[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-users] dom0 iptables DNAT/REDIRECT help



On my non-xen Fedora core 5 machine with a local webserver, I can type
the lines:
sysctl -w net.ipv4.ip_forward=1   # turn on ip forwarding
iptables -t nat -A PREROUTING -p tcp --dport 8000 -j REDIRECT --to-ports
80

This allows access to my webserver via http://mymachine:8000/

However, if I do the exact same thing on my box running the xen 3.0.3 or
xen 3.1 kernels, the packets are never REDIRECTED (DNAT to localhost).  
I've tried to follow the packets through the ip chains, and it appears
that the packets are being turned back before they hit the INPUT chain.
The nat rule doesn't seem to be run.

(You should be able to try this on your machine to see what I mean)

Can someone enlighten me on what could be happening here?  I suspect
it's some oddness with bridging, but I'm not sure.

Rox


_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.