[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-users] dom0 iptables DNAT/REDIRECT help

To: xen-users@xxxxxxxxxxxxxxxxxxx
From: Roxanne Skelly <rskelly@xxxxxxxxxxxx>
Date: Thu, 02 Aug 2007 20:14:51 -0700
Delivery-date: Fri, 03 Aug 2007 09:55:40 -0700
List-id: Xen user discussion <xen-users.lists.xensource.com>

On my non-xen Fedora core 5 machine with a local webserver, I can type
the lines:
sysctl -w net.ipv4.ip_forward=1   # turn on ip forwarding
iptables -t nat -A PREROUTING -p tcp --dport 8000 -j REDIRECT --to-ports
80

This allows access to my webserver via http://mymachine:8000/

However, if I do the exact same thing on my box running the xen 3.0.3 or
xen 3.1 kernels, the packets are never REDIRECTED (DNAT to localhost).  
I've tried to follow the packets through the ip chains, and it appears
that the packets are being turned back before they hit the INPUT chain.
The nat rule doesn't seem to be run.

(You should be able to try this on your machine to see what I mean)

Can someone enlighten me on what could be happening here?  I suspect
it's some oddness with bridging, but I'm not sure.

Rox


_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users

Prev by Date: [Xen-users] Ref: Windows 2k3 Guest: boot problem from ISO
Next by Date: Re: [Xen-users] Xen 3.1 (pae-mode) causing domU's to crash if RAM above about 500-800MB is used
Previous by thread: [Xen-users] Ref: Windows 2k3 Guest: boot problem from ISO
Next by thread: [Xen-users] Virtual Machine Papers
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.