Xen project Mailing List

This is how my DOM0 - IP table look like -

[root@gdrd59 ~]# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     all -- anywhere             anywhere
ACCEPT     tcp -- anywhere             anywhere            tcp dpt:ssh
ACCEPT     tcp -- anywhere             anywhere            tcp dpt:webcache
ACCEPT     tcp -- anywhere             anywhere            tcp dpt:http
ACCEPT     tcp -- anywhere             anywhere            tcp dpt:http

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
ACCEPT     all -- anywhere             anywhere            PHYSDEV match --physdev-in vif6.0
ACCEPT     all -- anywhere             anywhere            PHYSDEV match --physdev-in eth0 ! --physdev-out eth0
ACCEPT     all -- anywhere             anywhere            PHYSDEV match ! --physdev-in eth0 --physdev-out eth0

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
############################################################################################################
domU IP Table looks like this -

[root@besim ~]# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     all -- anywhere             anywhere
ACCEPT     all -- anywhere             anywhere            state RELATED,ESTABLISHED
ACCEPT     tcp -- anywhere             anywhere            tcp dpt:ssh
ACCEPT     tcp -- anywhere             anywhere            tcp dpt:http
ACCEPT     all -- anywhere             anywhere            state RELATED,ESTABLISHED
ACCEPT     tcp -- anywhere             anywhere            tcp dpt:http
ACCEPT     tcp -- anywhere             anywhere            tcp dpt:ssh

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
############################################################################################################
So as can be seen dom0 as forwarding table entry here. Am i doing something wrong in forwarding ?

Thanks
Mahendra

On Wed, Aug 6, 2008 at 10:08 AM, Dustin Henning <Dustin.Henning@xxxxxxxxxxx> wrote:

Your VM probably has its own firewall/iptables configurationâ This would need reconfigured along with the one on Dom0. If you don't have firewall/iptables on your DomU, then perhaps your rules in the iptables Forwarding table on Dom0 are wrong. Traffic going to a DomU will go through the Forwarding table instead of the Incoming table where traffic for Dom0 goes, I believe this would be true for both bridging and routing.
Dustin

From: xen-users-bounces@xxxxxxxxxxxxxxxxxxx [mailto:xen-users-bounces@xxxxxxxxxxxxxxxxxxx] On Behalf Of Mahendra Kutare
Sent: Wednesday, August 06, 2008 09:59
To: Xen-users@xxxxxxxxxxxxxxxxxxx
Subject: [Xen-users] Prob Connecting VM through http or ssh

Hi ,

I am a newbie to Xen. I created a VM and associated an IP address.

Next, i disabled firewall and on ip tables allowed port 80, 22 and 8080 (for my tomcat installation) .

I started httpd on VM (domU) and dom0.

After that I tried connecting to dom0 httpd (webserver) port 80 from another physical server. This works and shows me the correct page when i do - http://<dom0-machine-ip>:80/. Then i try ssh to dom0 machine it works.

But when i try to do the same for VM (domU) on dom0 on browser as - http://<domU-VM-ip>:80/ it does not work. Also when i try ssh to domU machine ip it says - Access Denied.

Please help me resolve this. What it is that i am missing here ?

Thanks
Mahendra

_______________________________________________
Xen-users mailing list

Xen-users@xxxxxxxxxxxxxxxxxxx

http://lists.xensource.com/xen-users

--
Only those who can risk going too far, can find out how far one can go.

Re: [Xen-users] Prob Connecting VM through http or ssh