In fact I have the following configuration:<br />
<br />
extrouter(192.168.1.1) <- wifi -> [eth2 (192.168.1.11) Centos 6/6 based host br0 (172.22.5.254)]<br />
<br />
br0 contains two tap interfaces (tap0/172.22.5.1 tap1/172.22.5.2) from virtual machines (kvm), the gw inside VMs is 172.22.5.254.<br />
<br />
If only a single virtual machine is connected to br0 all works well. I cant ping from VM 192.168.1.1 and tcpdump for eth2 shows 192.168.1.11 as outgoing address, masquerading works as expected. But if I add the second VM (the order of VMs are not important) the outgoing address changes to the 172.22.5.254. After removing one of VM from the bridge all goes back and starts working again.<br />
<br />
Bridge has its own mac address, so adding an interface shouldn't change anything.<br />
<br />
The debug info from iptables log showed that kernel uses incorrect outgoing interface for nat:<br />
{{{<br />
POSTR: IN= OUT=br0 PHYSIN=tap0 PHYSOUT=tap1 SRC=172.22.5.1 DST=192.168.1.1 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=59404 SEQ=1<br />
}}}
↧
