[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-users] Xen 4 + Debian Squeeze + one VM in route mode and another in nat mode

Le 07/08/2011 11:12, Thierry B a écrit :
> Le 06/08/2011 11:45, Thierry B a écrit :
>> Le 04/08/2011 06:31, Todd Deshane a écrit :
>>> Are you able to confirm that Xen is making use of these scripts? For
>>> example, adding a set -x to the scripts and booting the guest to make
>>> sure the scripts are being called. And/or manually checking that the
>>> iptables rules are being put into place correctly Another approach is
>>> described in this thread:
>>> http://xen.markmail.org/search/?q=nat+networking#query:nat%20networking+page:1+mid:fksxauxxxqxotgz4+state:results
>>> Which links to:
>>> http://www.andrewsorensen.net/blog/post/nat-networking-in-debian-squeeze
>>> Thanks, Todd 
>> Yes I'm able to confirm that because it's vif-nat which give the static
>> ip 192.168.1.254 to vif-debianTest by modifiing that :
>>
>> routing_ip()
>> {
>>   #echo $(echo $1 | awk -F. '{print $1"."$2"."$3"."$4 + 127}')
>>   echo $(echo $1 | awk -F. '{print $1"."$2"."$3"."254}')
>> }
>>
>> I use a dedibox, and bridge mode is not authorized...I can only route
>> with an ip failover that I have to buy or nat, and I'd like to have one
>> VM which use an ip failover and other one NAT.
>>
>> Thanks.
>>
>>
>> _______________________________________________
>> Xen-users mailing list
>> Xen-users@xxxxxxxxxxxxxxxxxxx
>> http://lists.xensource.com/xen-users
> Hello,
>
> This is my complete rules :
>
> # iptables -L -v | more
>
> Chain INPUT (policy DROP 860 packets, 95727 bytes)
>  pkts bytes target     prot opt in     out     source               
> destination
>
>    18  2185 ACCEPT     all  --  lo     any     anywhere             anywhere
>
>     8   792 ACCEPT     icmp --  any    any     anywhere             anywhere
>
>  1065 83852 ACCEPT     tcp  --  eth0   any     
> lev92-4-88-164-133-124.fbx.proxad
> .net  anywhere            tcp dpt:ssh
>     5   544 ACCEPT     all  --  eth0   any     anywhere             anywhere
>         state RELATED,ESTABLISHED
>     0     0 ACCEPT     all  --  vif2.0 any     anywhere             anywhere
>
>     0     0 ACCEPT     all  --  vif-debianTest any     anywhere             
> anyw
> here
>
> Chain FORWARD (policy DROP 11 packets, 528 bytes)
>  pkts bytes target     prot opt in     out     source               
> destination
>
>  1517  322K ACCEPT     all  --  eth0   any     anywhere             anywhere
>         state RELATED,ESTABLISHED
>    10   496 ACCEPT     all  --  eth0   any     anywhere             
> 88-190-238-1
> 64.rev.dedibox.fr
>  1605  143K ACCEPT     all  --  vif2.0 any     anywhere             anywhere
>
>     0     0 ACCEPT     all  --  vif-xenwinxp any     anywhere             
> anywhe
> re
>     0     0 ACCEPT     all  --  vif-debianTest any     anywhere             
> anyw
> here
>     0     0 ACCEPT     all  --  any    any     anywhere             anywhere
>         state RELATED,ESTABLISHED PHYSDEV match --physdev-out vif-debianTest
>     0     0 ACCEPT     udp  --  any    any     anywhere             anywhere
>         PHYSDEV match --physdev-in vif-debianTest udp spt:bootpc dpt:bootps
>     0     0 ACCEPT     all  --  any    any     anywhere             anywhere
>         state RELATED,ESTABLISHED PHYSDEV match --physdev-out vif-debianTest
>     0     0 ACCEPT     all  --  any    any     xenDebianTest        anywhere
>         PHYSDEV match --physdev-in vif-debianTest
>
>
> Chain OUTPUT (policy ACCEPT 886 packets, 129K bytes)
>  pkts bytes target     prot opt in     out     source               
> destination
>
>    24  2946 ACCEPT     all  --  any    lo      anywhere             anywhere
>
>
> # iptables -L -t nat -v | more
> Chain PREROUTING (policy ACCEPT 1265 packets, 132K bytes)
>  pkts bytes target     prot opt in     out     source               
> destination
>
>    11   528 DNAT       tcp  --  eth0   any     anywhere             anywhere
>         tcp dpt:2222 to:192.168.1.2:22
>
> Chain POSTROUTING (policy ACCEPT 27 packets, 1850 bytes)
>  pkts bytes target     prot opt in     out     source               
> destination
>
>   110  7826 SNAT       all  --  any    eth0    88-190-238-164.rev.dedibox.fr  
> an
> ywhere            to:88.190.238.164
>     0     0 SNAT       all  --  any    any     192.168.0.2          anywhere
>         to:88.190.15.135
>     0     0 SNAT       all  --  any    any     xenDebianTest        anywhere
>         to:88.190.15.135
>
> Chain OUTPUT (policy ACCEPT 21 packets, 1538 bytes)
>  pkts bytes target     prot opt in     out     source               
> destination
>
>
> Thanks :-)
>
>
>
> _______________________________________________
> Xen-users mailing list
> Xen-users@xxxxxxxxxxxxxxxxxxx
> http://lists.xensource.com/xen-users

Hello,

I found.

I used my FORWARD rules not on the vif interface but on the ip and it works!

iptables -A FORWARD -p tcp -m state --state NEW -d 192.168.1.2 --dport
22 -j ACCEPT

Thanks :-)


_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.