Wensheng Wang
2005-Dec-26 06:45 UTC
[Xen-devel] How to redirect domU port to dom0 with nat
I want to intercept traffic toward a domU port from dom0 and redirect it to a dom0 port. It used to work with a simple nat rule in the early xen3.0 (from more than half year ago) Like this: 5.6.7.9 is domU ip, 5.6.7.8 is dom0 ip, for example. iptables -t nat -A PREROUTING -p tcp -d 5.6.7.9 --dport 3333 -j DNAT --to 5.6.7.8:80 I want to do this so when a person request http://5.6.7.9:3333, he get response from 5.6.7.8 dom0 web server. But now it doesn''t work. I use current xen 3.0, default network(use xenbr0). I have /proc/sys/net/ipv4/ip_forward set to 1. direct request of http://5.6.7.8/ works. "iptables -nvL -t nat" in dom0 shows 0 pkts for chain prerouting. tcpdump in domU show pkts get through instead of be intercepted by dom0. I tried "iptables -t raw -A PREROUTING -i xenbr0 -j NOTRACK" after recompiling kernel modules, still to no avail. What can I do to get it work? Thank you. Wensheng Wang _______________________________________________ Xen-devel mailing list Xen-devel@lists.xensource.com http://lists.xensource.com/xen-devel
Keir Fraser
2005-Dec-28 10:46 UTC
Re: [Xen-devel] How to redirect domU port to dom0 with nat
On 26 Dec 2005, at 06:45, Wensheng Wang wrote:> "iptables -nvL -t nat" in dom0 shows 0 pkts for chain prerouting. > tcpdump in domU show pkts get through instead of be intercepted by > dom0. > > I tried "iptables -t raw -A PREROUTING -i xenbr0 -j NOTRACK" after > recompiling kernel modules, still to no avail. > > What can I do to get it work?Try running ''ethtool -K eth0 tx off'' in domU. -- Keir _______________________________________________ Xen-devel mailing list Xen-devel@lists.xensource.com http://lists.xensource.com/xen-devel