From 24b726a3bf6751cf0368615e3ec5a4140f1f4ac0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?= Date: Tue, 1 Nov 2016 00:22:19 +0100 Subject: [PATCH] network: use /32 netmask on internal IPs in NAT providing namespace Use /32 inside network namespace too. Otherwise inter-VM traffic is broken - as all VMs seems to be in a single /24 subnet, but in fact are not. QubesOS/qubes-issues#1143 --- network/vif-qubes-nat.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/network/vif-qubes-nat.sh b/network/vif-qubes-nat.sh index 2fea819..7a0a620 100755 --- a/network/vif-qubes-nat.sh +++ b/network/vif-qubes-nat.sh @@ -1,7 +1,6 @@ #!/bin/bash #set -x -netvm_subnet=/24 undetectable_netvm_ips= netns="${vif}-nat" @@ -85,13 +84,14 @@ if test "$command" == online; then netns iptables -t nat -I POSTROUTING -o "$netns_appvm_if" -s "$netvm_dns2_ip" -j SNAT --to-source "$appvm_dns2_ip" fi - netns ip addr add "$netvm_ip$netvm_subnet" dev "$netns_netvm_if" + netns ip addr add "$netvm_ip" dev "$netns_netvm_if" netns ip addr add "$appvm_gw_ip" dev "$netns_appvm_if" netns ip link set "$netns_netvm_if" up netns ip link set "$netns_appvm_if" up netns ip route add "$appvm_ip" dev "$netns_appvm_if" src "$appvm_gw_ip" + netns ip route add "$netvm_gw_ip" dev "$netns_netvm_if" src "$netvm_ip" netns ip route add default via "$netvm_gw_ip" dev "$netns_netvm_if" src "$netvm_ip"