I use debian etch amd64 and xen from the debian repositories; I have created 2 paravirtualized server, (always debian amd64), a web server and a mail server. The dom0 is attached to internet through an ethernet modem (ppp0), with a dynamic ip. I use, in dom0, (network-script network-nat) (vif-script vif-nat 1.0.0.0.1 = web server domU (gateway 10.0.0.254) 1.0.0.0.2 = mail server domU (gateway 10.0.0.254) In the dom0 firewall i have these relevant rules: Input, output and forward all on accept; echo 1 >> /proc/sys/net/ipv4/ip_forward iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE iptables -A PREROUTING -t nat -p tcp -i ppp0 --dport 25 -j DNAT --to 10.0.0.2:25 iptables -A PREROUTING -t nat -p tcp -i ppp0 --dport 465 -j DNAT --to 10.0.0.2:465 iptables -A PREROUTING -t nat -p tcp -i ppp0 --dport 143 -j DNAT --to 10.0.0.2:143 iptables -A PREROUTING -t nat -p tcp -i ppp0 --dport 993 -j DNAT --to 10.0.0.2:993 iptables -t nat -A PREROUTING -p tcp -i ppp0 --dport 80 -j DNAT --to 10.0.0.1:80 Result: the web server can be contacted from outside, works perfectly The mail server can''t be contacted form outside; What''s wrong? Thanks. _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
On So, Dez 23, 2007 at 05:52:03 +0100, zava.zava@libero.it wrote:> I use debian etch amd64 and xen from the debian repositories; > I have created 2 paravirtualized server, (always debian amd64), a web server and a mail server. > > The dom0 is attached to internet through an ethernet modem (ppp0), with a dynamic ip. > > I use, in dom0, > > (network-script network-nat) > (vif-script vif-nat > > 1.0.0.0.1 = web server domU (gateway 10.0.0.254) > 1.0.0.0.2 = mail server domU (gateway 10.0.0.254) > > In the dom0 firewall i have these relevant rules: > > Input, output and forward all on accept; > > echo 1 >> /proc/sys/net/ipv4/ip_forward > > iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE > > iptables -A PREROUTING -t nat -p tcp -i ppp0 --dport 25 -j DNAT --to 10.0.0.2:25 > > iptables -A PREROUTING -t nat -p tcp -i ppp0 --dport 465 -j DNAT --to 10.0.0.2:465 > > iptables -A PREROUTING -t nat -p tcp -i ppp0 --dport 143 -j DNAT --to 10.0.0.2:143 > > iptables -A PREROUTING -t nat -p tcp -i ppp0 --dport 993 -j DNAT --to 10.0.0.2:993 > > iptables -t nat -A PREROUTING -p tcp -i ppp0 --dport 80 -j DNAT --to 10.0.0.1:80 > > Result: the web server can be contacted from outside, works perfectly > The mail server can''t be contacted form outside; > > What''s wrong?Don''t you want to specify -t nat for the mail server rules too?> > Thanks. > > > > _______________________________________________ > Xen-users mailing list > Xen-users@lists.xensource.com > http://lists.xensource.com/xen-users-- WBR, i.m.chubin _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
...> > > > Result: the web server can be contacted from outside, works perfectly > > The mail server can''t be contacted form outside; > > > > What''s wrong? > > Don''t you want to specify -t nat for the mail server rules too? >Sorry, I have missed the keys. However, may you show iptables-save output?> > > > Thanks. > > > > > > > > _______________________________________________ > > Xen-users mailing list > > Xen-users@lists.xensource.com > > http://lists.xensource.com/xen-users > > -- > WBR, i.m.chubin > > > _______________________________________________ > Xen-users mailing list > Xen-users@lists.xensource.com > http://lists.xensource.com/xen-users-- WBR, i.m.chubin _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users