 Home |
Products |
Support |
Community |
News |
xen-users
[Xen-users] can't get NAT to a VM on domU working
| To: | xen-users@xxxxxxxxxxxxxxxxxxx |
|---|---|
| Subject: | [Xen-users] can't get NAT to a VM on domU working |
| From: | "Roberto Saccon" <rsaccon@xxxxxxxxx> |
| Date: | Fri, 21 Apr 2006 22:22:12 -0300 |
| Delivery-date: | Fri, 21 Apr 2006 18:22:48 -0700 |
| Domainkey-signature: | a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:mime-version:content-type; b=DJDEPNlpzpOqZIzL8+OibtOo15JkRUBeBtDNI9t+QfAqFYdVmesZnn7jlr0KpsdxcdMV9LkCrdNZoh0QDU61ppywbUVOBakmMdFtodbZBD/VEdjSzpdMBWG5Yx3+Y2yw3amWw/C8YvD1vJBRLlCFSJH091Rl7M049O6C7robUGA= |
| Envelope-to: | www-data@xxxxxxxxxxxxxxxxxx |
| List-help: | <mailto:xen-users-request@lists.xensource.com?subject=help> |
| List-id: | Xen user discussion <xen-users.lists.xensource.com> |
| List-post: | <mailto:xen-users@lists.xensource.com> |
| List-subscribe: | <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe> |
| List-unsubscribe: | <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe> |
| Sender: | xen-users-bounces@xxxxxxxxxxxxxxxxxxx |
|
Hi all I set up a debian sarge box with XEN 3.0 and LVM at my ISP. dom0 has a range of public IPs. As long as I used bridged networking to the VMs, everything worked fined, I could access all VMs by their IP . Then I switched in /etc/xen/xend-config.sxp to private virtal domU network with NAT : (network-script network-nat) (vif-script vif-nat)
iptables -A PREROUTING -t nat -p tcp -i eth0 -d 72.232.68.66 --dport 9641 -j DNAT --to-destination 10.0.0.1:22 Now I can't access the VM from outside anymore, SSH Client to 72.232.68.66 :9641 keeps hanging. However I can ping the VMs in domU from dom0 and vice versa and also ping a VM form another VM. I do not have setup any addtional iptables rules. The filter rules generted by the XEN scripts produced the following (iptables -L):
Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt source destination ACCEPT all -- 10.0.0.1 anywhere PHYSDEV match --physdev-in vif5.0 ACCEPT udp -- anywhere anywhere PHYSDEV match --physdev-in vif5.0 udp spt:bootpc dpt:bootps ACCEPT all -- 10.0.0.2 anywhere PHYSDEV match --physdev-in vif6.0 ACCEPT udp -- anywhere anywhere PHYSDEV match --physdev-in vif6.0 udp spt:bootpc dpt:bootps ACCEPT all -- 10.0.0.2 anywhere PHYSDEV match --physdev-in vif7.0 ACCEPT udp -- anywhere anywhere PHYSDEV match --physdev-in vif7.0 udp spt:bootpc dpt:bootps ACCEPT all -- 10.0.0.2 anywhere PHYSDEV match --physdev-in vif8.0 ACCEPT udp -- anywhere anywhere PHYSDEV match --physdev-in vif8.0 udp spt:bootpc dpt:bootps Chain OUTPUT (policy ACCEPT) target prot opt source destination And the NAT rules I get: target prot opt source destination DNAT tcp -- anywhere 66.68.232.72.reverse.layeredtech.com tcp dpt:9641 to:10.0.0.1:22 Chain POSTROUTING (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination Has anybody a clue what is missing to get the NAT working ? I had the impression that private NATted Network with XEN 3.0 is supposed to work out of the box when using the XEN provided scripts, so there must be somthing I am doing stupidly wrong ! regards -- Roberto Saccon _______________________________________________ Xen-users mailing list Xen-users@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-users |
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| ||
| Previous by Date: | Re: [Xen-users] linux 2.4 kernel on xen 3.0?, Thorolf Godawa |
|---|---|
| Next by Date: | [Xen-users] xend start error: operation not permitted, pak333 |
| Previous by Thread: | [Xen-users] memory, maxmem and xm mem-set, Ralf Schenk |
| Next by Thread: | Re: [Xen-users] can't get NAT to a VM on domU working, Hardy Wolf |
| Indexes: | [Date] [Thread] [Top] [All Lists] |
