WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-users

[Xen-users] networking nat strange behaviuor

To: "xen-users" <xen-users@xxxxxxxxxxxxxxxxxxx>
Subject: [Xen-users] networking nat strange behaviuor
From: "zava\.zava\@libero\.it" <zava.zava@xxxxxxxxx>
Date: Sun, 23 Dec 2007 17:52:03 +0100
Delivery-date: Sun, 23 Dec 2007 08:52:38 -0800
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx
I use debian etch amd64 and xen from the debian repositories;
I have created 2 paravirtualized server, (always debian amd64), a web server 
and a mail server.

The dom0 is attached to internet through  an ethernet modem (ppp0), with a 
dynamic ip.

I use, in dom0,

(network-script network-nat)
(vif-script     vif-nat

1.0.0.0.1 = web server domU (gateway 10.0.0.254)
1.0.0.0.2 = mail server domU (gateway 10.0.0.254)

In the dom0 firewall i have these relevant rules:

Input, output and forward all on accept;

echo 1 >> /proc/sys/net/ipv4/ip_forward

iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE

iptables -A PREROUTING -t nat -p tcp -i ppp0 --dport 25 -j DNAT --to 10.0.0.2:25

iptables -A PREROUTING -t nat -p tcp -i ppp0 --dport 465 -j DNAT --to 
10.0.0.2:465

iptables -A PREROUTING -t nat -p tcp -i ppp0 --dport 143 -j DNAT --to 
10.0.0.2:143

iptables -A PREROUTING -t nat -p tcp -i ppp0 --dport 993 -j DNAT --to 
10.0.0.2:993

iptables -t nat -A PREROUTING -p tcp -i ppp0 --dport 80 -j DNAT --to 10.0.0.1:80

Result: the web server can be contacted from outside, works perfectly
The mail server can't be contacted form outside;

What's wrong?

Thanks.



_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users

<Prev in Thread] Current Thread [Next in Thread>