Xen project Mailing List

[Xen-users] Xen 4 + Debian Squeeze + one VM in route mode and another in nat mode

From: Thierry B <xen-users@xxxxxxxxxx>

Date: Wed, 03 Aug 2011 19:55:58 +0200

Delivery-date: Wed, 03 Aug 2011 10:57:11 -0700

List-id: Xen user discussion <xen-users.lists.xensource.com>

Hello, I've installed on a debian squeeze server, xen 4 with one VM which run in route mode configuration with an IP failover. I wanted to create another VM which turn in nat mode, so I make that : - I let my xend-config.sxp with : (network-script 'network-route netdev=eth0') (vif-script vif-route) because my first VM is the most important.... For the second, I put that in cfg file : vif = [ 'ip=192.168.1.2,mac=00:16:3E:xxxx:xx, script=vif-nat, vifname=\ vif-debianTest' ] I modify a little vif-nat : routing_ip() { #echo $(echo $1 | awk -F. '{print $1"."$2"."$3"."$4 + 127}') echo $(echo $1 | awk -F. '{print $1"."$2"."$3"."254}') } to have always a static ip as gateway for VM2 (to configure it after in its interfaces file) I can ping VM2 from dom0, ping dom0 from VM2, have internet from VM2, but impossible to make a mapping port between dom0 and domU.... I'd like for example redirect the port 2222 of my dom0 to the port 22 of VM2 : I put those rules for iptables for VM2 : #!/bin/bash # Reset des tables iptables -t filter -F iptables -t filter -X iptables -t nat -F iptables -t nat -X # Bloquer tout le trafic iptables -P INPUT DROP iptables -P OUTPUT ACCEPT iptables -P FORWARD DROP echo 1 > /proc/sys/net/ipv4/conf/all/rp_filter echo 1 > /proc/sys/net/ipv4/conf/all/log_martians echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts iptables -A INPUT -i lo -j ACCEPT iptables -A OUTPUT -o lo -j ACCEPT iptables -A INPUT -p icmp -j ACCEPT iptables -A FORWARD -i vif-debianTest -j ACCEPT iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 2222 -j DNAT --to 192.168.\ 1.2:22 #iptables -A FORWARD -m state --state RELATED,ESTABLISHED -m physdev --physdev-\ out vif-debianTest -j ACCEPT #iptables -A FORWARD -p udp -m physdev --physdev-in vif-debianTest -m udp --spo\ rt 68 --dport 67 -j ACCEPT #iptables -A FORWARD -m state --state RELATED,ESTABLISHED -m physdev --physdev-\ out vif-debianTest -j ACCEPT iptables -t nat -A POSTROUTING -s 192.168.1.2 -j SNAT --to-source my_public_ip The rules with # was uncommented for testing. but it changes nothing... # tcpdump -i eth0 tcp port 2222 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes 19:54:02.662761 IP lev92-4-88-164-133-124.fbx.proxad.net.21384 > sd-xxxx.dedibox.fr.2222: Flags [S], seq 2030026446, win 65535, options [mss 1460,nop,nop,sackOK], length 0 19:54:05.681658 IP lev92-4-88-164-133-124.fbx.proxad.net.21384 > sd-xxxx.dedibox.fr.2222: Flags [S], seq 2030026446, win 65535, options [mss 1460,nop,nop,sackOK], length 0 ... It seems tha nothing is forwarded from eth0 to vif-debianTest But : # cat /proc/sys/net/ipv4/ip_forward 1 # cat /proc/sys/net/ipv4/conf/eth0/forwarding 1 # cat /proc/sys/net/ipv4/conf/all/forwarding 1 # ifconfig vif-debianTest vif-debianTest Link encap:Ethernet HWaddr fe:ff:ff:ff:ff:ff inet adr:192.168.1.254 Bcast:0.0.0.0 Masque:255.255.255.255 adr inet6: fe80::fcff:ffff:feff:ffff/64 Scope:Lien UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:3 errors:0 dropped:0 overruns:0 frame:0 TX packets:2 errors:0 dropped:3 overruns:0 carrier:0 collisions:0 lg file transmission:32 RX bytes:196 (196.0 B) TX bytes:160 (160.0 B) I test with a laptop at home and it seems to work if I use network-nat and vif-nat directly at xend-config.sxp, but I don't understand why it doesnt work with this configuration :-( Thanks. _______________________________________________ Xen-users mailing list Xen-users@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-users

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.