This is how my DOM0 - IP table look like -
[root@gdrd59 ~]# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
ACCEPT tcp -- anywhere anywhere tcp dpt:webcache
ACCEPT tcp -- anywhere anywhere tcp dpt:http
ACCEPT tcp -- anywhere anywhere tcp dpt:http
Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere PHYSDEV match --physdev-in vif6.0
ACCEPT all -- anywhere anywhere PHYSDEV match --physdev-in eth0 ! --physdev-out eth0
ACCEPT all -- anywhere anywhere PHYSDEV match ! --physdev-in eth0 --physdev-out eth0
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
############################################################################################################
domU IP Table looks like this -
[root@besim ~]# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
ACCEPT tcp -- anywhere anywhere tcp dpt:http
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp dpt:http
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
############################################################################################################
So as can be seen dom0 as forwarding table entry here. Am i doing something wrong in forwarding ?
Thanks
Mahendra
On Wed, Aug 6, 2008 at 10:08 AM, Dustin Henning
<Dustin.Henning@xxxxxxxxxxx> wrote:
Your VM probably has its own firewall/iptables configuration… This would need reconfigured along with the one on Dom0. If you don't have firewall/iptables on your DomU, then perhaps your rules in the iptables Forwarding table on Dom0 are wrong. Traffic going to a DomU will go through the Forwarding table instead of the Incoming table where traffic for Dom0 goes, I believe this would be true for both bridging and routing.
Dustin
From:
xen-users-bounces@xxxxxxxxxxxxxxxxxxx [mailto:
xen-users-bounces@xxxxxxxxxxxxxxxxxxx] On Behalf Of Mahendra Kutare
Sent: Wednesday, August 06, 2008 09:59
To:
Xen-users@xxxxxxxxxxxxxxxxxxx
Subject: [Xen-users] Prob Connecting VM through http or ssh
Hi ,
I am a newbie to Xen. I created a VM and associated an IP address.
Next, i disabled firewall and on ip tables allowed port 80, 22 and 8080 (for my tomcat installation) .
I started httpd on VM (domU) and dom0.
After that I tried connecting to dom0 httpd (webserver) port 80 from another physical server. This works and shows me the correct page when i do - http://<dom0-machine-ip>:80/. Then i try ssh to dom0 machine it works.
But when i try to do the same for VM (domU) on dom0 on browser as - http://<domU-VM-ip>:80/ it does not work. Also when i try ssh to domU machine ip it says - Access Denied.
Please help me resolve this. What it is that i am missing here ?
Thanks
Mahendra
_______________________________________________
Xen-users mailing list
http://lists.xensource.com/xen-users
--
Only those who can risk going too far, can find out how far one can go.