Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > Linux Forums > HOWTO-Related Questions

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 18th August 2006, 04:23
amussa amussa is offline
Junior Member
 
Join Date: Aug 2006
Posts: 6
Thanks: 0
Thanked 0 Times in 0 Posts
Default The Perfect Xen 3.0 Setup For Debian - NAT problem

Hi Falko,

First, I wanna thank you for the great tutorial.

The only problem I got, is that port forwarding from dom0 to vm01 is not working.

I installed apache on vm01 and I did port forward on dom0, but I still cannot access to vm01 from the outside.
Quote:
iptables -A PREROUTING -t nat -p tcp --dport 8080 -j DNAT --to 10.0.0.1:8080
I found also that there is a problem with iptables on vm01. Could this be the problem to NAT not working? If yes, I've already read your answer on http://www.howtoforge.com/forums/showthread.php?t=4085, and I would like to know how can I make sure that iptables is correctly enabled for the domU kernel?
Quote:
vm01:~# iptables -L
iptables v1.2.11: can't initialize iptables table `filter': Table does not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
Thanks
Akil Mussá
Reply With Quote
Sponsored Links
  #2  
Old 19th August 2006, 14:13
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,747 Times in 2,578 Posts
Default

Quote:
Originally Posted by amussa
The only problem I got, is that port forwarding from dom0 to vm01 is not working.

I installed apache on vm01 and I did port forward on dom0, but I still cannot access to vm01 from the outside.
What's the output of
Code:
ifconfig
on vm01?


Quote:
Originally Posted by amussa
I found also that there is a problem with iptables on vm01. Could this be the problem to NAT not working? If yes, I've already read your answer on http://www.howtoforge.com/forums/showthread.php?t=4085, and I would like to know how can I make sure that iptables is correctly enabled for the domU kernel?
This means that the domU kernel doesn't support iptables. Did you compile the domU kernel yourself, or did you install the pre-compiled Xen kernel? The latter one doesn't support iptables.
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #3  
Old 19th August 2006, 14:53
amussa amussa is offline
Junior Member
 
Join Date: Aug 2006
Posts: 6
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Hi,
Code:
vm01:~# ifconfig
eth0      Link encap:Ethernet  HWaddr 00:16:3E:38:F6:5F
          inet addr:10.0.0.1  Bcast:10.255.255.255  Mask:255.0.0.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:8 errors:0 dropped:0 overruns:0 frame:0
          TX packets:9 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:906 (906.0 b)  TX bytes:549 (549.0 b)

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:4 errors:0 dropped:0 overruns:0 frame:0
          TX packets:4 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:280 (280.0 b)  TX bytes:280 (280.0 b)

vm01:~#
Reply With Quote
  #4  
Old 20th August 2006, 18:52
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,747 Times in 2,578 Posts
Default

Did you change /etc/xen/xend-config.sxp as described on http://www.howtoforge.com/perfect_setup_xen3_debian_p6 ?

What's the output of
Code:
cat /proc/sys/net/ipv4/ip_forward
on dom0?
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #5  
Old 21st August 2006, 14:26
amussa amussa is offline
Junior Member
 
Join Date: Aug 2006
Posts: 6
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Hi Falko,
Code:
root@cust131-43:amussa# cat /proc/sys/net/ipv4/ip_forward
1
root@cust131-43:amussa#
Yes, /etc/xen/xend-config.sxp is as you say on the tutorial
Code:
#(network-script network-bridge)
#(vif-script vif-bridge)

(network-script network-nat)
(vif-script     vif-nat)

Last edited by amussa; 21st August 2006 at 14:29.
Reply With Quote
  #6  
Old 22nd August 2006, 14:25
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,747 Times in 2,578 Posts
Default

Looks ok. Was there any firewall running on dom0 when you inserted the iptables forward rules?
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #7  
Old 22nd August 2006, 14:44
amussa amussa is offline
Junior Member
 
Join Date: Aug 2006
Posts: 6
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Hi,
Thanks for your patience. Here are my firewall rules:
Code:
root@cust131-43:amussa# iptables -L -nv
Chain INPUT (policy ACCEPT 4589K packets, 1067M bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain FORWARD (policy ACCEPT 325 packets, 148K bytes)
 pkts bytes target     prot opt in     out     source               destination
    0     0 ACCEPT     all  --  *      *       10.0.0.1             0.0.0.0/0           PHYSDEV match --physdev-in vif5.0
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0           PHYSDEV match --physdev-in vif5.0 udp spt:68 dpt:67
    0     0 ACCEPT     all  --  *      *       10.0.0.2             0.0.0.0/0           PHYSDEV match --physdev-in vif6.0
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0           PHYSDEV match --physdev-in vif6.0 udp spt:68 dpt:67

Chain OUTPUT (policy ACCEPT 4404K packets, 932M bytes)
 pkts bytes target     prot opt in     out     source               destination
root@cust131-43:amussa#
root@cust131-43:amussa# iptables -L -t nat -nv
Chain PREROUTING (policy ACCEPT 531 packets, 64813 bytes)
 pkts bytes target     prot opt in     out     source               destination
    0     0 DNAT       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:8080 to:10.0.0.1:8080

Chain POSTROUTING (policy ACCEPT 47026 packets, 2822K bytes)
 pkts bytes target     prot opt in     out     source               destination
 4460  281K MASQUERADE  all  --  *      eth0    0.0.0.0/0            0.0.0.0/0

Chain OUTPUT (policy ACCEPT 51475 packets, 3102K bytes)
 pkts bytes target     prot opt in     out     source               destination
root@cust131-43:amussa#
Reply With Quote
  #8  
Old 23rd August 2006, 16:08
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,747 Times in 2,578 Posts
Default

Please start dom0 without any firewall rules and then add your forwarding rules and test again.
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #9  
Old 27th September 2006, 21:38
amussa amussa is offline
Junior Member
 
Join Date: Aug 2006
Posts: 6
Thanks: 0
Thanked 0 Times in 0 Posts
Default

I solved part of the problem.

Now I can access the vm01 http page from the outside if I use the same port (80).
Code:
iptables -A PREROUTING -t nat -p tcp -i eth0 --dport 80 -j DNAT --to 10.0.0.1:80
When I try to redirect from the outside port 8080 to the vm01 port:80 I don't have a conexion.

Code:
 iptables -A PREROUTING -t nat -p tcp -i eth0 --dport 8080 -j DNAT --to 10.0.0.1:80

Is there any problem with DNAT?? I read the netfilters tutorial and they say it is possible.

Thanks for any help.
Reply With Quote
  #10  
Old 28th September 2006, 22:27
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,747 Times in 2,578 Posts
 
Default

Did you restart the system? Maybe your old firewall rule is conflicting with your new one.
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Perfect setup SuSe 10.0 - php problem Victor Skoropupob Installation/Configuration 3 19th May 2006 16:07
Problem Installing Courier (The Perfect Setup) regan Installation/Configuration 1 22nd April 2006 23:49
tlsmgr webmail problem, suse 9.3 perfect setup dschmid Installation/Configuration 44 2nd April 2006 19:55
Perfect Setup - Fedora Core 3 - saslauthd problem Median Installation/Configuration 28 29th January 2006 19:51
Problem on Debian Sarge Perfect Setup daniel_rodriguez HOWTO-Related Questions 4 12th January 2006 15:10


All times are GMT +2. The time now is 15:31.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.