WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-users

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Xen-users] Strange XEN NAT problem

from [Philipp Periventas] [Permanent Link][Original]
To: xen-users@xxxxxxxxxxxxxxxxxxx
Subject: [Xen-users] Strange XEN NAT problem
From: Philipp Periventas <coin3d@xxxxxxxxx>
Date: Wed, 30 Jul 2008 00:19:55 +0200
Delivery-date: Wed, 30 Jul 2008 02:12:29 -0700
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:from:to :content-type:content-transfer-encoding:mime-version:subject:date :x-mailer; bh=tHg+r+sE+cFd2XFqHCLmjGQsJONi5t7Ghhs/CyIf+IQ=; b=tH+5XNMtKDYydDVKWriwZ9vcfk8dubn9wiUjcZO0ERkdusW+43+ZJrdke8rc3xG03k eZPeYK8xtTQv74woyLSrv3mNoRYZGPXDvxGZXpL4agk5ig9piIe1yNFPbOzLfEAEYLRe K4mtxowAaDuWccUtFL2f/5N4xXEe0PMFP6cv4=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:from:to:content-type:content-transfer-encoding :mime-version:subject:date:x-mailer; b=He5Ep8bkJWWzE8kBvrt4VNDavsIKWOcKZpi+qHWj7D+FaV2BoyiJsQKsDJv3v4SSki gDvqwZfwXElmwbQRsLhmbuQYVg6R2GDL4qa4pLPkKA8pi3JwA3N7FX+ThK/amT8tyZu+ DoAquVm/xwKXXgFKYzy6HFll+XG0CmptwpC0Q=
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx 
Hello there,
I've got a problem regarding my XEN network setup. First of all, I'll just tell you what doesn't work: the access to a forwarded (natted) port (e.g. port 80 http) of a dom (no matter if dom0 or domU) to the servers external ip address (from "inside") does not work (connection refused). Here's the layout of my xen virtual network: 

                           one machine with an external ip
                        |                                                       
        |
                        |                                                       
        |
                    eth0 (85.214.xxx.xxx)                       xenbr0 (bridge 
10.0.0.1)
                                                                                
|                                       |
                                                                                
|                                       |
                                                                        
webserver (10.0.0.2)            mailserver (10.0.0.3)
So the server has one external ip and i want to use two domUs for web and mail behind - therefore I have to use masquerading. While building up this configuration, I was inspired by this tutorial: http://en.opensuse.org/Xen3_and_a_Virtual_Network
To come back to the problem - NAT (masquerading) and port forwarding just works fine. I can connect to the webserver by using http://85.214.113.119 without any problems from HOME. But when I try to connect to http://85.214.113.119 from INSIDE (e.g. from dom0 or the webserver, it doesnt matter), i cannot make a connection (lynx says connection refused). Also a port scan with nmap does not show me the open port 80 from inside (while from outside it does). I messed up with iptables all the time, since I could not figure out why this happens, so I decided just to create a very plain iptables configuration - here is my iptables output: 

# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
ACCEPT all -- anywhere anywhere PHYSDEV match --physdev-in vif1.0 ACCEPT all -- anywhere anywhere PHYSDEV match --physdev-in vif2.0 

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

# iptables -t nat -L
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination
DNAT tcp -- anywhere anywhere tcp dpt:http to:10.0.0.2 

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination
MASQUERADE  all  --  anywhere             anywhere

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Has anyone had a similar problem and maybe solved it?

Thanks in advance


_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
  • [Xen-users] Strange XEN NAT problem, Philipp Periventas <=
Previous by Date:  [Xen-users] Eth unavailable after VM import from another host v 3.0.3, MGD
Next by Date:  Re: [Xen-users] GPLPV benchmark results, Andy Burns
Previous by Thread:  [Xen-users] Eth unavailable after VM import from another host v 3.0.3, MGD
Next by Thread:  No Study! Buy University Dip1oma/Degree/Bacheloor/MBAa/PhDd & Deliver to you fast rye dgaw, Denese Fay
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy