| |
|
 |
|
 |
|
|
|
| |
|
|
xen-users
[Xen-users] XEN Bridged Network and NAT
Hello everybody,
I have two physical machines running by a provider. Each of them has 2
physical network cards. Eth0 is connected to the internet and eth1
connects the two machines directly. As you may divine, we like to have a
high available setup. But because the provider does not allow to take
the IPs of one machine to the other and for security reason I decided to
run the virtual machines with a bridged private network on eth1 and
masquerade virtual machines which needs internet access or where the
outside world needs access. The idea behind it. If the machine where the
webserver resides fails, the server moves to the other machine and there
heartbeat starts an emergency nameserver as well, which provides the new
official IPs. The nameservers have a short TTL, so after about 10
minutes the new IPs should be known by everyone. So far everthing works
fine. But I have two problems.
The first one. I can not access the service which is running on the
virtual machine with its official IP on the same machine or in dom0.
e.g. the virtual machine runs a webserver and has the IP 192.168.1.10.
It has to be reachable by the outsite world with the IP 10.0.0.10.
On dom0 I do a
-A PREROUTING -d 10.0.0.10/32 -p tcp -m tcp --dport 80 -j DNAT
--to-destination 192.168.1.10
to assign the official address to the virtual machine and a
-A POSTROUTING -s 192.168.1.10/32 -d ! 192.168.1.0/24 -j SNAT
--to-source 10.0.0.10
so that the virtual machine gets internet access.
If I now try to access the website with lynx on the virtual machine with
the IP 10.0.0.10 I get a timeout. On dom0 lynx tells me, the site is not
reachable.
On the other site a ping or traceroute is working.
The second problem affects the mailserver which is running on a virtual
machine as well.
Some clients tell me now, they are sometimes not able to send eMails
with an attachment. The attachment is not that big. May 1-4MB. But if
the client tries to send the mail, he gets a timeout after a while.
Sometimes after 10%, sometimes after 99% of the upload and sometimes the
same mail gets through. I can not reproduce the problem. If I try to
send a eMail with an attachment it gets through all the time. But it
seems to have something to do with the masquerading. On another machine
with XEN and the same setting of the mailserver but without masquerading
the clients have no problem to send mails with huge attachments.
May somebody has an idea what I'm doing wrong.
Thanks in advance.
By Michael
_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users
|
| <Prev in Thread] |
Current Thread |
[Next in Thread>
|
- [Xen-users] XEN Bridged Network and NAT,
Michael Grosseck <=
|
|
|
| |
|
Home