 Home |
Products |
Support |
Community |
News |
xen-users
[Xen-users] network-nat problem
| To: | xen-users@xxxxxxxxxxxxxxxxxxx |
|---|---|
| Subject: | [Xen-users] network-nat problem |
| From: | "Robin Ericsson" <lobbin@xxxxxxxxx> |
| Date: | Tue, 5 Jun 2007 12:34:46 +0200 |
| Delivery-date: | Tue, 05 Jun 2007 03:33:02 -0700 |
| Dkim-signature: | a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; b=ovn/enARYDCkk8OEKPAPHmaK/ziMODTRFpxZTfTWPFXy/6rA5DovV272YVPPPGQ0S3oQdCEPwGos0xUZ/zAu9bZx6wHHEQED99YGcCbN6aePiFgiRRIYSfwaZg/oI/I4UQD+mxD44Yb1LW/XWOi0GtnO3SeVOGwpFWOc3CWG7Ao= |
| Domainkey-signature: | a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; b=mrmAsUuNysUDG1qepm0F4WHqJ91MtevDqmVeYwbRElWuxaLhkCPdmG6Y7wbL+YkELpXEunk3jj218shd2fVjvUNNZ8DsigNnDnw9ECn0cJXjJxWrXeSqDczCGTs+zIVUOXnMLMsb31ntkzDL6QGY8obio/DznFX0m3SW8NemtuA= |
| Envelope-to: | www-data@xxxxxxxxxxxxxxxxxx |
| List-help: | <mailto:xen-users-request@lists.xensource.com?subject=help> |
| List-id: | Xen user discussion <xen-users.lists.xensource.com> |
| List-post: | <mailto:xen-users@lists.xensource.com> |
| List-subscribe: | <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe> |
| List-unsubscribe: | <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe> |
| Sender: | xen-users-bounces@xxxxxxxxxxxxxxxxxxx |
Hi,
I'm trying get few domUs using network-nat, but something in my
configuration is blocking internet access from the domUs.
xend-config.sxp:
(network-script network-nat)
(vif-script vif-nat)
xm profile:
kernel = "/boot/vmlinuz-xen"
ramdisk = "/boot/initrd-xen"
extra = "text"
name = "web"
memory = "128"
disk = [ 'tap:aio:/var/lib/xen/web.img,xvda,w', ]
vif = [ 'ip=10.0.0.3, vifname=vif_web' ]
My interface comes up ok and I can ping this ip from dom0.
vif_web Link encap:Ethernet HWaddr FE:FF:FF:FF:FF:FF
inet addr:10.0.0.130 Bcast:0.0.0.0 Mask:255.255.255.255
inet6 addr: fe80::fcff:ffff:feff:ffff/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:259 errors:0 dropped:0 overruns:0 frame:0
TX packets:225 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:32
RX bytes:17088 (16.6 KiB) TX bytes:23370 (22.8 KiB)
However, when I try to install CentOS on the domU I can't get out on
the internet. tcpdumping on vif_web tells me this:
12:17:15.759461 IP 10.0.0.3.1024 > dns1-fast.swip.net.domain: 4382+
A? mirror.nsc.liu.se. (35)
12:17:15.759516 IP 10.0.0.130 > 10.0.0.3: ICMP host dns1-fast.swip.net
unreachable - admin prohibited, length 71
12:17:15.759977 IP 10.0.0.3.1024 > dns1-fast.swip.net.domain: 4382+
A? mirror.nsc.liu.se. (35)
12:17:15.760026 IP 10.0.0.130 > 10.0.0.3: ICMP host dns1-fast.swip.net
unreachable - admin prohibited, length 71
Which means this is somehow blocked by my iptables. This is the rule:
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
I've tried to add a MASQ rule "-t nat -A POSTROUTING -o eth0 -j
MASQUERADE" but doesn't seem to help either. Any hints where I can
test this further?
--
regards,
Robin
_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users
|
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| ||
| Previous by Date: | Re: [Xen-users] Best way to convert pv to hvm?, Tony Hoyle |
|---|---|
| Next by Date: | Re: [Xen-users] Best way to convert pv to hvm?, Tony Hoyle |
| Previous by Thread: | [Xen-users] Xen 3.1 and peth0, Alexandru Balaban |
| Next by Thread: | [Xen-users] Xen 3.1.0 x86_64 RPM, Martin Goldstone |
| Indexes: | [Date] [Thread] [Top] [All Lists] |
