50
tcpdump: WARNING: vif10.0: no IPv4 address assigned
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on vif10.0, link-type EN10MB (Ethernet), capture size 96 bytes
05:54:45.774605 IP 95.163.69.50 > 95.163.69.1: ICMP echo request, id 60931, seq 9, length 64
05:54:46.774567 IP 95.163.69.50 > 95.163.69.1: ICMP echo request, id 60931, seq 10, length 64
05:54:47.774549 arp who-has 95.163.69.1 tell 95.163.69.50
05:54:47.774576 IP 95.163.69.50 > 95.163.69.1: ICMP echo request, id 60931, seq 11, length 64
05:54:48.774578 IP 95.163.69.50 > 95.163.69.1: ICMP echo request, id 60931, seq 12, length 64
05:54:49.774571 IP 95.163.69.50 > 95.163.69.1: ICMP echo request, id 60931, seq 13, length 64
05:54:50.774568 IP 95.163.69.50 > 95.163.69.1: ICMP echo request, id 60931, seq 14, length 64
05:54:51.774570 IP 95.163.69.50 > 95.163.69.1: ICMP echo request, id 60931, seq 15, length 64
05:54:52.774571 IP 95.163.69.50 > 95.163.69.1: ICMP echo request, id 60931, seq 16, length 64
05:54:53.774558 arp who-has 95.163.69.1 tell 95.163.69.50
05:54:53.774583 IP 95.163.69.50 > 95.163.69.1: ICMP echo request, id 60931, seq 17, length 64
05:54:54.774560 arp who-has 95.163.69.1 tell 95.163.69.50
05:54:54.774616 IP 95.163.69.50 > 95.163.69.1: ICMP echo request, id 60931, seq 18, length 64
05:54:55.774559 arp who-has 95.163.69.1 tell 95.163.69.50
05:54:55.774585 IP 95.163.69.50 > 95.163.69.1: ICMP echo request, id 60931, seq 19, length 64
05:54:56.778544 arp who-has 95.163.69.1 tell 95.163.69.50
05:54:57.778555 arp who-has 95.163.69.1 tell 95.163.69.50
05:54:58.531966 IP 95.163.69.50 > 95.163.69.1: ICMP echo request, id 60931, seq 20, length 64
05:54:58.531967 IP 95.163.69.50 > 95.163.69.1: ICMP echo request, id 60931, seq 21, length 64
Теперь смотрю tcpdump на мосту eth0:
root@t1-debian:~# tcpdump -nq -i eth0 host 95.163.69.50
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
05:56:38.154609 arp who-has 95.163.69.1 tell 95.163.69.50
05:56:38.774577 IP 95.163.69.50 > 95.163.69.1: ICMP echo request, id 60931, seq 122, length 64
05:56:39.154560 arp who-has 95.163.69.1 tell 95.163.69.50
05:56:39.774604 IP 95.163.69.50 > 95.163.69.1: ICMP echo request, id 60931, seq 123, length 64
05:56:40.154562 arp who-has 95.163.69.1 tell 95.163.69.50
05:56:40.774580 IP 95.163.69.50 > 95.163.69.1: ICMP echo request, id 60931, seq 124, length 64
05:56:41.778557 arp who-has 95.163.69.1 tell 95.163.69.50
05:56:42.778550 arp who-has 95.163.69.1 tell 95.163.69.50
05:56:43.778556 arp who-has 95.163.69.1 tell 95.163.69.50
05:56:45.778556 arp who-has 95.163.69.1 tell 95.163.69.50
05:56:46.778549 arp who-has 95.163.69.1 tell 95.163.69.50
05:56:47.778556 arp who-has 95.163.69.1 tell 95.163.69.50
05:56:48.513994 IP 95.163.69.50 > 95.163.69.1: ICMP echo request, id 60931, seq 129, length 64
05:56:48.513995 IP 95.163.69.50 > 95.163.69.1: ICMP echo request, id 60931, seq 130, length 64
Аналогично, пакеты видны в одну сторону, domU -> dom0. dom0 не дает ответа.
Ну и tcpdump peth0:
root@t1-debian:~# tcpdump -nq -i peth0 host 95.163.69.50
tcpdump: WARNING: peth0: no IPv4 address assigned
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on peth0, link-type EN10MB (Ethernet), capture size 96 bytes
05:58:46.774605 IP 95.163.69.50 > 95.163.69.1: ICMP echo request, id 60931, seq 250, length 64
05:58:47.774612 IP 95.163.69.50 > 95.163.69.1: ICMP echo request, id 60931, seq 251, length 64
05:58:48.774585 IP 95.163.69.50 > 95.163.69.1: ICMP echo request, id 60931, seq 252, length 64
05:58:49.774563 arp who-has 95.163.69.1 tell 95.163.69.50
05:58:49.774607 IP 95.163.69.50 > 95.163.69.1: ICMP echo request, id 60931, seq 253, length 64
05:58:50.774560 arp who-has 95.163.69.1 tell 95.163.69.50
05:58:50.774585 IP 95.163.69.50 > 95.163.69.1: ICMP echo request, id 60931, seq 254, length 64
05:58:51.774573 arp who-has 95.163.69.1 tell 95.163.69.50
05:58:51.774610 IP 95.163.69.50 > 95.163.69.1: ICMP echo request, id 60931, seq 255, length 64
05:58:52.778555 arp who-has 95.163.69.1 tell 95.163.69.50
05:58:53.778566 arp who-has 95.163.69.1 tell 95.163.69.50
05:58:54.778559 arp who-has 95.163.69.1 tell 95.163.69.50
Получается, дело не в dom0. Значит бриджинг работает.
Для сравнения, включил на domU опять пинг dom0. tcpdump:
root@t1-debian:~# tcpdump -nq -i vif10.0 host 95.163.69.50
tcpdump: WARNING: vif10.0: no IPv4 address assigned
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on vif10.0, link-type EN10MB (Ethernet), capture size 96 bytes
06:03:03.246632 IP 95.163.69.50 > 95.163.69.48: ICMP echo request, id 61187, seq 48, length 64
06:03:03.246711 IP 95.163.69.48 > 95.163.69.50: ICMP echo reply, id 61187, seq 48, length 64
То есть без проблем выдны echo request & echo reply при tcpump vif10.0 и eth0. tcdump peth0 в этом случае конечно молчит, потому что это бридж -- работает vif <-> eth0, без участия peth0.
Извиняюсь за такую подробность, разжевал как мог :)
Вариант для распечатки
on 06-Фев-11, 15:20 
