[Top] [All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-users] can't get NAT to a VM on domU working

To: xen-users@xxxxxxxxxxxxxxxxxxx
From: "Roberto Saccon" <rsaccon@xxxxxxxxx>
Date: Fri, 21 Apr 2006 22:22:12 -0300
Delivery-date: Fri, 21 Apr 2006 18:22:48 -0700
Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:mime-version:content-type; b=DJDEPNlpzpOqZIzL8+OibtOo15JkRUBeBtDNI9t+QfAqFYdVmesZnn7jlr0KpsdxcdMV9LkCrdNZoh0QDU61ppywbUVOBakmMdFtodbZBD/VEdjSzpdMBWG5Yx3+Y2yw3amWw/C8YvD1vJBRLlCFSJH091Rl7M049O6C7robUGA=
List-id: Xen user discussion <xen-users.lists.xensource.com>

Hi all

I set up a debian sarge box with XEN 3.0 and LVM at my ISP. dom0 has a range of public IPs. As long as I used bridged networking to the VMs, everything worked fined, I could access all VMs by their IP .
Then I switched in /etc/xen/xend-config.sxp to private virtal domU network with NAT :

(network-script network-nat)
(vif-script vif-nat)


and gave the VMs IPs  in the 10.0.0.x
 range

and I set on dom0 the follwing NAT rule for SSH access do a VM in domU

iptables -A PREROUTING -t nat -p tcp -i eth0 -d 72.232.68.66 --dport 9641 -j DNAT --to-destination 10.0.0.1:22

Now I can't access the VM from outside anymore, SSH Client to 72.232.68.66 :9641 keeps hanging. However I can ping the VMs in domU from dom0 and vice versa and also ping a VM form another VM. I do not have setup any addtional iptables rules.

The filter rules generted by the XEN scripts produced the following (iptables -L):

Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
ACCEPT     all -- 10.0.0.1             anywhere            PHYSDEV match --physdev-in vif5.0
ACCEPT     udp -- anywhere             anywhere            PHYSDEV match --physdev-in vif5.0 udp spt:bootpc dpt:bootps
ACCEPT     all -- 10.0.0.2             anywhere            PHYSDEV match --physdev-in vif6.0
ACCEPT     udp -- anywhere             anywhere            PHYSDEV match --physdev-in vif6.0 udp spt:bootpc dpt:bootps
ACCEPT     all -- 10.0.0.2             anywhere            PHYSDEV match --physdev-in vif7.0
ACCEPT     udp -- anywhere             anywhere            PHYSDEV match --physdev-in vif7.0 udp spt:bootpc dpt:bootps
ACCEPT     all -- 10.0.0.2             anywhere            PHYSDEV match --physdev-in vif8.0
ACCEPT     udp -- anywhere             anywhere            PHYSDEV match --physdev-in vif8.0 udp spt:bootpc dpt:bootps

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

And the NAT rules I get:

target     prot opt source               destination
DNAT       tcp -- anywhere             66.68.232.72.reverse.layeredtech.com tcp dpt:9641 to:10.0.0.1:22

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Has anybody a clue what is missing to get the NAT working ? I had the impression that private NATted Network with XEN 3.0 is supposed to work out of the box when using the XEN provided scripts, so there must be somthing I am doing stupidly wrong !

regards
--
Roberto Saccon

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users

Follow-Ups:
- Re: [Xen-users] can't get NAT to a VM on domU working
  - From: Hardy Wolf

Prev by Date: Re: [Xen-users] linux 2.4 kernel on xen 3.0?
Next by Date: [Xen-users] xend start error: operation not permitted
Previous by thread: [Xen-users] memory, maxmem and xm mem-set
Next by thread: Re: [Xen-users] can't get NAT to a VM on domU working
Index(es):
- Date
- Thread

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.