WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-users

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Xen-users] Xen forwarding port to VM

from [Matthew Richardson] [Permanent Link][Original]
To: Codecr <gerardo@xxxxxxxxxxxxxx>
Subject: Re: [Xen-users] Xen forwarding port to VM
From: Matthew Richardson <M.Richardson@xxxxxxxx>
Date: Mon, 11 May 2009 15:11:52 +0100
Cc: xen-users@xxxxxxxxxxxxxxxxxxx
Delivery-date: Mon, 11 May 2009 07:13:23 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <23435073.post@xxxxxxxxxxxxxxx>
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
References: <23435073.post@xxxxxxxxxxxxxxx>
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: Thunderbird 2.0.0.21 (X11/20090318) 
Codecr wrote:
> Hi!!
> 
> I'm being using xen with great sucess, now I want to expose a port in one VM
> to the outside world. The VM is a Windows 2003 server and I want to open the
> port 3389.
> 
> I am being searching but I can't find the rule that I need to add to
> iptables to do so. The interface for the VM is vif9.0 with internat IP
> 192.168.1.77. The xen is running in bridge mode.

If you're running in bridge mode, domU should have its own MAC address
and IP address, and shouldn't really be affected by iptables rules,
unless you're blocking all net traffic to the virtual interface (which
your rules don't seem to be doing).  Check that the virtual device
exists and can be seen from the outside world (i.e ping it, nmap it
etc).  If these work, then the lack of rdp on the Windows server is due
to the Windows config, not the Dom0 config.

If you're actually using NAT, then you probably needing to use the PRE
and POSTROUTING tables.  The following should be enough to get it all
working:

echo "1" > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -s 192.168.1.77 -j MASQUERADE

iptables -A PREROUTING -t nat -p tcp -i eth0 --dport 3389 -j DNAT --to
192.168.1.77:3389

Note that this will 'redirect' 3389 from dom0 to the IP of the
appropriate domU.


Matthew

Attachment: signature.asc
Description: OpenPGP digital signature

The University of Edinburgh is a charitable body, registered in
Scotland, with registration number SC005336.

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: [Xen-users] Need to Access 2 Serial Ports in HVM Win 2K3 server., David Griswold
Next by Date:  Re: [Xen-users] vif0.0: received packet with own address as source address, Fajar A. Nugraha
Previous by Thread:  [Xen-users] Xen forwarding port to VM, Codecr
Next by Thread:  [Xen-users] domU corrupt after server crash, help needed trying to recover domU, Rudi Ahlers
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy