Nevermind ... I think the problem is with nat chain. I did not realize that
iptables -vnL doesn''t show everything. I had to do iptables -t nat -vnL
and sure enough there''s the chain.
root@Dom0:/etc/xen# iptables -t nat -vnL
Chain PREROUTING (policy ACCEPT 6 packets, 639 bytes)
pkts bytes target prot opt in out source destination
12 720 DNAT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0
tcp dpt:80 to:192.168.1.200:80
0 0 DNAT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0
tcp dpt:80 to:192.168.1.200:80
0 0 DNAT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0
tcp dpt:80 to:192.168.1.200:80
From: parampat@hotmail.com
To: xen-users@lists.xensource.com
Subject: Xen network problem *ONLY* on port 80
Date: Sat, 7 Mar 2009 20:08:24 +0000
Hello,
I have a weird problem. Not sure if it''s Xen related or something else.
There''s only 1 network card on the physical host and on the VMs. At
this point, I only have 1 Domu. Here''s basically what I have:
Dom0 IP: 10.1.1.2
DomU IP: 10.1.1.110
Gateway: 10.1.1.1 (Netscreen NS 5GT)
>From Dom0 and DomU, I can ping all 3 IP addresses above.
On Dom0, I issue command:
Dom0: tcpdump -i eth0 portrange 80-81
While tcpdump is running, I issue the following commands:
DomU: nc -l -p 80
Dom0: nc 10.1.1.110 80
Result: Successfully connected.
TCPDUMP result:
11:59:01.206489 IP 10.1.1.2.57487 > 10.1.1.110.www: S
2261694820:2261694820(0) win 5840 <mss 1460,sackOK,timestamp 297804
0,nop,wscale 7>
11:59:01.206553 IP 10.1.1.110.www > 10.1.1.2.57487: S
2229686772:2229686772(0) ack 2261694821 win 5792 <mss 1460,sackOK,timestamp
110547 297804,nop,wscale 7>
11:59:01.206578 IP 10.1.1.2.57487 > 10.1.1.110.www: . ack 1 win 46
<nop,nop,timestamp 297804 110547>
Now I tried to do the reverse.
Dom0: nc -l -p 80
DomU: nc 10.1.1.2 80
Result: (UNKNOWN) [10.1.1.2] 80 (www) : No route to host
TCPDUMP result:
11:59:58.202900 IP 10.1.1.110.51707 > 192.168.1.200.www: S
3119767855:3119767855(0) win 5840 <mss 1460,sackOK,timestamp 124795
0,nop,wscale 7>
Just to make sure, I tried on different port (81):
DomU: nc -l -p 81
Dom0: nc 10.1.1.110 81
Result: Successfully connected.
TCPDUMP result:
12:00:48.270605 IP 10.1.1.2.40178 > 10.1.1.110.81: S 3957625437:3957625437(0)
win 5840 <mss 1460,sackOK,timestamp 324569 0,nop,wscale 7>
12:00:48.270692 IP 10.1.1.110.81 > 10.1.1.2.40178: S 3911571959:3911571959(0)
ack 3957625438 win 5792 <mss 1460,sackOK,timestamp 137311 324569,nop,wscale
7>
12:00:48.270721 IP 10.1.1.2.40178 > 10.1.1.110.81: . ack 1 win 46
<nop,nop,timestamp 324569 137311>
And the reverse
Dom0: nc -l -p 81
DomU: nc 10.1.1.2 81
Result: Successfully connected.
TCPDUMP Result:
12:02:24.527044 IP 10.1.1.110.53560 > 10.1.1.2.81: S 1133939315:1133939315(0)
win 5840 <mss 1460,sackOK,timestamp 161374 0,nop,wscale 7>
12:02:24.527078 IP 10.1.1.2.81 > 10.1.1.110.53560: S 1165284839:1165284839(0)
ack 1133939316 win 5792 <mss 1460,sackOK,timestamp 348631 161374,nop,wscale
7>
12:02:24.527117 IP 10.1.1.110.53560 > 10.1.1.2.81: . ack 1 win 46
<nop,nop,timestamp 161374 348631>
The question is .... why does connection to port 80 is being forwarded to IP
192.168.2.200? How can I change this so that it goes to 10.1.1.2? I tried many
other ports (79, 8080, 22, etc) they are all working as expected. Only port 80
is having this issue.
Help pleaseeeeeeeeee ... or any hints would be highly appreciated.
Thank you very much.
_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users