I''m having troubles getting a port forwarded in Ubuntu. I''m running VMWare in my fw and the network interface of VMWare acts as local network (it''s NATted in VMWare). The problem is that The traffic gets forwarded to the virtual machine, but when the vm replies, the traffic is not forwarded to the net interface. So when I monitor the traffic of the local network interface (vmnet6 in my case) I see the incoming packages coming from internet and forwarded by the fw and I also see reply packages coming from the VM. But if I monitor the net interface (eth0) I only see incoming packages and no outgoing packages so those reply packages are not forwarded. Otherwise the network in the vm works fine. my shorewall settings: interfaces: net eth0 detect vmloc vmnet6 detect zones: fw firewall net ipv4 vmloc ipv4 policy: net all DROP info fw net ACCEPT vmloc fw ACCEPT fw vmloc ACCEPT vmloc net ACCEPT rules: DNAT:info net vmloc:<VM ip> tcp 80 Any suggestions? ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
Hese wrote:> I''m having troubles getting a port forwarded in Ubuntu. I''m running VMWare > in my fw and the network interface of VMWare acts as local network (it''s > NATted in VMWare). The problem is that The traffic gets forwarded to the > virtual machine, but when the vm replies, the traffic is not forwarded to > the net interface. So when I monitor the traffic of the local network > interface (vmnet6 in my case) I see the incoming packages coming from > internet and forwarded by the fw and I also see reply packages coming from > the VM. But if I monitor the net interface (eth0) I only see incoming > packages and no outgoing packages so those reply packages are not forwarded. > Otherwise the network in the vm works fine. > > my shorewall settings: > > interfaces: > net eth0 detect > vmloc vmnet6 detect > > zones: > fw firewall > net ipv4 > vmloc ipv4 > > policy: > net all DROP info > fw net ACCEPT > vmloc fw ACCEPT > fw vmloc ACCEPT > vmloc net ACCEPT > > > rules: > DNAT:info net vmloc:<VM ip> tcp 80 > > Any suggestions? > >Sounds like your missing a matching SNAT entry in masq: eth0 <VM ip> <EXT IP> tcp 80 Jerry ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
> > > Sounds like your missing a matching SNAT entry in masq: > eth0 <VM ip> <EXT IP> tcp 80 > > > Jerry > > It was missing indeed, but it seems that adding it does not have anyeffect on the problem. ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
Hese wrote:>> >> Sounds like your missing a matching SNAT entry in masq: >> eth0 <VM ip> <EXT IP> tcp 80 >> >> >> Jerry >> >> It was missing indeed, but it seems that adding it does not have any > effect on the problem. >So much for the easy guess, can your post a dump please. Jerry ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
On Fri, Feb 08, 2008 at 04:03:50PM +0200, Hese wrote:> > interfaces: > net eth0 detect > vmloc vmnet6 detect >Is vmnet6 a physical interface? If eth0 is the only physical interface, then you need the routeback option. Regards, -Roberto -- Roberto C. Sánchez http://people.connexer.com/~roberto http://www.connexer.com ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
On Feb 8, 2008 4:56 PM, Roberto C. Sánchez <roberto@connexer.com> wrote:> On Fri, Feb 08, 2008 at 04:03:50PM +0200, Hese wrote: > > > > interfaces: > > net eth0 detect > > vmloc vmnet6 detect > > > Is vmnet6 a physical interface? If eth0 is the only physical interface, > then you need the routeback option. > > Regards, > > -Roberto >yes, eth0 is the only physical interface. But what I did not realize before is that probably the VMWare NAT is what is causing the problems. I believe that VMWare''s own components are doing NATting between eth0 and vmnet6 and that''s why forwarding with iptables fails. There''s an another networking mode in VMWare, called "host-only", which most likely will solve my issue. I can''t test this to be sure until sometime in the future when I dare to turn my virtual machines off and reconfigure VMWare. ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/