|
|
|
|
|
|
|
|
|
|
xen-users
Re: [Xen-users] Networking Help - Routed Configuration with NAT - How to
Hi,
Sending mail from dom0 to domU involves source IP is dom0 one. Your
configuration seems to use source IP and the NAT rules only specifies
10.0.66.66, which is your domU IP. This rules can't be succeed when
sending mail from domU to dom0. If your redirect rules is built the same
way, it also does not work.
By the way, why use dom0 as router and make it available via public IP?
I think it should be preferable to make directly your domU available via
its public IP. In this cas no need to NAT or whatever and your domU do
not handle incoming IP connections.
Jason wrote:
Hi,
After loads of trial and error, I have managed to get a pretty workable network
configuration set up:
The server is allocated public ips in xxx.xxx.xxx.192/29. Dom0 is bound to
xxx.xxx.xxx.194-198
Xend is configured to use the default network-route and vif-route scripts.
DomU is to be mail server responding on IP xxx.xxx.xxx.198
DomU network configuration is vif = [ 'ip=10.0.66.66' ]
Set up NAT:
iptables -t nat -A POSTROUTING -o eth0 -j SNAT -s 10.0.66.66 --to
xxx.xxx.xxx.198
iptables -t nat -A PREROUTING -i eth0 --dport 25 -j DNAT -d xxx.xxx.xxx.198
--to 10.0.66.66
At this stage everything works great, Except for one thing:
When Dom0 tries to send mail to the DomU - i.e. connecting to
xxx.xxx.xxx.198:25 from Dom0, it tries to connect to itself - not DomU!
So in essence it is not NATing its own connections. I figured it is because it
is configured to listen to xxx.xxx.xxx.198 (thus skipping iptables?) - so I
unbound it from xxx.xxx.xxx.198 and then it seemed to work fine - for a while -
until I think the router flushes its ARP cache. So then I started to read up on
ARP and proxy arp etc... but still am not making much headway.
I would be grateful to anybody able to shed any light / hints on this!
_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users
|
|
|
|
|