thr3ads.net - Xen users - [Xen-users] Strange XEN NAT problem [Jul 2008]

If this information is useful, please help other people find it:
Share via:

Philipp Periventas

2008-Jul-29 22:19 UTC

[Xen-users] Strange XEN NAT problem

Hello there,

I''ve got a problem regarding my XEN network setup. First of all,
I''ll
just tell you what doesn''t work: the access to a forwarded (natted)  
port (e.g. port 80 http) of a dom (no matter if dom0 or domU) to the  
servers external ip address (from "inside") does not work (connection
refused). Here''s the layout of my xen virtual network:

			   one machine with an external ip
			|								|
			|								|
		    eth0 (85.214.xxx.xxx)			xenbr0 (bridge 10.0.0.1)
										|					|
										|					|
									webserver (10.0.0.2)		mailserver (10.0.0.3)

So the server has one external ip and i want to use two domUs for web  
and mail behind - therefore I have to use masquerading. While building  
up this configuration, I was inspired by this tutorial:
http://en.opensuse.org/Xen3_and_a_Virtual_Network

To come back to the problem - NAT (masquerading) and port forwarding  
just works fine. I can connect to the webserver by using http://85.214.113.119 
  without any problems from HOME. But when I try to connect to
http://85.214.113.119
  from INSIDE (e.g. from dom0 or the webserver, it doesnt matter), i  
cannot make a connection (lynx says connection refused). Also a port  
scan with nmap does not show me the open port 80 from inside (while  
from outside it does). I messed up with iptables all the time, since I  
could not figure out why this happens, so I decided just to create a  
very plain iptables configuration - here is my iptables output:

# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere            PHYSDEV  
match --physdev-in vif1.0
ACCEPT     all  --  anywhere             anywhere            PHYSDEV  
match --physdev-in vif2.0

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

# iptables -t nat -L
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination
DNAT       tcp  --  anywhere             anywhere            tcp  
dpt:http to:10.0.0.2

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination
MASQUERADE  all  --  anywhere             anywhere

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Has anyone had a similar problem and maybe solved it?

Thanks in advance


_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users

Maybe Matching Threads

Search for more seemingly similar threads

Xen users - Jul 2008 - Strange XEN NAT problem

[Xen-users] Strange XEN NAT problem

Maybe Matching Threads

Wisdom of the Ancients