WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-users

RE: [Xen-users] NET Network / Server running on internal Network not rea

To: 'Robert M. Münch' <robert.muench@xxxxxxxxxxxxxxx>
Subject: RE: [Xen-users] NET Network / Server running on internal Network not reachable
From: "Dustin Henning" <Dustin.Henning@xxxxxxxxxxx>
Date: Fri, 11 Jul 2008 15:48:42 -0400
Cc: 'xen-users' <xen-users@xxxxxxxxxxxxxxxxxxx>
Delivery-date: Fri, 11 Jul 2008 12:49:22 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <op.ud3gnj1v3b5602@robby-laptop>
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
Organization: PRD, Inc.
References: <op.udzlyre33b5602@robby-laptop> <op.ud3gnj1v3b5602@robby-laptop>
Reply-to: Dustin.Henning@xxxxxxxxxxx
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx
Thread-index: Acji0B0jOh0T/xdSTnm3A3fW3g2wUQAvnk1g
I don't know if this will help, as I'm a bit rusty, but try it:
echo 1 > /proc/sys/net/ipv4/ip_forward
I think 1 is enabled and 0 is disabled, but if I was wrong, then it would be
echo 0 above.  To check before changing it, try this:
cat /proc/sys/net/ipv4/ip_forward
The first provided command should be changing this number (if it's 0, use 1
& if it's 1, use 0).  If this is actually enabled already, then changing it
might make bridging stop working, so due diligence (research) might be in
order before following this wild guess advice.  Also, there is a way to
change this setting more permanently via a config file, but I don't remember
what it is.

-----Original Message-----
From: xen-users-bounces@xxxxxxxxxxxxxxxxxxx
[mailto:xen-users-bounces@xxxxxxxxxxxxxxxxxxx] On Behalf Of Robert M. Münch
Sent: Thursday, July 10, 2008 17:01
To: xen-users@xxxxxxxxxxxxxxxxxxx
Subject: Re: [Xen-users] NET Network / Server running on internal Network
not reachable

On Tue, 08 Jul 2008 21:05:05 +0200, Robert M. Münch  
<robert.muench@xxxxxxxxxxxxxxx> wrote:

> Hi all, since several days I try to get NAT networking to work, which is  
> driving my nuts... I don't know what to do anymore. Maybe some expert  
> have a good tip for me. I have ready almost anything about this topic  
> and tested most stuff, but still no luck.
>
> I want to run a web-server on a DomU. Hence I used the normal NAT setup  
>  from xen.
>
> Current setup & situation
>
> 1. DomO can access the internet
> 2. Dom0 can access the DomU
> 3. DomU (10.0.0.1) can access the internet
> 4. DomU can access Dom0
>
> What's not working is that I can't reach the web-server running on DomU.

Hi, answering to my own posting, I have found out something I think is the  
source of the problem:

> Chain PREROUTING (policy ACCEPT)
> target     prot opt source               destination
> DNAT       tcp  --  anywhere             eisxen              tcp dpt:www  
> to:10.0.0.1:80

This rule should rewrite the incoming TCP packet with a new internal IP,  
so that the normal routing than routes it to the VM running the web-server.

But TCPDUMP shows that the packet goes into PREROUTING and than into  
FORWARD:

PREROUTING ENTER: IN=xenbr0 OUT= PHYSIN=peth0  
MAC=00:11:6b:94:d8:ea:00:18:74:84:8c:00:08:00 SRC=153.57.18.221  
DST=87.118.120.16 LEN=48 TOS=0x00 PREC=0x00 TTL=57 ID=54899 DF PROTO=TCP  
SPT=63149 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0

FORWARD ENTER: IN=xenbr0 OUT=xenbr0 PHYSIN=peth0 PHYSOUT=vif0.0  
SRC=153.57.18.221 DST=87.118.120.16 LEN=40 TOS=0x00 PREC=0x00 TTL=57  
ID=54898 DF PROTO=TCP SPT=37545 DPT=80 WINDOW=64240 RES=0x00 RST URGP=0

And DST=87.118.120.16 is my external static IP. I expected here  
DST=10.0.0.1

Than I have this error message: Performing cross-bridge DNAT requires IP  
forwarding to be enabled

I have searched for this but didn't found anything useful. Routing is  
enabled but I still think there are some problems. I'm not sure if this is  
the source of the problem that the IP isn't rewritten.

Is this a known problem? Does anyone know a solution to this?

-- 
Robert M. Münch
http://www.robertmuench.de

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users



_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users