WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-users

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Xen-users] dom0 iptables DNAT/REDIRECT help

from [Roxanne Skelly] [Permanent Link][Original]
To: xen-users@xxxxxxxxxxxxxxxxxxx
Subject: [Xen-users] dom0 iptables DNAT/REDIRECT help
From: Roxanne Skelly <rskelly@xxxxxxxxxxxx>
Date: Thu, 02 Aug 2007 20:14:51 -0700
Delivery-date: Fri, 03 Aug 2007 09:55:40 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx 
On my non-xen Fedora core 5 machine with a local webserver, I can type
the lines:
sysctl -w net.ipv4.ip_forward=1   # turn on ip forwarding
iptables -t nat -A PREROUTING -p tcp --dport 8000 -j REDIRECT --to-ports
80

This allows access to my webserver via http://mymachine:8000/

However, if I do the exact same thing on my box running the xen 3.0.3 or
xen 3.1 kernels, the packets are never REDIRECTED (DNAT to localhost).  
I've tried to follow the packets through the ip chains, and it appears
that the packets are being turned back before they hit the INPUT chain.
The nat rule doesn't seem to be run.

(You should be able to try this on your machine to see what I mean)

Can someone enlighten me on what could be happening here?  I suspect
it's some oddness with bridging, but I'm not sure.

Rox


_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
  • [Xen-users] dom0 iptables DNAT/REDIRECT help, Roxanne Skelly <=
Previous by Date:  [Xen-users] Ref: Windows 2k3 Guest: boot problem from ISO, Geovane Goncalves
Next by Date:  Re: [Xen-users] Xen 3.1 (pae-mode) causing domU's to crash if RAM above about 500-800MB is used, Roberto De Ioris
Previous by Thread:  [Xen-users] Ref: Windows 2k3 Guest: boot problem from ISO, Geovane Goncalves
Next by Thread:  [Xen-users] Virtual Machine Papers, Artur Baruchi
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy