I am using VMware (16 Pro 16.2.5) on Windows platform, and created two VMs (VmA and VmB). Both VMs are running Ubuntu 20.04.

In VMware, I created VMnet18 (type host-only, no DHCP, not connected to native host), CIDR is 192.168.88.0/24.

VmA is my developer VM. I am developing a DPDK (24.07) application. VmA has three NICs: ens33 is used for connection to the Internet, ens37 (0000:02:05.0, port0) connected to VMnet18, ens38 (0000:02:06.0, port1) is a bridged NIC not used in this test, and a tap dev (port2).

VmB is the testing VM, with only one NIC connected to VMnet18 (192.168.88.128/24, default gateway 192.168.88.1).

Before running my application, I execute:

echo 1 | sudo tee /sys/module/vfio/parameters/enable_unsafe_noiommu_mode

My application is started with args -l 1-3 -n 4 -m 1024 --vdev=net_tap1,iface=tap1,persist=0. When started, DPDK gets 3 ports and waits for packets. My application responds to ARP requests for 192.168.88.1. When ICMP packets are received, DPDK writes (rte_eth_tx_burst) packets to port2, changing the source MAC to tap1.

port2 (tap1) is configured with 192.168.88.1/24.

In VmB, I keep pinging 8.8.8.8.

Here comes the question: in VmA, tcpdump -i tap1 -nnn icmp shows packets from 192.168.88.128 to 8.8.8.8. tcpdump shows no errors. I want VmA's kernel to NAT these packets to the Internet with ens33. Here is what I do:

sysctl -w net.ipv4.ip_forward=1  
iptables -A FORWARD -i tap1 -o ens33 -j ACCEPT
iptables -A FORWARD -i ens33 -o tap1 -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -t nat -A POSTROUTING -s 192.168.88.0/24 ens33 -j MASQUERADE

tcpdump -i ens33 -nnn icmp can't see packets to 8.8.8.8, and the rule iptables -A FORWARD -i tap1 -o ens33 -j ACCEPT counter is always 0, seems to match nothing.

I also tried sysctl -w net.ipv4.conf.all.rp_filter=0, but it doesn't work.

What else should I check to NAT these packets to the Internet through ens33 in VmA?

I am using VMware (16 Pro 16.2.5) on Windows platform, and created two VMs (VmA and VmB). Both VMs are running Ubuntu 20.04.

In VMware, I created VMnet18 (type host-only, no DHCP, not connected to native host), CIDR is 192.168.88.0/24.

VmA is my developer VM. I am developing a DPDK (24.07) application. VmA has three NICs: ens33 is used for connection to the Internet, ens37 (0000:02:05.0, port0) connected to VMnet18, ens38 (0000:02:06.0, port1) is a bridged NIC not used in this test, and a tap dev (port2).

VmB is the testing VM, with only one NIC connected to VMnet18 (192.168.88.128/24, default gateway 192.168.88.1).

Before running my application, I execute:

echo 1 | sudo tee /sys/module/vfio/parameters/enable_unsafe_noiommu_mode

My application is started with args -l 1-3 -n 4 -m 1024 --vdev=net_tap1,iface=tap1,persist=0. When started, DPDK gets 3 ports and waits for packets. My application responds to ARP requests for 192.168.88.1. When ICMP packets are received, DPDK writes (rte_eth_tx_burst) packets to port2, changing the source MAC to tap1.

port2 (tap1) is configured with 192.168.88.1/24.

In VmB, I keep pinging 8.8.8.8.

Here comes the question: in VmA, tcpdump -i tap1 -nnn icmp shows packets from 192.168.88.128 to 8.8.8.8. tcpdump shows no errors. I want VmA's kernel to NAT these packets to the Internet with ens33. Here is what I do:

sysctl -w net.ipv4.ip_forward=1  
iptables -A FORWARD -i tap1 -o ens33 -j ACCEPT
iptables -A FORWARD -i ens33 -o tap1 -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -t nat -A POSTROUTING -s 192.168.88.0/24 -o ens33 -j MASQUERADE

tcpdump -i ens33 -nnn icmp can't see packets to 8.8.8.8, and the rule iptables -A FORWARD -i tap1 -o ens33 -j ACCEPT counter is always 0, seems to match nothing.

I also tried sysctl -w net.ipv4.conf.all.rp_filter=0, but it doesn't work.

