This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

hairpinning static NAT

0

Hi network experts,

My question is not directly related to wireshark. But when I start wireshark, the network behaviour is changed and I don't know why.

I have the following setup: Linux machine (OpenSuse 12.1) with one physical network interface. Interface has many IP's like 192.168.10.10, 192.168.10.11 ... 192.168.10.15

KVM is running on this box using libvirt and virt-manage.

Second interface is a virtual bridge virbr0 with IP 10.1.1.1

One to One NAT is setup from the host to the guests using shorewall.

Everything works except, connecting from guest to it's own 'external' ip. Let's assume guest has IP 10.1.1.15 and 192.168.1.15 is nat-ed to 10.1.1.15; connections from this guest (10.1.1.15) to 192.168.1.15 are failing. Connecting to any other 192.168.1.x IP's are working find (including other virtual machines).

When I start wireshark on the host, connections from 10.1.1.15 to 192.168.1.15 start to work!

Any suggestion is appreciated.

Regards, happyp3nguin

asked 15 Feb '12, 18:56

happyp3nguin's gravatar image

happyp3nguin
1111
accept rate: 0%


One Answer:

1

Even though I have no experience with your kind of setup, my guess is that putting the capture interface in Promiscuous mode (like Wireshark does by default when capturing) is the reason it suddenly works. You can verify this by using Wireshark without putting the interface in promiscuous mode.

answered 16 Feb '12, 01:45

SYN-bit's gravatar image

SYN-bit ♦♦
17.1k957245
accept rate: 20%

thanks for the answer, I have realized this today when I saw messages like this in the kernel log: device virbr0 entered promiscuous mode

(20 Feb '12, 08:13) happyp3nguin

(I converted your "answer" to a "comment", please see the FAQ for details)

(20 Feb '12, 08:23) SYN-bit ♦♦