I've got a problem regarding my XEN network setup. First of all, I'll just tell you what doesn't work: the access to a forwarded (natted) port (e.g. port 80 http) of a dom (no matter if dom0 or domU) to the servers external ip address (from "inside") does not work (connection refused). Here's the layout of my xen virtual network:
Code: Select all
one machine with an external ip
| |
| |
eth0 (85.214.xxx.xxx) xenbr0 (bridge 10.0.0.1)
| |
| |
webserver (10.0.0.2) mailserver (10.0.0.3)
To come back to the problem - NAT (masquerading) and port forwarding just works fine. I can connect to the webserver by using http://85.214.xxx.xxx without any problems from HOME. But when I try to connect to http://85.214.xxx.xxx from INSIDE (e.g. from dom0 or the webserver, it doesnt matter), i cannot make a connection (lynx says connection refused). Also a port scan with nmap does not show me the open port 80 from inside (while from outside it does). I messed up with iptables all the time, since I could not figure out why this happens, so I decided just to create a very plain iptables configuration - here is my iptables output:
Code: Select all
# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere PHYSDEV match --physdev-in vif1.0
ACCEPT all -- anywhere anywhere PHYSDEV match --physdev-in vif2.0
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
# iptables -t nat -L
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
DNAT tcp -- anywhere anywhere tcp dpt:http to:10.0.0.2
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
MASQUERADE all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destinationThanks in advance