What else should I check to NAT these packets to the Internet through ens33 in VmA?

I am using vmware(16 pro 16.2.5) on windows platform  , and create two vms (VmA and VmB), both vms runing ubutntu 20.04. In vmware , I create VmNet18 (type host-only  , no dhcp not connected to native host), cidr is 192.168.88.0/24

VmA is my developer vm, I am develop a DPDK(24.07) application , VmA has three NICs , ens33 is using to connection to the Internet  , ens37(0000:02:05.0, port0) connected to VMnet18, ens38(0000:02:06.0, port1) is a bridged nic not used in this test, and a tap dev(port2).

VmB is testing vm , only one nic conntected to Vmnet18 (192.168.88.128/24, default gw 192.168.88.1)

Before running my application I execute this echo 1 | sudo tee /sys/module/vfio/parameters/enable_unsafe_noiommu_mode, my applciation started with args  -l 1-3 -n 4 -m 1024 --vdev=net_tap1,iface=tap1,persist=0 when started DPDK got 3 ports and wating for packetes my application response ARP request of 192.168.88.1 , when received ICMP packets DPDK write (rte_eth_tx_burst) packets to port2 with chaning the source mac to tap1.

In VmB keep ping 8.8.8.8

Here comes the question, in VmA  , tcpdump -i tap1 -nnn icmp I can see packets from  192.168.88.128 to 8.8.8.8 tcpdump shows no errors, I want the VmA's kernel to nat these packets to Internet with ens33, here is what I do

sysctl -w net.ipv4.ip_forward=1  
iptables -A FORWARD -i tap1 -o ens33 -j ACCEPT
iptables -A FORWARD -i ens33 -o tap1 -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -t nat -A POSTROUTING -s 192.168.88.0/24 ens33 -j MASQUERADE

tcpdump -i ens33 -nnn icmp can't see packets to 8.8.8.8

  and rule iptables -A FORWARD -i tap1 -o ens33 -j ACCEPT counters is always 0, seems match nothing

I also sysctl -w net.ipv4.conf.all.rp_filter=0 But it not works

What else should I check to nat these packets to Internet through ens33 in VmA  ?

I am using VMware (16 Pro 16.2.5) on Windows platform, and created two VMs (VmA and VmB). Both VMs are running Ubuntu 20.04.

In VMware, I created VMnet18 (type host-only, no DHCP, not connected to native host), CIDR is 192.168.88.0/24.

VmA is my developer VM. I am developing a DPDK  (24.07) application. VmA has three NICs: ens33 is used for connection to the Internet, ens37  (0000:02:05.0, port0) connected to VMnet18, ens38  (0000:02:06.0, port1) is a bridged NIC not used in this test, and a tap dev  (port2).

VmB is the testing VM, with only one NIC connected to VMnet18 (192.168.88.128/24, default gateway 192.168.88.1).

Before running my application, I execute:

echo 1 | sudo tee /sys/module/vfio/parameters/enable_unsafe_noiommu_mode

My application is started with args -l 1-3 -n 4 -m 1024 --vdev=net_tap1,iface=tap1,persist=0. When started, DPDK gets 3 ports and waits for packets. My application responds to ARP requests for 192.168.88.1. When ICMP packets are received, DPDK writes (rte_eth_tx_burst) packets to port2, changing the source MAC to tap1.

In VmB, I keep pinging 8.8.8.8.

Here comes the question: in VmA, tcpdump -i tap1 -nnn icmp shows packets from 192.168.88.128 to 8.8.8.8. tcpdump shows no errors. I want VmA's kernel to NAT these packets to the Internet with ens33. Here is what I do:

sysctl -w net.ipv4.ip_forward=1  
iptables -A FORWARD -i tap1 -o ens33 -j ACCEPT
iptables -A FORWARD -i ens33 -o tap1 -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -t nat -A POSTROUTING -s 192.168.88.0/24 ens33 -j MASQUERADE

tcpdump -i ens33 -nnn icmp can't see packets to 8.8.8.8, and the rule iptables -A FORWARD -i tap1 -o ens33 -j ACCEPT counter is always 0, seems to match nothing.

I also tried sysctl -w net.ipv4.conf.all.rp_filter=0, but it doesn't work.

What else should I check to NAT these packets to the Internet through ens33 in VmA?