Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > Linux Forums > HOWTO-Related Questions

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 14th April 2006, 15:39
rsacon rsacon is offline
Junior Member
 
Join Date: Apr 2006
Posts: 7
Thanks: 0
Thanked 0 Times in 0 Posts
Default The Perfect Xen 3.0 Setup For Debian - virtual network problem

I followed the tutorial step by step on a box I just rented at an ISP. Everything went fine (including network connecticity) until I reached the last part with the virtual local network.

The VMs can reach each others and reach the Internet form their 10.0.0.x network, But after putting in the NAT rules I still can't aceess any running service such as SSH from the Internet. Is there any step misssing in the tutorial or am I doing something wrong ? And there is a difference when I add the NAT rules. Without them I get immediately a connection refused error, with the NAT rules it just keeps hanging.

For now, I went back to the bridged connection, but I relly hope to get the private local network running.

thanks in advance for any advice
Reply With Quote
Sponsored Links
  #2  
Old 15th April 2006, 15:21
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,735 Times in 2,571 Posts
Default

Can you post the NAT rules you're using?
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #3  
Old 15th April 2006, 22:44
rsacon rsacon is offline
Junior Member
 
Join Date: Apr 2006
Posts: 7
Thanks: 0
Thanked 0 Times in 0 Posts
Default

These were my NAT settings:


more /etc/network/if-up.d/iptables:

#!/bin/sh

### Port Forwarding ###
iptables -A PREROUTING -t nat -p tcp -i eth0 --dport 80 -j DNAT --to 10.0.0.2:80
iptables -A PREROUTING -t nat -p tcp -i eth0 --dport 6678 -j DNAT --to 10.0.0.1:22
iptables -A PREROUTING -t nat -p tcp -i eth0 --dport 6679 -j DNAT --to 10.0.0.2:22
Reply With Quote
  #4  
Old 16th April 2006, 14:54
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,735 Times in 2,571 Posts
Default

Did you
Code:
chmod 755 /etc/network/if-up.d/iptables
(so that the file is executed at system startup)? Is eth0 your network device on dom0?
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #5  
Old 17th April 2006, 22:25
rsacon rsacon is offline
Junior Member
 
Join Date: Apr 2006
Posts: 7
Thanks: 0
Thanked 0 Times in 0 Posts
Default

yes to both of your questions, see below. I still couldn't figure out why it doesen't work. Any ideas how to troubleshoot this problem ?

debian:/home/saccon# ls -la /etc/network/if-up.d/iptables
-rwxr-xr-x 1 root root 282 2006-04-13 17:28 /etc/network/if-up.d/iptables

debian:/home/saccon# ifconfig
eth0 Link encap:Ethernet HWaddr 00:16:35:78:EF:C0
inet addr:72.232.68.66 Bcast:72.255.255.255 Mask:255.255.255.248
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:915 errors:0 dropped:0 overruns:0 frame:0
TX packets:758 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:87754 (85.6 KiB) TX bytes:165024 (161.1 KiB)
Interrupt:17

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)

vif5.0 Link encap:Ethernet HWaddr FE:FF:FF:FF:FF:FF
inet addr:10.0.0.128 Bcast:0.0.0.0 Mask:255.255.255.255
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:35 errors:0 dropped:0 overruns:0 frame:0
TX packets:24 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:2406 (2.3 KiB) TX bytes:1394 (1.3 KiB)

vif6.0 Link encap:Ethernet HWaddr FE:FF:FF:FF:FF:FF
inet addr:10.0.0.129 Bcast:0.0.0.0 Mask:255.255.255.255
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:22 errors:0 dropped:0 overruns:0 frame:0
TX packets:5 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:1570 (1.5 KiB) TX bytes:248 (248.0 b)


regards
Roberto
Reply With Quote
  #6  
Old 18th April 2006, 11:22
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,735 Times in 2,571 Posts
Default

What happens if you execute /etc/network/if-up.d/iptables? Run
Code:
/etc/network/if-up.d/iptables
on the shell as root.

Please make sure that file has Unix linebreaks, not Windows linebreaks.
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #7  
Old 21st April 2006, 07:57
rsacon rsacon is offline
Junior Member
 
Join Date: Apr 2006
Posts: 7
Thanks: 0
Thanked 0 Times in 0 Posts
Default

unfortunately nothing happens. And if I list all rules with iptables -L, I can't see them anywhere there.
Reply With Quote
  #8  
Old 21st April 2006, 08:03
rsacon rsacon is offline
Junior Member
 
Join Date: Apr 2006
Posts: 7
Thanks: 0
Thanked 0 Times in 0 Posts
Default

need to correct myself, didn't specify NAT table, with "iptables -L -t nat" I see:

Chain PREROUTING (policy ACCEPT)
target prot opt source destination
DNAT tcp -- anywhere anywhere tcp dpt:www to:10.0.0.2:80
DNAT tcp -- anywhere anywhere tcp dpt:9641 to:10.0.0.1:22
DNAT tcp -- anywhere anywhere tcp dpt:9642 to:10.0.0.2:22


Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
MASQUERADE all -- anywhere anywhere

Chain OUTPUT (policy ACCEPT)
target prot opt source destination





Filter tables looks like:
---------------------

Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT all -- 10.0.0.1 anywhere PHYSDEV match --physdev-in vif5.0
ACCEPT udp -- anywhere anywhere PHYSDEV match --physdev-in vif5.0 udp spt:bootpc dpt:bootps
ACCEPT all -- 10.0.0.1 anywhere PHYSDEV match --physdev-in vif6.0
ACCEPT udp -- anywhere anywhere PHYSDEV match --physdev-in vif6.0 udp spt:bootpc dpt:bootps
ACCEPT all -- 10.0.0.1 anywhere PHYSDEV match --physdev-in vif7.0
ACCEPT udp -- anywhere anywhere PHYSDEV match --physdev-in vif7.0 udp spt:bootpc dpt:bootps
ACCEPT all -- 10.0.0.1 anywhere PHYSDEV match --physdev-in vif8.0
ACCEPT udp -- anywhere anywhere PHYSDEV match --physdev-in vif8.0 udp spt:bootpc dpt:bootps

Chain OUTPUT (policy ACCEPT)
target prot opt source destination



If I try to login in via ssh and sniff at the interface I get the following tcpdump:
----------------------------------------------------------------------------
debian:/etc/xen# tcpdump port 9641
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
22:19:33.294688 IP 20118084046.host.telemar.net.br.1277 > 66.68.232.72.reverse.layeredtech.com.9641: S 2159620162:2159620162(0) win 65535 <mss 1440 ,nop,nop,sackOK>
22:19:33.295608 IP 66.68.232.72.reverse.layeredtech.com.9641 > 20118084046.host.telemar.net.br.1277: S 1693666106:1693666106(0) ack 2159620163 win 5840 <mss 1460,nop,nop,sackOK>
22:19:33.504404 IP 20118084046.host.telemar.net.br.1277 > 66.68.232.72.reverse.layeredtech.com.9641: . ack 1 win 65535
22:19:33.505583 IP 66.68.232.72.reverse.layeredtech.com.9641 > 20118084046.host.telemar.net.br.1277: P 1:42(41) ack 1 win 5840
22:19:37.530007 IP 66.68.232.72.reverse.layeredtech.com.9641 > 20118084046.host.telemar.net.br.1277: P 1:42(41) ack 1 win 5840
22:19:41.779922 IP 66.68.232.72.reverse.layeredtech.com.9641 > 20118084046.host.telemar.net.br.1276: P 1607211346:1607211387(41) ack 1780605239 win 5840
22:19:43.529954 IP 66.68.232.72.reverse.layeredtech.com.9641 > 20118084046.host.telemar.net.br.1277: P 1:42(41) ack 1 win 5840
22:19:55.530022 IP 66.68.232.72.reverse.layeredtech.com.9641 > 20118084046.host.telemar.net.br.1277: P 1:42(41) ack 1 win 5840
22:20:19.530018 IP 66.68.232.72.reverse.layeredtech.com.9641 > 20118084046.host.telemar.net.br.1277: P 1:42(41) ack 1 win 5840
22:20:43.530011 IP 66.68.232.72.reverse.layeredtech.com.9641 > 20118084046.host.telemar.net.br.nessus: P 1322618440:1322618481(41) ack 1471941687 win 5840
22:21:07.529963 IP 66.68.232.72.reverse.layeredtech.com.9641 > 20118084046.host.telemar.net.br.1277: P 1:42(41) ack 1 win 5840
22:21:17.779923 IP 66.68.232.72.reverse.layeredtech.com.9641 > 20118084046.host.telemar.net.br.1276: P 0:41(41) ack 1 win 5840
.......



Now I have all the data but I still can't see what exactyl is wrong ..

Last edited by rsacon; 21st April 2006 at 08:26.
Reply With Quote
  #9  
Old 21st April 2006, 11:31
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,735 Times in 2,571 Posts
Default

Can you ping 10.0.0.2 from 10.0.0.1 and vice versa? Can you ping dom0 from a domU and vice versa?
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #10  
Old 21st April 2006, 13:26
rsacon rsacon is offline
Junior Member
 
Join Date: Apr 2006
Posts: 7
Thanks: 0
Thanked 0 Times in 0 Posts
 
Default

yes, I can ping from one vm to the other and form the vm to the public IP on dom0 and from dom0 to the vm.

It's really strange.
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
tlsmgr webmail problem, suse 9.3 perfect setup dschmid Installation/Configuration 44 2nd April 2006 18:55
Perfect Xen 3.0 setup for Debian gurneyzap HOWTO-Related Questions 4 26th March 2006 11:30
Perfect Setup - Fedora Core 3 - saslauthd problem Median Installation/Configuration 28 29th January 2006 18:51
Debian perfect setup network problem reddogg Installation/Configuration 2 18th January 2006 22:04
Problem on Debian Sarge Perfect Setup daniel_rodriguez HOWTO-Related Questions 4 12th January 2006 14:10


All times are GMT +2. The time now is 18:20.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.