Re: [Xen-users] Prob Connecting VM through http or ssh

To:	Dustin.Henning@xxxxxxxxxxx, xen-users <xen-users@xxxxxxxxxxxxxxxxxxx>
Subject:	Re: [Xen-users] Prob Connecting VM through http or ssh
From:	"Mahendra Kutare" <mahendra.kutare@xxxxxxxxx>
Date:	Wed, 6 Aug 2008 10:16:58 -0400
Cc:
Delivery-date:	Wed, 06 Aug 2008 07:17:40 -0700
Dkim-signature:	v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to :subject:in-reply-to:mime-version:content-type:references; bh=1TEPSN8MBMWt5fuUORbq+ZmMaF87BuY6jTmwjRrq0VA=; b=g4kmcWvqEQMgR3r+lxkdTQzFzjMuU7LT3grWFZXd+alePhj39HLwh9FNISr7jbdeuJ J2WIV0XgtnIUKoPgexJlzeJqrPt1FaFRhkipDpM3B90PsU1jUwhGhEW+xtbKwaTZSB7z RrkrK4AzED0N1ZPm4J9j5tOlIj1ruLcWRsmNs=
Domainkey-signature:	a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:in-reply-to:mime-version :content-type:references; b=gzpoK5a7Zp9vkO3n20xTMSP8ueLwveFMOtbpgjKcLVug4LlvWJC40VM/zrbtboMd+Y reQF2tN7/qGCoxBEnpuws36NYjOgNakGY2xUBnJLCMpG7pp6X3l3SzOCwy4jiuy/TTb6 HFpOfnJN8qujbvksfKZ84oj7h04+IBqljNttU=
Envelope-to:	www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to:	<6324604609838612778@unknownmsgid>
List-help:	<mailto:xen-users-request@lists.xensource.com?subject=help>
List-id:	Xen user discussion <xen-users.lists.xensource.com>
List-post:	<mailto:xen-users@lists.xensource.com>
List-subscribe:	<http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe:	<http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
References:	<669f1ab30808060659u1b49b036j7ee1e9560f63330a@xxxxxxxxxxxxxx> <6324604609838612778@unknownmsgid>
Sender:	xen-users-bounces@xxxxxxxxxxxxxxxxxxx

This is how my DOM0 - IP table look like -

[root@gdrd59 ~]# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     all -- anywhere             anywhere
ACCEPT     tcp -- anywhere             anywhere            tcp dpt:ssh
ACCEPT     tcp -- anywhere             anywhere            tcp dpt:webcache
ACCEPT     tcp -- anywhere             anywhere            tcp dpt:http
ACCEPT     tcp -- anywhere             anywhere            tcp dpt:http

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
ACCEPT     all -- anywhere             anywhere            PHYSDEV match --physdev-in vif6.0
ACCEPT     all -- anywhere             anywhere            PHYSDEV match --physdev-in eth0 ! --physdev-out eth0
ACCEPT     all -- anywhere             anywhere            PHYSDEV match ! --physdev-in eth0 --physdev-out eth0

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
############################################################################################################
domU IP Table looks like this -

[root@besim ~]# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     all -- anywhere             anywhere
ACCEPT     all -- anywhere             anywhere            state RELATED,ESTABLISHED
ACCEPT     tcp -- anywhere             anywhere            tcp dpt:ssh
ACCEPT     tcp -- anywhere             anywhere            tcp dpt:http
ACCEPT     all -- anywhere             anywhere            state RELATED,ESTABLISHED
ACCEPT     tcp -- anywhere             anywhere            tcp dpt:http
ACCEPT     tcp -- anywhere             anywhere            tcp dpt:ssh

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
############################################################################################################
So as can be seen dom0 as forwarding table entry here. Am i doing something wrong in forwarding ?

Thanks
Mahendra

On Wed, Aug 6, 2008 at 10:08 AM, Dustin Henning <Dustin.Henning@xxxxxxxxxxx> wrote:

Your VM probably has its own firewall/iptables configuration… This would need reconfigured along with the one on Dom0. If you don't have firewall/iptables on your DomU, then perhaps your rules in the iptables Forwarding table on Dom0 are wrong. Traffic going to a DomU will go through the Forwarding table instead of the Incoming table where traffic for Dom0 goes, I believe this would be true for both bridging and routing.
Dustin

From: xen-users-bounces@xxxxxxxxxxxxxxxxxxx [mailto:xen-users-bounces@xxxxxxxxxxxxxxxxxxx] On Behalf Of Mahendra Kutare
Sent: Wednesday, August 06, 2008 09:59
To: Xen-users@xxxxxxxxxxxxxxxxxxx
Subject: [Xen-users] Prob Connecting VM through http or ssh

Hi ,

I am a newbie to Xen. I created a VM and associated an IP address.

Next, i disabled firewall and on ip tables allowed port 80, 22 and 8080 (for my tomcat installation) .

I started httpd on VM (domU) and dom0.

After that I tried connecting to dom0 httpd (webserver) port 80 from another physical server. This works and shows me the correct page when i do - http://<dom0-machine-ip>:80/. Then i try ssh to dom0 machine it works.

But when i try to do the same for VM (domU) on dom0 on browser as - http://<domU-VM-ip>:80/ it does not work. Also when i try ssh to domU machine ip it says - Access Denied.

Please help me resolve this. What it is that i am missing here ?

Thanks
Mahendra

_______________________________________________
Xen-users mailing list

Xen-users@xxxxxxxxxxxxxxxxxxx

http://lists.xensource.com/xen-users

--
Only those who can risk going too far, can find out how far one can go.

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users

WARNING - OLD ARCHIVES

xen-users

Re: [Xen-users] Prob Connecting VM through http or ssh