[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-users] XEN/bridge mode



Hi!!
Thanks for your comments:

I am running a RHEL 5, and I use those two rules.

/sbin/iptables -t nat -A PREROUTING  -p tcp -i eth0 -d 196.40.23.216 --dport
3389 -j DNAT  --to 192.168.122.77:3389 

/sbin/iptables -A FORWARD -i eth0 -p tcp --dport 3389 -d 192.168.122.77 -j
ACCEPT

but I've no luck so far....

I've more info....


the iptables is:
Chain INPUT (policy ACCEPT 1542M packets, 600G bytes)
num   pkts bytes target     prot opt in     out     source              
destination         
1        0     0 ACCEPT     udp  --  virbr0 *       0.0.0.0/0           
0.0.0.0/0           udp dpt:53 
2        0     0 ACCEPT     tcp  --  virbr0 *       0.0.0.0/0           
0.0.0.0/0           tcp dpt:53 
3        0     0 ACCEPT     udp  --  virbr0 *       0.0.0.0/0           
0.0.0.0/0           udp dpt:67 
4        0     0 ACCEPT     tcp  --  virbr0 *       0.0.0.0/0           
0.0.0.0/0           tcp dpt:67 
 
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source              
destination         
1        0     0 ACCEPT     all  --  *      virbr0  0.0.0.0/0           
192.168.122.0/24    state RELATED,ESTABLISHED 
2        0     0 ACCEPT     all  --  virbr0 *       192.168.122.0/24    
0.0.0.0/0           
3        0     0 ACCEPT     all  --  virbr0 virbr0  0.0.0.0/0           
0.0.0.0/0           
4        0     0 REJECT     all  --  *      virbr0  0.0.0.0/0           
0.0.0.0/0           reject-with icmp-port-unreachable 
5        0     0 REJECT     all  --  virbr0 *       0.0.0.0/0           
0.0.0.0/0           reject-with icmp-port-unreachable 
6        0     0 ACCEPT     all  --  *      *       0.0.0.0/0           
0.0.0.0/0           PHYSDEV match --physdev-in vif9.0 
7        0     0 ACCEPT     tcp  --  eth0   *       0.0.0.0/0           
192.168.122.77      tcp dpt:3389 
 
Chain OUTPUT (policy ACCEPT 1538M packets, 612G bytes)
num   pkts bytes target     prot opt in     out     source              
destination         
Table nat
Chain PREROUTING (policy ACCEPT 5510K packets, 630M bytes)
num   pkts bytes target     prot opt in     out     source              
destination         
1        0     0 DNAT       tcp  --  eth0   *       0.0.0.0/0           
196.40.23.216       tcp dpt:3389 to:192.168.122.77:3389 
 
Chain POSTROUTING (policy ACCEPT 1175K packets, 72M bytes)
num   pkts bytes target     prot opt in     out     source              
destination         
1        0     0 MASQUERADE  all  --  *      *       192.168.122.0/24    
0.0.0.0/0           
 
Chain OUTPUT (policy ACCEPT 1175K packets, 72M bytes)
num   pkts bytes target     prot opt in     out     source              
destination    

ifconfig:
eth0      Link encap:Ethernet  HWaddr 00:1D:09:70:4E:2E  
          inet addr:196.40.23.216  Bcast:196.40.23.223  Mask:255.255.255.224
          inet6 addr: fe80::21d:9ff:fe70:4e2e/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:19564532 errors:0 dropped:0 overruns:0 frame:0
          TX packets:7798769 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:1915162929 (1.7 GiB)  TX bytes:574385308 (547.7 MiB)
 
lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:1530415797 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1530415797 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:2080638239 (1.9 GiB)  TX bytes:2080638239 (1.9 GiB)
 
peth0     Link encap:Ethernet  HWaddr FE:FF:FF:FF:FF:FF  
          inet6 addr: fe80::fcff:ffff:feff:ffff/64 Scope:Link
          UP BROADCAST RUNNING NOARP  MTU:1500  Metric:1
          RX packets:21278172 errors:0 dropped:0 overruns:0 frame:0
          TX packets:15726841 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:2242573788 (2.0 GiB)  TX bytes:1153167404 (1.0 GiB)
          Interrupt:18 Memory:ec000000-ec012100 
vif9.0    Link encap:Ethernet  HWaddr FE:FF:FF:FF:FF:FF  
          UP BROADCAST NOARP  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:32 
          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)
 
virbr0    Link encap:Ethernet  HWaddr 16:07:69:34:51:3A  
          inet addr:192.168.122.1  Bcast:192.168.122.255  Mask:255.255.255.0
          inet6 addr: fe80::200:ff:fe00:0/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:66645 errors:0 dropped:0 overruns:0 frame:0
          TX packets:77148 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:7803463 (7.4 MiB)  TX bytes:84417139 (80.5 MiB)
 
xenbr0    Link encap:Ethernet  HWaddr FE:FF:FF:FF:FF:FF  
          UP BROADCAST RUNNING NOARP  MTU:1500  Metric:1
          RX packets:7851715 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:565473624 (539.2 MiB)  TX bytes:0 (0.0 b)






Fajar A. Nugraha-3 wrote:
> 
> On Fri, May 8, 2009 at 11:25 PM, Codecr <gerardo@xxxxxxxxxxxxxx> wrote:
>>
>> Hi!
>>
>> I want to forward the port 3389 from the domU to the virtual server with
>> ip
>> address 192.168.122.77 with not success...
>>
>> I tried a lot of iptables rules with no luck so far. Is this possible? I
> 
> yes.
> 
>> take a look at other post and I don't found an answer.
>>
>> By example:
>> /sbin/iptables -t nat -A PREROUTING Â-p tcp -i xenbr0 --dport 3389 -j
>> DNAT
>> --to 192.168.122.77:3389
>>
>> the virtual nic for the VM es vif9.0...
> 
> Is your dom0 ip address on xenbr0 or eth0?
> Looks like you have libvirtd running (possibly on RHEL/Centos), in
> which case the IP will be on eth0. If that's the case try changing the
> rule to
> 
> /sbin/iptables -t nat -A PREROUTING  -p tcp -i eth0 -d dom0_ip_address
> --dport 3389 -j DNAT  --to 192.168.122.77:3389
> 
> and if your default rule is reject you need to add an ACCEPT rule on
> FORWARD chain as well.
> 
> Regards,
> 
> Fajar
> 
> _______________________________________________
> Xen-users mailing list
> Xen-users@xxxxxxxxxxxxxxxxxxx
> http://lists.xensource.com/xen-users
> 
> 

-- 
View this message in context: 
http://www.nabble.com/XEN-bridge-mode-tp23449187p23454056.html
Sent from the Xen - User mailing list archive at Nabble.com.


_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.