Xen project Mailing List

[Xen-devel] How to redirect domU port to dom0 with nat

From: Wensheng Wang <wenshengwang@xxxxxxxxx>

Date: Mon, 26 Dec 2005 00:45:57 -0600

Delivery-date: Mon, 26 Dec 2005 06:49:40 +0000

Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; b=mjxl4wdpSOcm56VwHDHKQK8hvV8Zci03SzduNdrx1WWZ/XgJmSwxf2rCSzmHKcrRkU7aTjcFIH3ph9DyG8ZYkMDX7rKH86UvM8QwZoqAGCx6ejM1i4oh3wSISW6zYZuPGtTMRYzk6/4hYxVlXLTz74tb3hi/i9Rw5lzN6szuZNo=

List-id: Xen developer discussion <xen-devel.lists.xensource.com>

I want to intercept traffic toward a domU port from dom0 and redirect it to a dom0 port. It used to work with a simple nat rule in the early xen3.0 (from more than half year ago) Like this: 5.6.7.9 is domU ip, 5.6.7.8 is dom0 ip, for example. iptables -t nat -A PREROUTING -p tcp -d 5.6.7.9 --dport 3333 -j DNAT --to 5.6.7.8:80 I want to do this so when a person request http://5.6.7.9:3333, he get response from 5.6.7.8 dom0 web server. But now it doesn't work. I use current xen 3.0, default network(use xenbr0). I have /proc/sys/net/ipv4/ip_forward set to 1. direct request of http://5.6.7.8/ works. "iptables -nvL -t nat" in dom0 shows 0 pkts for chain prerouting. tcpdump in domU show pkts get through instead of be intercepted by dom0. I tried "iptables -t raw -A PREROUTING -i xenbr0 -j NOTRACK" after recompiling kernel modules, still to no avail. What can I do to get it work? Thank you. Wensheng Wang _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-devel

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.