WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-users

[Xen-users] dom0 iptables DNAT/REDIRECT help

To: xen-users@xxxxxxxxxxxxxxxxxxx
Subject: [Xen-users] dom0 iptables DNAT/REDIRECT help
From: Roxanne Skelly <rskelly@xxxxxxxxxxxx>
Date: Thu, 02 Aug 2007 20:14:51 -0700
Delivery-date: Fri, 03 Aug 2007 09:55:40 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx
On my non-xen Fedora core 5 machine with a local webserver, I can type
the lines:
sysctl -w net.ipv4.ip_forward=1   # turn on ip forwarding
iptables -t nat -A PREROUTING -p tcp --dport 8000 -j REDIRECT --to-ports
80

This allows access to my webserver via http://mymachine:8000/

However, if I do the exact same thing on my box running the xen 3.0.3 or
xen 3.1 kernels, the packets are never REDIRECTED (DNAT to localhost).  
I've tried to follow the packets through the ip chains, and it appears
that the packets are being turned back before they hit the INPUT chain.
The nat rule doesn't seem to be run.

(You should be able to try this on your machine to see what I mean)

Can someone enlighten me on what could be happening here?  I suspect
it's some oddness with bridging, but I'm not sure.

Rox


_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users

<Prev in Thread] Current Thread [Next in Thread>
  • [Xen-users] dom0 iptables DNAT/REDIRECT help, Roxanne Skelly <=