WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-users

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Xen-users] Xen 4 + Debian Squeeze + one VM in route mode and anothe

from [Thierry B] [Permanent Link][Original]
To: xen-users@xxxxxxxxxxxxxxxxxxx
Subject: Re: [Xen-users] Xen 4 + Debian Squeeze + one VM in route mode and another in nat mode
From: Thierry B <xen-users@xxxxxxxxxx>
Date: Thu, 11 Aug 2011 20:21:36 +0200
Delivery-date: Thu, 11 Aug 2011 11:23:03 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <4E3E5701.30408@xxxxxxxxxx>
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
References: <4E398BAE.3030606@xxxxxxxxxx> <CAMrPLWLphA7iYUnwY1GSuvCd365z2-PN9dMtwHW_sq0sO4KUwA@xxxxxxxxxxxxxx> <4E3D0D39.1080504@xxxxxxxxxx> <4E3E5701.30408@xxxxxxxxxx>
Reply-to: thierry@xxxxxxxxxx
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: Mozilla/5.0 (Windows NT 5.1; rv:5.0) Gecko/20110624 Thunderbird/5.0 
Le 07/08/2011 11:12, Thierry B a écrit :
> Le 06/08/2011 11:45, Thierry B a écrit :
>> Le 04/08/2011 06:31, Todd Deshane a écrit :
>>> Are you able to confirm that Xen is making use of these scripts? For
>>> example, adding a set -x to the scripts and booting the guest to make
>>> sure the scripts are being called. And/or manually checking that the
>>> iptables rules are being put into place correctly Another approach is
>>> described in this thread:
>>> http://xen.markmail.org/search/?q=nat+networking#query:nat%20networking+page:1+mid:fksxauxxxqxotgz4+state:results
>>> Which links to:
>>> http://www.andrewsorensen.net/blog/post/nat-networking-in-debian-squeeze
>>> Thanks, Todd 
>> Yes I'm able to confirm that because it's vif-nat which give the static
>> ip 192.168.1.254 to vif-debianTest by modifiing that :
>>
>> routing_ip()
>> {
>>   #echo $(echo $1 | awk -F. '{print $1"."$2"."$3"."$4 + 127}')
>>   echo $(echo $1 | awk -F. '{print $1"."$2"."$3"."254}')
>> }
>>
>> I use a dedibox, and bridge mode is not authorized...I can only route
>> with an ip failover that I have to buy or nat, and I'd like to have one
>> VM which use an ip failover and other one NAT.
>>
>> Thanks.
>>
>>
>> _______________________________________________
>> Xen-users mailing list
>> Xen-users@xxxxxxxxxxxxxxxxxxx
>> http://lists.xensource.com/xen-users
> Hello,
>
> This is my complete rules :
>
> # iptables -L -v | more
>
> Chain INPUT (policy DROP 860 packets, 95727 bytes)
>  pkts bytes target     prot opt in     out     source               
> destination
>
>    18  2185 ACCEPT     all  --  lo     any     anywhere             anywhere
>
>     8   792 ACCEPT     icmp --  any    any     anywhere             anywhere
>
>  1065 83852 ACCEPT     tcp  --  eth0   any     
> lev92-4-88-164-133-124.fbx.proxad
> .net  anywhere            tcp dpt:ssh
>     5   544 ACCEPT     all  --  eth0   any     anywhere             anywhere
>         state RELATED,ESTABLISHED
>     0     0 ACCEPT     all  --  vif2.0 any     anywhere             anywhere
>
>     0     0 ACCEPT     all  --  vif-debianTest any     anywhere             
> anyw
> here
>
> Chain FORWARD (policy DROP 11 packets, 528 bytes)
>  pkts bytes target     prot opt in     out     source               
> destination
>
>  1517  322K ACCEPT     all  --  eth0   any     anywhere             anywhere
>         state RELATED,ESTABLISHED
>    10   496 ACCEPT     all  --  eth0   any     anywhere             
> 88-190-238-1
> 64.rev.dedibox.fr
>  1605  143K ACCEPT     all  --  vif2.0 any     anywhere             anywhere
>
>     0     0 ACCEPT     all  --  vif-xenwinxp any     anywhere             
> anywhe
> re
>     0     0 ACCEPT     all  --  vif-debianTest any     anywhere             
> anyw
> here
>     0     0 ACCEPT     all  --  any    any     anywhere             anywhere
>         state RELATED,ESTABLISHED PHYSDEV match --physdev-out vif-debianTest
>     0     0 ACCEPT     udp  --  any    any     anywhere             anywhere
>         PHYSDEV match --physdev-in vif-debianTest udp spt:bootpc dpt:bootps
>     0     0 ACCEPT     all  --  any    any     anywhere             anywhere
>         state RELATED,ESTABLISHED PHYSDEV match --physdev-out vif-debianTest
>     0     0 ACCEPT     all  --  any    any     xenDebianTest        anywhere
>         PHYSDEV match --physdev-in vif-debianTest
>
>
> Chain OUTPUT (policy ACCEPT 886 packets, 129K bytes)
>  pkts bytes target     prot opt in     out     source               
> destination
>
>    24  2946 ACCEPT     all  --  any    lo      anywhere             anywhere
>
>
> # iptables -L -t nat -v | more
> Chain PREROUTING (policy ACCEPT 1265 packets, 132K bytes)
>  pkts bytes target     prot opt in     out     source               
> destination
>
>    11   528 DNAT       tcp  --  eth0   any     anywhere             anywhere
>         tcp dpt:2222 to:192.168.1.2:22
>
> Chain POSTROUTING (policy ACCEPT 27 packets, 1850 bytes)
>  pkts bytes target     prot opt in     out     source               
> destination
>
>   110  7826 SNAT       all  --  any    eth0    88-190-238-164.rev.dedibox.fr  
> an
> ywhere            to:88.190.238.164
>     0     0 SNAT       all  --  any    any     192.168.0.2          anywhere
>         to:88.190.15.135
>     0     0 SNAT       all  --  any    any     xenDebianTest        anywhere
>         to:88.190.15.135
>
> Chain OUTPUT (policy ACCEPT 21 packets, 1538 bytes)
>  pkts bytes target     prot opt in     out     source               
> destination
>
>
> Thanks :-)
>
>
>
> _______________________________________________
> Xen-users mailing list
> Xen-users@xxxxxxxxxxxxxxxxxxx
> http://lists.xensource.com/xen-users

Hello,

I found.

I used my FORWARD rules not on the vif interface but on the ip and it works!

iptables -A FORWARD -p tcp -m state --state NEW -d 192.168.1.2 --dport
22 -j ACCEPT

Thanks :-)


_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Xen-users] nfs storage, ditwal001
Next by Date:  [Xen-users] encrypted LVM for dom0?, bofh
Previous by Thread:  Re: [Xen-users] Xen 4 + Debian Squeeze + one VM in route mode and another in nat mode, Thierry B
Next by Thread:  [Xen-users] Question about Debian install, Joo Yong-Seok
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy