[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-users] network-nat problem


  • To: xen-users@xxxxxxxxxxxxxxxxxxx
  • From: "Robin Ericsson" <lobbin@xxxxxxxxx>
  • Date: Tue, 5 Jun 2007 12:34:46 +0200
  • Delivery-date: Tue, 05 Jun 2007 03:33:02 -0700
  • Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; b=mrmAsUuNysUDG1qepm0F4WHqJ91MtevDqmVeYwbRElWuxaLhkCPdmG6Y7wbL+YkELpXEunk3jj218shd2fVjvUNNZ8DsigNnDnw9ECn0cJXjJxWrXeSqDczCGTs+zIVUOXnMLMsb31ntkzDL6QGY8obio/DznFX0m3SW8NemtuA=
  • List-id: Xen user discussion <xen-users.lists.xensource.com>

Hi,

I'm trying get few domUs using network-nat, but something in my
configuration is blocking internet access from the domUs.

xend-config.sxp:
(network-script network-nat)
(vif-script vif-nat)

xm profile:
kernel = "/boot/vmlinuz-xen"
ramdisk = "/boot/initrd-xen"
extra = "text"
name = "web"
memory = "128"
disk = [ 'tap:aio:/var/lib/xen/web.img,xvda,w', ]
vif = [ 'ip=10.0.0.3, vifname=vif_web' ]

My interface comes up ok and I can ping this ip from dom0.
vif_web   Link encap:Ethernet  HWaddr FE:FF:FF:FF:FF:FF
         inet addr:10.0.0.130  Bcast:0.0.0.0  Mask:255.255.255.255
         inet6 addr: fe80::fcff:ffff:feff:ffff/64 Scope:Link
         UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
         RX packets:259 errors:0 dropped:0 overruns:0 frame:0
         TX packets:225 errors:0 dropped:0 overruns:0 carrier:0
         collisions:0 txqueuelen:32
         RX bytes:17088 (16.6 KiB)  TX bytes:23370 (22.8 KiB)

However, when I try to install CentOS on the domU I can't get out on
the internet. tcpdumping on vif_web tells me this:
12:17:15.759461 IP 10.0.0.3.1024 > dns1-fast.swip.net.domain:  4382+
A? mirror.nsc.liu.se. (35)
12:17:15.759516 IP 10.0.0.130 > 10.0.0.3: ICMP host dns1-fast.swip.net
unreachable - admin prohibited, length 71
12:17:15.759977 IP 10.0.0.3.1024 > dns1-fast.swip.net.domain:  4382+
A? mirror.nsc.liu.se. (35)
12:17:15.760026 IP 10.0.0.130 > 10.0.0.3: ICMP host dns1-fast.swip.net
unreachable - admin prohibited, length 71

Which means this is somehow blocked by my iptables. This is the rule:
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited

I've tried to add a MASQ rule "-t nat -A POSTROUTING -o eth0 -j
MASQUERADE" but doesn't seem to help either. Any hints where I can
test this further?

--
       regards,
       Robin

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.