Xen 		  
Home About Xen.org Xen Xen Summit Wiki Mailing List Bug Tracker Xen Downloads
 
   
 

xen-users

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Xen-users] networking nat strange behaviuor

from [Igor Chubin] [Permanent Link][Original]
To: "zava.zava@xxxxxxxxx" <zava.zava@xxxxxxxxx>
Subject: Re: [Xen-users] networking nat strange behaviuor
From: Igor Chubin <igor@xxxxxxx>
Date: Tue, 25 Dec 2007 17:55:07 +0200
Cc: xen-users <xen-users@xxxxxxxxxxxxxxxxxxx>
Delivery-date: Tue, 25 Dec 2007 07:54:11 -0800
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
In-reply-to: <JTIHIR$F39106DA707E4B76EEAF2343852F452A@xxxxxxxxx>
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
References: <JTIHIR$F39106DA707E4B76EEAF2343852F452A@xxxxxxxxx>
Reply-to: Igor Chubin <igor@xxxxxxx>
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: Mutt/1.5.16 (2007-06-11) 
On So, Dez 23, 2007 at 05:52:03 +0100, zava.zava@xxxxxxxxx wrote:
> I use debian etch amd64 and xen from the debian repositories;
> I have created 2 paravirtualized server, (always debian amd64), a web server 
> and a mail server.
> 
> The dom0 is attached to internet through  an ethernet modem (ppp0), with a 
> dynamic ip.
> 
> I use, in dom0,
> 
> (network-script network-nat)
> (vif-script     vif-nat
> 
> 1.0.0.0.1 = web server domU (gateway 10.0.0.254)
> 1.0.0.0.2 = mail server domU (gateway 10.0.0.254)
> 
> In the dom0 firewall i have these relevant rules:
> 
> Input, output and forward all on accept;
> 
> echo 1 >> /proc/sys/net/ipv4/ip_forward
> 
> iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
> 
> iptables -A PREROUTING -t nat -p tcp -i ppp0 --dport 25 -j DNAT --to 
> 10.0.0.2:25
> 
> iptables -A PREROUTING -t nat -p tcp -i ppp0 --dport 465 -j DNAT --to 
> 10.0.0.2:465
> 
> iptables -A PREROUTING -t nat -p tcp -i ppp0 --dport 143 -j DNAT --to 
> 10.0.0.2:143
> 
> iptables -A PREROUTING -t nat -p tcp -i ppp0 --dport 993 -j DNAT --to 
> 10.0.0.2:993
> 
> iptables -t nat -A PREROUTING -p tcp -i ppp0 --dport 80 -j DNAT --to 
> 10.0.0.1:80
> 
> Result: the web server can be contacted from outside, works perfectly
> The mail server can't be contacted form outside;
> 
> What's wrong?

Don't you want to specify -t nat for the mail server rules too?

> 
> Thanks.
> 
> 
> 
> _______________________________________________
> Xen-users mailing list
> Xen-users@xxxxxxxxxxxxxxxxxxx
> http://lists.xensource.com/xen-users

-- 
WBR, i.m.chubin


_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Xen-users] changes from fedora fc7 to fc8, jim burns
Next by Date:  Re: [Xen-users] networking nat strange behaviuor, Igor Chubin
Previous by Thread:  [Xen-users] networking nat strange behaviuor, zava\.zava\@libero\.it
Next by Thread:  Re: [Xen-users] networking nat strange behaviuor, Igor Chubin
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , XenSource, Inc. All rights reserved. Note: the xen.org trademark policy
is changing. For information please email legalxen.org, Legal and Privacy