I run a Virtual Machine that uses SSH to remote forward Windows File Sharing securely across the net. I need to forward several servers and I map them to different high numbered ports on the SSH server (virtual machine), 10139,10140,10141. The virtual machine is connected to a bridge xenbr0 on the host system that also acts as a router - the server and a single interface on the host machine are contained within a DMZ and are thus on a different subnet. to facilitate the file sharing, I have setup several alias interfaces on the host machine: eth1:1 - 10.10.20.2, eth1:2 - 10.10.20.3, and eth1:3 - 10.10.20.4. I use DNAT to modify any connections to port 139 on these interfaces to the IP address of the virtual machine on the bridge and the appropriate high numbered port. The problem is, this doesn't quite work as expected and any attempt to connect via the dnat configuration fails. Is there something I am missing with regards to DNAT a packet before it is bridged? Is there something else I should be doing to retain the data it contains? Windows PC (10.10.1.3)---> ROUTER: eth0 (10.10.20.2) ---> DNAT --------------------> eth0:10.11.0.1 ||| BRIDGE(xenbr0) ||| 10.11.0.100 (VM) | | -> connection to 10.10.20.2:139 ---> changed to 10.11.0.100:10139 --------------------------------------------------> Thanks, Adam _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
Can anyone help here? _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
Does anyone have any suggestions? _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
On 11/10/06, Adam <codedv@sccode.com> wrote:> Does anyone have any suggestions?None you''ll want to hear. :-) But this is a start... http://www.catb.org/%7Eesr/faqs/smart-questions.html Have done basic network troubleshooting? What were the results? What varies between the environment it works and the one it doesn''t? What you''ve described is complex, convoluted even. Is this the only way it can be done? SMB is hard enough on a LAN, let alone with the routing you have... jerry _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
Hi, I have managed to get it working by doing the DNAT on the Virtual Machine. The reason I want to use the server, is because it makes it more manageable. It also works if I use routing instead of a xen bridge for the virtual machine. So I am think there is something I am missing with regard to translating the IP packets on the router and passing them across the bridge on to the XEN network. NAT on the Virtual Machine (this works): Windows PC (10.10.1.3) ---> ROUTER: eth0 (10.10.1.1) ---> eth1 (10.11.0.1) ||| BRIDGE ||| VM: eth0:1 (10.11.0.100) --- DNAT --> 10.11.0.1 | | connection to 10.11.0.101:139 -------------------------------------------------------------------------------------> DNAT 10.11.0.1:10140 If issue only occurs if I try to DNAT using the router as described previously. Thanks, Friday, November 10, 2006, 7:27:17 PM, you wrote: > On 11/10/06, Adam <codedv@sccode.com> wrote: >> Does anyone have any suggestions? > None you''ll want to hear. :-) > But this is a start... > http://www.catb.org/%7Eesr/faqs/smart-questions.html > Have done basic network troubleshooting? What were the results? What > varies between the environment it works and the one it doesn''t? > What you''ve described is complex, convoluted even. Is this the only > way it can be done? SMB is hard enough on a LAN, let alone with the > routing you have... > jerry > _______________________________________________ > Xen-users mailing list > Xen-users@lists.xensource.com > http://lists.xensource.com/xen-users _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users