I am running Xen on a RHEL4 dom0 and have two RHEL4 domU''s. The domU''s are both running Oracle 10g R2 database. I want to connect to these databases from another computer. Xen is set up with NAT network and all dom''s have access to the internet and they can ping eachother so the network is up and running. My problem is that I cannot connect to the different oracle listeners running on the VM''s. I have tried the following iptable rules: iptables -A FORWARD -i eth0 -p tcp --dport 1500 -d 10.0.0.1 -j ACCEPT iptables -A FORWARD -i eth0 -p tcp --dport 1501 -d 10.0.0.2 -j ACCEPT iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE iptables -A PREROUTING -t nat -p tcp -i eth0 --dport 1500 -j DNAT --to 10.0.0.1:1521 iptables -A PREROUTING -t nat -p tcp -i eth0 --dport 1501 -j DNAT --to 10.0.0.2:1521 The following parameters are set: /proc/sys/net/ipv4/ip_forward is set to 1 In sysctl.conf: net.ipv4.ip_forward = 1 but I still cannot connect. Running tcpdump I get the following: IP (..host_ip..) > (..client_ip..): icmp 56: host pcitdes003.cern.chunreachable - admin prohibited Anyone got any idea? _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
Atle Rudshaug schrieb:> Anyone got any idea?Add a "-j LOG" to your rules and see if something will be dropped (logged to DMESG befor dropped)... regards norman _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
Atle Rudshaug schrieb:> IP (..host_ip..) > (..client_ip..): icmp 56: host pcitdes003.cern.ch > <http://pcitdes003.cern.ch> unreachable - admin prohibited > > Anyone got any idea?Some other... If you want to ping, you have also allow "-p icmp" regards norman _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users