[CentOS] Not firewall, but what?
Les Mikesell
lesmikesell at gmail.com
Tue May 11 13:08:13 UTC 2010
Jussi Hirvi wrote:
> On 11.5.2010 3.40, Gordon Messmer wrote:
>> Routing policy is definitely required for a multi-homed system such as
>> Jussi presented, but NAT is totally superfluous. It adds an extra layer
>> of complexity that makes the system more difficult to diagnose and
>> configure, and contributes nothing of value in return.
>
> Funny, this morning I came to the same conclusion after some googling. A
> xen box with two bridges should be considered normal, and it should not
> break anything inside or outside the box.
>
> There are good instructions on the net for installing 2 virtual bridges
> on a xen box. But I have found no mention of this specific dual-bridge
> problem I have: that ip traffic goes in ok through any physical nic to
> the dom0 or domUs, but all replies are routed to only one nic (the
> default gateway). (I verified this with tcpdump.)
That's not xen or bridge related. Unless you do policy-based routing, packets
always follow the destination route regardless of where the input was received.
That's a feature, not a bug.
--
Les Mikesell
lesmikesell at gmail.com
More information about the CentOS
mailing list