[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [Xen-users] Prob Connecting VM through http or ssh



       Actually, this all looks like it should work.  In fact, it looks like 
all traffic would be allowed in both of these iptables configurations based 
solely on the fact that the policy on each chain is ACCEPT and there is no rule 
at the end of any chain to reject or drop all traffic (nor any rule elsewhere 
to reject or drop specific traffic).  Perhaps something else is running on the 
DomU and rejecting traffic, as this access denied message certainly makes it 
look like you have a layer 3 path to this VM (where a timeout would indicate 
you didn't).  To verify where the problem lies, I would try to ssh from Dom0 to 
DomU. I suspect you will get the same access denied error, which would most 
likely mean that the DomU is rejecting the traffic for some reason.  Otherwise, 
perhaps the IP you assigned the DomU is being used elsewhere or something else 
on the Dom0 is rejecting the traffic.
        Dustin

From: Mahendra Kutare [mailto:mahendra.kutare@xxxxxxxxx] 
Sent: Wednesday, August 06, 2008 10:17
To: Dustin.Henning@xxxxxxxxxxx; xen-users
Subject: Re: [Xen-users] Prob Connecting VM through http or ssh

This is how my DOM0 - IP table look like -

[root@gdrd59 ~]# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     all  --  anywhere             anywhere            
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:ssh 
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:webcache 
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:http 
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:http 

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     all  --  anywhere             anywhere            PHYSDEV match 
--physdev-in vif6.0 
ACCEPT     all  --  anywhere             anywhere            PHYSDEV match 
--physdev-in eth0 ! --physdev-out eth0 
ACCEPT     all  --  anywhere             anywhere            PHYSDEV match ! 
--physdev-in eth0 --physdev-out eth0 

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination 
############################################################################################################
domU IP Table looks like this -

[root@besim ~]# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere            state 
RELATED,ESTABLISHED 
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:ssh 
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:http 
ACCEPT     all  --  anywhere             anywhere            state 
RELATED,ESTABLISHED 
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:http 
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:ssh 

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination    
############################################################################################################
So as can be seen dom0 as forwarding table entry here. Am i doing something 
wrong in forwarding ?

Thanks
Mahendra
On Wed, Aug 6, 2008 at 10:08 AM, Dustin Henning <Dustin.Henning@xxxxxxxxxxx> 
wrote:
       Your VM probably has its own firewall/iptables configurationâ  This 
would need reconfigured along with the one on Dom0.  If you don't have 
firewall/iptables on your DomU, then perhaps your rules in the iptables 
Forwarding table on Dom0 are wrong.  Traffic going to a DomU will go through 
the Forwarding table instead of the Incoming table where traffic for Dom0 goes, 
I believe this would be true for both bridging and routing.
       Dustin

From: xen-users-bounces@xxxxxxxxxxxxxxxxxxx 
[mailto:xen-users-bounces@xxxxxxxxxxxxxxxxxxx] On Behalf Of Mahendra Kutare
Sent: Wednesday, August 06, 2008 09:59
To: Xen-users@xxxxxxxxxxxxxxxxxxx
Subject: [Xen-users] Prob Connecting VM through http or ssh
Hi ,

I am a newbie to Xen. I created a VM and associated an IP address.

Next, i disabled firewall and on ip tables allowed port 80, 22 and 8080 (for my 
tomcat installation) .

I started httpd on VM (domU) and dom0.

After that I tried connecting to dom0 httpd (webserver) port 80 from another 
physical server. This works and shows me the correct page when i do - 
http://<dom0-machine-ip>:80/. Then i try ssh to dom0 machine it works.

But when i try to do the same for VM (domU) on dom0 on browser as  - 
http://<domU-VM-ip>:80/ it does not work. Also when i try ssh to domU machine 
ip it says - Access Denied.

Please help me resolve this. What it is that i am missing here ?

Thanks
Mahendra



_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users



-- 
Only those who can risk going too far, can find out how far one can go.



_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.