[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-users] NET Network / Server running on internal Network not reachable

  • To: "Robert M. Münch" <robert.muench@xxxxxxxxxxxxxxx>
  • From: Massimo Mongardini <massimo.mongardini@xxxxxxxxx>
  • Date: Tue, 08 Jul 2008 22:44:58 +0100
  • Cc: xen-users@xxxxxxxxxxxxxxxxxxx
  • Delivery-date: Tue, 08 Jul 2008 14:45:42 -0700
  • Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:user-agent:mime-version:to:cc:subject :references:in-reply-to:content-type:content-transfer-encoding; b=aK+Y0TgIqEzI5EOB6AtnMr+/ikLYjhBhWLTe+Rj+CCvc0/7crxF1+ieZIZXwZyUWC8 M5kGZXC7fbUlSDcsFX4l+ZMQq/mXPPsFfBfrap3MD2COtovDp3fdwSV1SbrF9wZ1sz63 3YJBpr31zNM49id3jE/lZEJkNh98BAW0RRXso=
  • List-id: Xen user discussion <xen-users.lists.xensource.com>
Robert,
I banged my head on this as well once, but having changed direction on the network design I am not 100% sure of the solution/workaround. If I am not wrong you could try and assign an IP address to the xenbr0 interface and handle DNAT from the bridge or use a lower level filtering like ebtables or iptables physdev module. I'll have a dig on my notes and let you know if I find something more accurate. 
cheers
Massimo

Robert M. Münch wrote:
Hi all, since several days I try to get NAT networking to work, which is driving my nuts... I don't know what to do anymore. Maybe some expert have a good tip for me. I have ready almost anything about this topic and tested most stuff, but still no luck.
I want to run a web-server on a DomU. Hence I used the normal NAT setup from xen. 

Current setup & situation

1. DomO can access the internet
2. Dom0 can access the DomU
3. DomU (10.0.0.1) can access the internet
4. DomU can access Dom0

What's not working is that I can't reach the web-server running on DomU.

IFCONFIG Output

eth0      Link encap:Ethernet  HWaddr 00:11:6b:94:d8:ea
inet addr:87.118.120.16 Bcast:87.118.120.255 Mask:255.255.255.0 
          inet6 addr: fe80::211:6bff:fe94:d8ea/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:60115200 errors:0 dropped:0 overruns:0 frame:0
          TX packets:188967 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:1572915748 (1.4 GB)  TX bytes:21158242 (20.1 MB)

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:14 errors:0 dropped:0 overruns:0 frame:0
          TX packets:14 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:700 (700.0 B)  TX bytes:700 (700.0 B)

peth0     Link encap:Ethernet  HWaddr fe:ff:ff:ff:ff:ff
          inet6 addr: fe80::fcff:ffff:feff:ffff/64 Scope:Link
          UP BROADCAST RUNNING NOARP  MTU:1500  Metric:1
          RX packets:69824162 errors:7 dropped:41 overruns:2 frame:0
          TX packets:190910 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:611060332 (582.7 MB)  TX bytes:21628510 (20.6 MB)
          Interrupt:21 Base address:0xc00

vif0.0    Link encap:Ethernet  HWaddr fe:ff:ff:ff:ff:ff
          inet6 addr: fe80::fcff:ffff:feff:ffff/64 Scope:Link
          UP BROADCAST RUNNING NOARP  MTU:1500  Metric:1
          RX packets:188967 errors:0 dropped:0 overruns:0 frame:0
          TX packets:60115201 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:21158242 (20.1 MB)  TX bytes:1572915818 (1.4 GB)

vif2.0    Link encap:Ethernet  HWaddr fe:ff:ff:ff:ff:ff
          inet addr:10.0.0.128  Bcast:0.0.0.0  Mask:255.255.255.255
          inet6 addr: fe80::fcff:ffff:feff:ffff/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:684 errors:0 dropped:0 overruns:0 frame:0
          TX packets:694 errors:0 dropped:3 overruns:0 carrier:0
          collisions:0 txqueuelen:32
          RX bytes:43145 (42.1 KB)  TX bytes:131433 (128.3 KB)

xenbr0    Link encap:Ethernet  HWaddr fe:ff:ff:ff:ff:ff
          UP BROADCAST RUNNING NOARP  MTU:1500  Metric:1
          RX packets:7385822 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:460560761 (439.2 MB)  TX bytes:0 (0.0 B)


BRCTL Output

bridge name     bridge id               STP enabled     interfaces
xenbr0          8000.feffffffffff       no              vif0.0
                                                        peth0


IPTABLES -L -t nat Output

Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination
DNAT tcp -- anywhere eisxen tcp dpt:www to:10.0.0.1:80 

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination
MASQUERADE  all  --  anywhere             anywhere

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
Here I want to forward all traffic coming in for the external IP address (eisxen) to 10.0.0.1:10 


IPTABLES -L Output

Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
ACCEPT     tcp  --  anywhere             10.0.0.1            tcp dpt:www
ACCEPT all -- 10.0.0.1 anywhere PHYSDEV match --physdev-in vif2.0 ACCEPT udp -- anywhere anywhere PHYSDEV match --physdev-in vif2.0 udp spt:bootpc dpt:bootps 

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Here the idea is that everything going to 10.0.0.1:80 is accepted.


ROUTE -n Output

Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface 10.0.0.1 0.0.0.0 255.255.255.255 UH 0 0 0 vif2.0 87.118.120.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 0.0.0.0 87.118.120.1 0.0.0.0 UG 100 0 0 eth0 


I can see HTTP request packets coming to my server.

tcpdump -i peth0 host 87.118.120.16 and port 80

tcpdump: WARNING: peth0: no IPv4 address assigned
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode 
listening on peth0, link-type EN10MB (Ethernet), capture size 68 bytes
21:02:08.669661 IP i59F4B4BF.versanet.de.37269 > eisxen.www: S 3736050736:3736050736(0) win 64000 <mss 1402,nop,wscale 0,nop,nop,timestamp[|tcp]>
But than nothing happens. Everything hangs. Nothing is forwarded/routed to 10.0.0.1:80
I hope anyone can tell me what the problem is or what I should try to get it to work. 

Thanks a lot.




--
Massimo Mongardini
~-.-~-.-~-.-~-.-~-.-~-.-~-.-~-.-~-.-~-.-~-.-~-.-~-.-~-.-~-.-~-.-~-.-~-.-~-.-~-.-~
echo 
'Jg!J!hjwf!zpv!bo!bqqmf!boe!zpv!hjwf!nf!bo!bqqmf-!uifo!xf!xjmm!ibwf!bo!bqqmf!fbdi/!Cvu!jg!J!hjwf!zpv!bo!jefb!boe!zpv!hjwf!nf!bo!jefb-!xf!xjmm!ibwf!uxp!jefbt!fbdi!'
 | perl -pe 's/(.)/chr(ord($1)-1)/ge'
~-.-~-.-~-.-~-.-~-.-~-.-~-.-~-.-~-.-~-.-~-.-~-.-~-.-~-.-~-.-~-.-~-.-~-.-~-.-~-.-~
http://massimo.mongardini.it
http://www.getthefacts.it
http://www.mongardini.it/pizza-howto
~-.-~-.-~-.-~-.-~-.-~-.-~-.-~-.-~-.-~-.-~-.-~-.-~-.-~-.-~-.-~-.-~-.-~-.-~-.-~-.-~
Please avoid sending me Word or PowerPoint attachments.
See http://www.gnu.org/philosophy/no-word-attachments.html


_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.