WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-users

[Xen-users] NET Network / Server running on internal Network not reachab

To: xen-users@xxxxxxxxxxxxxxxxxxx
Subject: [Xen-users] NET Network / Server running on internal Network not reachable
From: Robert M. Münch <robert.muench@xxxxxxxxxxxxxxx>
Date: Tue, 08 Jul 2008 21:05:05 +0200
Delivery-date: Tue, 08 Jul 2008 12:05:41 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: Opera Mail/9.50 (Win32)
Hi all, since several days I try to get NAT networking to work, which is driving my nuts... I don't know what to do anymore. Maybe some expert have a good tip for me. I have ready almost anything about this topic and tested most stuff, but still no luck.

I want to run a web-server on a DomU. Hence I used the normal NAT setup from xen.

Current setup & situation

1. DomO can access the internet
2. Dom0 can access the DomU
3. DomU (10.0.0.1) can access the internet
4. DomU can access Dom0

What's not working is that I can't reach the web-server running on DomU.

IFCONFIG Output

eth0      Link encap:Ethernet  HWaddr 00:11:6b:94:d8:ea
          inet addr:87.118.120.16  Bcast:87.118.120.255  Mask:255.255.255.0
          inet6 addr: fe80::211:6bff:fe94:d8ea/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:60115200 errors:0 dropped:0 overruns:0 frame:0
          TX packets:188967 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:1572915748 (1.4 GB)  TX bytes:21158242 (20.1 MB)

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:14 errors:0 dropped:0 overruns:0 frame:0
          TX packets:14 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:700 (700.0 B)  TX bytes:700 (700.0 B)

peth0     Link encap:Ethernet  HWaddr fe:ff:ff:ff:ff:ff
          inet6 addr: fe80::fcff:ffff:feff:ffff/64 Scope:Link
          UP BROADCAST RUNNING NOARP  MTU:1500  Metric:1
          RX packets:69824162 errors:7 dropped:41 overruns:2 frame:0
          TX packets:190910 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:611060332 (582.7 MB)  TX bytes:21628510 (20.6 MB)
          Interrupt:21 Base address:0xc00

vif0.0    Link encap:Ethernet  HWaddr fe:ff:ff:ff:ff:ff
          inet6 addr: fe80::fcff:ffff:feff:ffff/64 Scope:Link
          UP BROADCAST RUNNING NOARP  MTU:1500  Metric:1
          RX packets:188967 errors:0 dropped:0 overruns:0 frame:0
          TX packets:60115201 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:21158242 (20.1 MB)  TX bytes:1572915818 (1.4 GB)

vif2.0    Link encap:Ethernet  HWaddr fe:ff:ff:ff:ff:ff
          inet addr:10.0.0.128  Bcast:0.0.0.0  Mask:255.255.255.255
          inet6 addr: fe80::fcff:ffff:feff:ffff/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:684 errors:0 dropped:0 overruns:0 frame:0
          TX packets:694 errors:0 dropped:3 overruns:0 carrier:0
          collisions:0 txqueuelen:32
          RX bytes:43145 (42.1 KB)  TX bytes:131433 (128.3 KB)

xenbr0    Link encap:Ethernet  HWaddr fe:ff:ff:ff:ff:ff
          UP BROADCAST RUNNING NOARP  MTU:1500  Metric:1
          RX packets:7385822 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:460560761 (439.2 MB)  TX bytes:0 (0.0 B)


BRCTL Output

bridge name     bridge id               STP enabled     interfaces
xenbr0          8000.feffffffffff       no              vif0.0
                                                        peth0


IPTABLES -L -t nat Output

Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination
DNAT tcp -- anywhere eisxen tcp dpt:www to:10.0.0.1:80

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination
MASQUERADE  all  --  anywhere             anywhere

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Here I want to forward all traffic coming in for the external IP address (eisxen) to 10.0.0.1:10


IPTABLES -L Output

Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
ACCEPT     tcp  --  anywhere             10.0.0.1            tcp dpt:www
ACCEPT all -- 10.0.0.1 anywhere PHYSDEV match --physdev-in vif2.0 ACCEPT udp -- anywhere anywhere PHYSDEV match --physdev-in vif2.0 udp spt:bootpc dpt:bootps

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Here the idea is that everything going to 10.0.0.1:80 is accepted.


ROUTE -n Output

Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface 10.0.0.1 0.0.0.0 255.255.255.255 UH 0 0 0 vif2.0 87.118.120.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 0.0.0.0 87.118.120.1 0.0.0.0 UG 100 0 0 eth0


I can see HTTP request packets coming to my server.

tcpdump -i peth0 host 87.118.120.16 and port 80

tcpdump: WARNING: peth0: no IPv4 address assigned
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on peth0, link-type EN10MB (Ethernet), capture size 68 bytes
21:02:08.669661 IP i59F4B4BF.versanet.de.37269 > eisxen.www: S 3736050736:3736050736(0) win 64000 <mss 1402,nop,wscale 0,nop,nop,timestamp[|tcp]>


But than nothing happens. Everything hangs. Nothing is forwarded/routed to 10.0.0.1:80

I hope anyone can tell me what the problem is or what I should try to get it to work.

Thanks a lot.

--
Robert M. Münch
http://www.robertmuench.de

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users