xen-users

[Top] [All Lists]

Re: [Xen-users] networking nat strange behaviuor

from [Igor Chubin]

[Permanent Link][Original]

To:	"zava.zava@xxxxxxxxx" <zava.zava@xxxxxxxxx>
Subject:	Re: [Xen-users] networking nat strange behaviuor
From:	Igor Chubin <igor@xxxxxxx>
Date:	Tue, 25 Dec 2007 17:55:07 +0200
Cc:	xen-users <xen-users@xxxxxxxxxxxxxxxxxxx>
Delivery-date:	Tue, 25 Dec 2007 07:54:11 -0800
Envelope-to:	www-data@xxxxxxxxxxxxxxxxxx
In-reply-to:	<JTIHIR$F39106DA707E4B76EEAF2343852F452A@xxxxxxxxx>
List-help:	<mailto:xen-users-request@lists.xensource.com?subject=help>
List-id:	Xen user discussion <xen-users.lists.xensource.com>
List-post:	<mailto:xen-users@lists.xensource.com>
List-subscribe:	<http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe:	<http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
References:	<JTIHIR$F39106DA707E4B76EEAF2343852F452A@xxxxxxxxx>
Reply-to:	Igor Chubin <igor@xxxxxxx>
Sender:	xen-users-bounces@xxxxxxxxxxxxxxxxxxx
User-agent:	Mutt/1.5.16 (2007-06-11)

On So, Dez 23, 2007 at 05:52:03 +0100, zava.zava@xxxxxxxxx wrote:
> I use debian etch amd64 and xen from the debian repositories;
> I have created 2 paravirtualized server, (always debian amd64), a web server 
> and a mail server.
> 
> The dom0 is attached to internet through  an ethernet modem (ppp0), with a 
> dynamic ip.
> 
> I use, in dom0,
> 
> (network-script network-nat)
> (vif-script     vif-nat
> 
> 1.0.0.0.1 = web server domU (gateway 10.0.0.254)
> 1.0.0.0.2 = mail server domU (gateway 10.0.0.254)
> 
> In the dom0 firewall i have these relevant rules:
> 
> Input, output and forward all on accept;
> 
> echo 1 >> /proc/sys/net/ipv4/ip_forward
> 
> iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
> 
> iptables -A PREROUTING -t nat -p tcp -i ppp0 --dport 25 -j DNAT --to 
> 10.0.0.2:25
> 
> iptables -A PREROUTING -t nat -p tcp -i ppp0 --dport 465 -j DNAT --to 
> 10.0.0.2:465
> 
> iptables -A PREROUTING -t nat -p tcp -i ppp0 --dport 143 -j DNAT --to 
> 10.0.0.2:143
> 
> iptables -A PREROUTING -t nat -p tcp -i ppp0 --dport 993 -j DNAT --to 
> 10.0.0.2:993
> 
> iptables -t nat -A PREROUTING -p tcp -i ppp0 --dport 80 -j DNAT --to 
> 10.0.0.1:80
> 
> Result: the web server can be contacted from outside, works perfectly
> The mail server can't be contacted form outside;
> 
> What's wrong?

Don't you want to specify -t nat for the mail server rules too?

> 
> Thanks.
> 
> 
> 
> _______________________________________________
> Xen-users mailing list
> Xen-users@xxxxxxxxxxxxxxxxxxx
> http://lists.xensource.com/xen-users

-- 
WBR, i.m.chubin


_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
[Xen-users] networking nat strange behaviuor, zava\.zava\@libero\.it Re: [Xen-users] networking nat strange behaviuor, Igor Chubin <= Re: [Xen-users] networking nat strange behaviuor, Igor Chubin

Previous by Date:	[Xen-users] changes from fedora fc7 to fc8, jim burns
Next by Date:	Re: [Xen-users] networking nat strange behaviuor, Igor Chubin
Previous by Thread:	[Xen-users] networking nat strange behaviuor, zava\.zava\@libero\.it
Next by Thread:	Re: [Xen-users] networking nat strange behaviuor, Igor Chubin
Indexes:	[Date] [Thread] [Top] [All Lists]