This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
Home Products Support Community News


[Xen-users] domU packet forwarding

To: xen-users@xxxxxxxxxxxxxxxxxxx
Subject: [Xen-users] domU packet forwarding
From: Jeff Eggen <jeggen@xxxxxxxxxxxxxxxxx>
Date: Mon, 13 Jul 2009 15:55:08 -0600
Delivery-date: Mon, 13 Jul 2009 14:55:49 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx
Hello all,

I'm in the process of installing my first Xen server. I have a dom0
installed (CentOS 5) with public & private IPs. I created a domU (RHEL
4).  I left the networking setup at defaults, so I believe it's using
bridging; I have a virbr0 device in dom0 with an private IP on a new
subnet, and domU has an IP on that private subnet.  From the domU, I can
ping dom0, other hosts on my original private network, and hosts on the
internet.  All good so far.

However, now I want to forward traffic from both the private network and
the internet on specific ports to my domU server.  I don't need the port
changed, just forwarded.  I'm having problems coming up with the
iptables rules to accomplish this.  After reading many different things
online I tried adding the following rules (eth0 is my private IP, virbr0
is on, domU is at 122.5):

-t nat -A PREROUTING -p tcp -i eth0 -d XXX.XXX.XXX.XXX --dport #### -j
DNAT --to
-A FORWARD -p tcp -i eth0 -d --dport #### -j ACCEPT

This accomplished nothing.  I then thought it might be blocking the
virbr0 device, so I added another rule:

-A INPUT -i virbr0 -j ACCEPT

At this point I was able forwarding packets to my domU server from my
private network, but the domU is no longer able to talk to anything past
dom0.  I'm thinking I'm close, and just missing something simple.  Would
anyone be able to suggest something to try / some test to perform to
help identify where I'm having problems?  For that matter, if someone
were able to recommend a nice & clear explanation of how to accomplish
port forwarding to a domU I'd appreciate it. :-)

Thanks in advance,
Jeff Eggen

Xen-users mailing list

<Prev in Thread] Current Thread [Next in Thread>
  • [Xen-users] domU packet forwarding, Jeff Eggen <=