[CentOS-virt] routing problem with domU bridged to two networks

Fri Mar 16 16:23:53 UTC 2012
Peter Peltonen <peter.peltonen at gmail.com>


On Wed, Mar 7, 2012 at 10:13 PM, Ed Heron <Ed at heron-ent.com> wrote:
>> My goal:
>> To access NFS shares on a (non-virtualized) file server in the LAN
>> network from the domU web server in the DMZ network.


>> My problem:
>> If my domU web server is connected to both LAN and DMZ using the two
>> bridges xenbr0 and xenbr1, I can access the NFS share from the domU
>> web server and everything else works as expected, except for one thing
>> -- my workstations in the LAN cannot anymore access the web server:
>> web pages do not open anymore and from the workstations I cannot ping
>> the domU. If the web server domU is only connected to DMZ via xenbr0,
>> the workstations can access it ok.
>> Any advice what I am doing wrong and I could fix my setup?
>  The postrouting command uses -o eth2.  To NAT LAN requests to your DMZ
> web server, shouldn't you be using xenbr0?

Thanks Ed for your advice, that was the thing I was missing. After
adding a postrouting command for xenbr0 everything works as expected.