Hi!
Yes, I can access the port 3389, I did a telnet 192.168.122.77 3389 and
works fine!!
The XEN is running in bridge mode, not nat mode.
The physical server has an external public Ip address at eth0. I did a clean
for all the rules and I got:
Table filter
Chain INPUT (policy ACCEPT 1974M packets, 772G bytes)
num pkts bytes target prot opt in out source
destination
1 0 0 ACCEPT udp -- virbr0 * 0.0.0.0/0
0.0.0.0/0 udp dpt:53
2 0 0 ACCEPT tcp -- virbr0 * 0.0.0.0/0
0.0.0.0/0 tcp dpt:53
3 0 0 ACCEPT udp -- virbr0 * 0.0.0.0/0
0.0.0.0/0 udp dpt:67
4 0 0 ACCEPT tcp -- virbr0 * 0.0.0.0/0
0.0.0.0/0 tcp dpt:67
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
num pkts bytes target prot opt in out source
destination
1 0 0 ACCEPT all -- * virbr0 0.0.0.0/0
192.168.122.0/24 state RELATED,ESTABLISHED
2 0 0 ACCEPT all -- virbr0 * 192.168.122.0/24
0.0.0.0/0
3 0 0 ACCEPT all -- virbr0 virbr0 0.0.0.0/0
0.0.0.0/0
4 0 0 REJECT all -- * virbr0 0.0.0.0/0
0.0.0.0/0 reject-with icmp-port-unreachable
5 0 0 REJECT all -- virbr0 * 0.0.0.0/0
0.0.0.0/0 reject-with icmp-port-unreachable
6 0 0 ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0 PHYSDEV match --physdev-in vif9.0
Chain OUTPUT (policy ACCEPT 1970M packets, 784G bytes)
num pkts bytes target prot opt in out source
destination
Table nat
Chain PREROUTING (policy ACCEPT 6995K packets, 817M bytes)
num pkts bytes target prot opt in out source
destination
Chain POSTROUTING (policy ACCEPT 1510K packets, 92M bytes)
num pkts bytes target prot opt in out source
destination
1 0 0 MASQUERADE all -- * * 192.168.122.0/24
0.0.0.0/0
Chain OUTPUT (policy ACCEPT 1510K packets, 92M bytes)
num pkts bytes target prot opt in out source
destination
and the network-bridge reports
/etc/xen/scripts/network-bridge status
============================================================
7: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue
link/ether 00:1d:09:70:4e:2e brd ff:ff:ff:ff:ff:ff
inet 196.40.23.216/27 brd 196.40.23.223 scope global eth0
inet6 fe80::21d:9ff:fe70:4e2e/64 scope link
valid_lft forever preferred_lft forever
14: xenbr0: <BROADCAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc noqueue
link/ether fe:ff:ff:ff:ff:ff brd ff:ff:ff:ff:ff:ff
bridge name bridge id STP enabled interfaces
virbr0 8000.16076934513a yes vif9.0
tap0
xenbr0 8000.feffffffffff no peth0
vif0.0
196.40.23.192/27 dev eth0 proto kernel scope link src 196.40.23.216
192.168.122.0/24 dev virbr0 proto kernel scope link src 192.168.122.1
169.254.0.0/16 dev eth0 scope link
default via 196.40.23.220 dev eth0
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use
Iface
196.40.23.192 0.0.0.0 255.255.255.224 U 0 0 0 eth0
192.168.122.0 0.0.0.0 255.255.255.0 U 0 0 0
virbr0
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0
0.0.0.0 196.40.23.220 0.0.0.0 UG 0 0 0 eth0
brctl show
bridge name bridge id STP enabled interfaces
virbr0 8000.16076934513a yes vif9.0
tap0
xenbr0 8000.feffffffffff no peth0
vif0.0
I will try, as my last option, the balance.
Thanks a lot for all the support!! Any other info will be welcome!!
Gerardo
Fajar A. Nugraha-3 wrote:
>
> On Sat, May 9, 2009 at 4:33 AM, Codecr <gerardo@xxxxxxxxxxxxxx> wrote:
>> /sbin/iptables -t nat -A PREROUTING -p tcp -i eth0 -d 196.40.23.216
>> --dport
>> 3389 -j DNAT --to 192.168.122.77:3389
>>
>
> It should work. Perhaps you have firewall on Windows? AFAIK it's
> activated by default on XP.
> Can you connect to domU's port 3389 from dom0?
>
> If all failed, a workaround is to use tcp proxy like "balance"
> http://www.inlab.de/balance.html
> http://dag.wieers.com/rpm/packages/balance/
>
> Regards,
>
> Fajar
>
> _______________________________________________
> Xen-users mailing list
> Xen-users@xxxxxxxxxxxxxxxxxxx
> http://lists.xensource.com/xen-users
>
>
--
View this message in context:
http://www.nabble.com/XEN-bridge-mode-tp23449187p23531859.html
Sent from the Xen - User mailing list archive at Nabble.com.
_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users
|
Home