[Xen-users] DNAT Accross Bridge

[Adam <codedv@xxxxxxxxxx>]

I run a Virtual Machine that uses SSH to remote forward Windows File Sharing securely across the net. I need to forward several servers and I map them to different high numbered ports on the SSH server (virtual machine), 10139,10140,10141. The virtual machine is connected to a bridge xenbr0 on the host system that also acts as a router - the server and a single interface on the host machine are contained within a DMZ and are thus on a different subnet.

to facilitate the file sharing, I have setup several alias interfaces on the host machine: eth1:1 - 10.10.20.2, eth1:2 - 10.10.20.3, and eth1:3 - 10.10.20.4. I use DNAT to modify any connections to port 139 on these interfaces to the IP address of the virtual machine on the bridge and the appropriate high numbered port. The problem is, this doesn't quite work as expected and any attempt to connect via the dnat configuration fails.

Is there something I am missing with regards to DNAT a packet before it is bridged? Is there something else I should be doing to retain the data it contains?

Windows PC (10.10.1.3)---> ROUTER: eth0 (10.10.20.2) ---> DNAT --------------------> eth0:10.11.0.1 ||| BRIDGE(xenbr0) ||| 10.11.0.100 (VM)

               |                                           | 

               -> connection to 10.10.20.2:139 ---> changed to 10.11.0.100:10139 -------------------------------------------------->

Thanks, Adam 

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users