[Xen-users] NET Network / Server running on internal Network not reachable

[Robert M. Münch <robert.muench@xxxxxxxxxxxxxxx>]

Hi all, since several days I try to get NAT networking to work, which is  
driving my nuts... I don't know what to do anymore. Maybe some expert have  
a good tip for me. I have ready almost anything about this topic and  
tested most stuff, but still no luck.
I want to run a web-server on a DomU. Hence I used the normal NAT setup  
from xen.
Current setup & situation

1. DomO can access the internet
2. Dom0 can access the DomU
3. DomU (10.0.0.1) can access the internet
4. DomU can access Dom0

What's not working is that I can't reach the web-server running on DomU.

IFCONFIG Output

eth0      Link encap:Ethernet  HWaddr 00:11:6b:94:d8:ea
          inet addr:87.118.120.16  Bcast:87.118.120.255  Mask:255.255.255.0
          inet6 addr: fe80::211:6bff:fe94:d8ea/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:60115200 errors:0 dropped:0 overruns:0 frame:0
          TX packets:188967 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:1572915748 (1.4 GB)  TX bytes:21158242 (20.1 MB)

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:14 errors:0 dropped:0 overruns:0 frame:0
          TX packets:14 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:700 (700.0 B)  TX bytes:700 (700.0 B)

peth0     Link encap:Ethernet  HWaddr fe:ff:ff:ff:ff:ff
          inet6 addr: fe80::fcff:ffff:feff:ffff/64 Scope:Link
          UP BROADCAST RUNNING NOARP  MTU:1500  Metric:1
          RX packets:69824162 errors:7 dropped:41 overruns:2 frame:0
          TX packets:190910 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:611060332 (582.7 MB)  TX bytes:21628510 (20.6 MB)
          Interrupt:21 Base address:0xc00

vif0.0    Link encap:Ethernet  HWaddr fe:ff:ff:ff:ff:ff
          inet6 addr: fe80::fcff:ffff:feff:ffff/64 Scope:Link
          UP BROADCAST RUNNING NOARP  MTU:1500  Metric:1
          RX packets:188967 errors:0 dropped:0 overruns:0 frame:0
          TX packets:60115201 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:21158242 (20.1 MB)  TX bytes:1572915818 (1.4 GB)

vif2.0    Link encap:Ethernet  HWaddr fe:ff:ff:ff:ff:ff
          inet addr:10.0.0.128  Bcast:0.0.0.0  Mask:255.255.255.255
          inet6 addr: fe80::fcff:ffff:feff:ffff/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:684 errors:0 dropped:0 overruns:0 frame:0
          TX packets:694 errors:0 dropped:3 overruns:0 carrier:0
          collisions:0 txqueuelen:32
          RX bytes:43145 (42.1 KB)  TX bytes:131433 (128.3 KB)

xenbr0    Link encap:Ethernet  HWaddr fe:ff:ff:ff:ff:ff
          UP BROADCAST RUNNING NOARP  MTU:1500  Metric:1
          RX packets:7385822 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:460560761 (439.2 MB)  TX bytes:0 (0.0 B)


BRCTL Output

bridge name     bridge id               STP enabled     interfaces
xenbr0          8000.feffffffffff       no              vif0.0
                                                        peth0


IPTABLES -L -t nat Output

Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination
DNAT       tcp  --  anywhere             eisxen              tcp dpt:www  
to:10.0.0.1:80
Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination
MASQUERADE  all  --  anywhere             anywhere

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Here I want to forward all traffic coming in for the external IP address  
(eisxen) to 10.0.0.1:10
IPTABLES -L Output

Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
ACCEPT     tcp  --  anywhere             10.0.0.1            tcp dpt:www
ACCEPT     all  --  10.0.0.1             anywhere            PHYSDEV match  
--physdev-in vif2.0
ACCEPT     udp  --  anywhere             anywhere            PHYSDEV match  
--physdev-in vif2.0 udp spt:bootpc dpt:bootps
Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Here the idea is that everything going to 10.0.0.1:80 is accepted.


ROUTE -n Output

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use  
Iface
10.0.0.1        0.0.0.0         255.255.255.255 UH    0      0        0  
vif2.0
87.118.120.0    0.0.0.0         255.255.255.0   U     0      0        0  
eth0
0.0.0.0         87.118.120.1    0.0.0.0         UG    100    0        0  
eth0
I can see HTTP request packets coming to my server.

tcpdump -i peth0 host 87.118.120.16 and port 80

tcpdump: WARNING: peth0: no IPv4 address assigned
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on peth0, link-type EN10MB (Ethernet), capture size 68 bytes
21:02:08.669661 IP i59F4B4BF.versanet.de.37269 > eisxen.www: S  
3736050736:3736050736(0) win 64000 <mss 1402,nop,wscale  
0,nop,nop,timestamp[|tcp]>
But than nothing happens. Everything hangs. Nothing is forwarded/routed to  
10.0.0.1:80
I hope anyone can tell me what the problem is or what I should try to get  
it to work.
Thanks a lot.

--
Robert M. Münch
http://www.robertmuench.de

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users