Estou executando duas Máquinas Virtuais no hypervisor XEN, ambas com o Ubuntu Trusty (versão Linaro-Developer), com a seguinte configuração de rede de ponte simples:
Domíniodeback-end(dom0):
br0Linkencap:EthernetHWaddr02:4d:04:41:96:a9inetaddr:141.79.67.109Bcast:141.79.71.255Mask:255.255.248.0inet6addr:fe80::4d:4ff:fe41:96a9/64Scope:LinkUPBROADCASTRUNNINGMULTICASTMTU:1500Metric:1RXpackets:4896629errors:0dropped:814overruns:0frame:0TXpackets:1134errors:0dropped:0overruns:0carrier:0collisions:0txqueuelen:0RXbytes:356819584(356.8MB)TXbytes:277236(277.2KB)eth0Linkencap:EthernetHWaddr02:4d:04:41:96:a9UPBROADCASTRUNNINGMULTICASTMTU:1500Metric:1RXpackets:4906298errors:0dropped:0overruns:0frame:0TXpackets:2249errors:0dropped:0overruns:0carrier:0collisions:0txqueuelen:1000RXbytes:430584499(430.5MB)TXbytes:362740(362.7KB)Interrupt:44loLinkencap:LocalLoopbackinetaddr:127.0.0.1Mask:255.0.0.0inet6addr:::1/128Scope:HostUPLOOPBACKRUNNINGMTU:65536Metric:1RXpackets:16errors:0dropped:0overruns:0frame:0TXpackets:16errors:0dropped:0overruns:0carrier:0collisions:0txqueuelen:0RXbytes:1248(1.2KB)TXbytes:1248(1.2KB)vif1.0Linkencap:EthernetHWaddrfe:ff:ff:ff:ff:ffinet6addr:fe80::fcff:ffff:feff:ffff/64Scope:LinkUPBROADCASTRUNNINGMULTICASTMTU:1500Metric:1RXpackets:1049errors:0dropped:0overruns:0frame:0TXpackets:4767521errors:0dropped:0overruns:0carrier:0collisions:0txqueuelen:32RXbytes:66258(66.2KB)TXbytes:416912687(416.9MB)domíniodeconvidado(domU)
eth0Linkencap:EthernetHWaddr00:16:3e:54:95:f5inetaddr:141.79.66.105Bcast:141.79.71.255Mask:255.255.248.0inet6addr:fe80::216:3eff:fe54:95f5/64Scope:LinkUPBROADCASTRUNNINGMULTICASTMTU:1500Metric:1RXpackets:4879495errors:0dropped:815overruns:0frame:0TXpackets:1049errors:0dropped:0overruns:0carrier:0collisions:0txqueuelen:1000RXbytes:358293232(358.2MB)TXbytes:80944(80.9KB)loLinkencap:LocalLoopbackinetaddr:127.0.0.1Mask:255.0.0.0inet6addr:::1/128Scope:HostUPLOOPBACKRUNNINGMTU:65536Metric:1RXpackets:8errors:0dropped:0overruns:0frame:0TXpackets:8errors:0dropped:0overruns:0carrier:0collisions:0txqueuelen:0RXbytes:672(672.0B)TXbytes:672(672.0B)Onetwokingnodom0estáfuncionandobem(apt-get,wget).Noentanto,eutenhoumproblemamuitoestranho:opingfuncionabem,masoapt-geteowgetnãofuncionam.
root@MyUbuntu:~#wget-phttp://google.com--1970-01-0100:52:49--http://google.com/Resolvinggoogle.com(google.com)...129.143.66.27,129.143.66.29,129.143.66.30,...Connectingtogoogle.com(google.com)|129.143.66.27|:80...connected.HTTPrequestsent,awaitingresponse...Nodatareceived.Euinstalootcpdumpnodom0paradepuraroproblema,executandoumcomandosimples:
tcpdump-ibr0-n"tcp and src 141.79.66.105"
No entanto, sempre que o tcpdump estiver escutando, o wget e o apt-get funcionam bem:
root@MyUbuntu:~# wget -p http://google.com
--1970-01-01 00:42:27-- http://google.com/
Resolving google.com (google.com)... 129.143.66.45, 129.143.66.49, 129.143.66.53, ...
Connecting to google.com (google.com)|129.143.66.45|:80... connected.
HTTP request sent, awaiting response... 302 Found
Location: http://www.google.de/?gfe_rd=cr&ei=qJIzVs3qJqSh8wfLma_QCw [following]
--1970-01-01 00:42:27-- http://www.google.de/?gfe_rd=cr&ei=qJIzVs3qJqSh8wfLma_QCw
Resolving www.google.de (www.google.de)... 129.143.66.38, 129.143.66.42, 129.143.66.44, ...
Reusing existing connection to google.com:80.
HTTP request sent, awaiting response... 200 OK
Length: unspecified [text/html]
Saving to: 'google.com/index.html'
[ <=> ] 19,468 --.-K/s in 0.003s
1970-01-01 00:42:27 (5.84 MB/s) - 'google.com/index.html' saved [19468]
FINISHED --1970-01-01 00:42:27--
Total wall clock time: 0.09s
Downloaded: 1 files, 19K in 0.003s (5.84 MB/s)
O tcpdump abre qualquer porta que permita a passagem do tráfego? Qualquer ajuda é muito apreciada. Obrigado.
Quando você inicia o tcpdump, ele coloca a interface no modo promíscuo. Isso pode ser o que está permitindo que os dados cheguem ao domU enquanto o tcpdump está ativo.
Você poderia testar essa teoria adicionando --no-promiscuous-mode ao comando tcpdump. Ou definindo manualmente a interface para o modo promíscuo.
Não sei como isso ajuda a resolver o problema real.
Ao fazer o bridging, a interface física deve estar no modo promíscuo. Isso é para que os pacotes endereçados à ponte e interfaces virtuais possam ser vistos e encaminhados.
A solução é garantir que seu eth0 esteja configurado com "promisc" ativado.