Xen Project Q&A Forum: First Line Help for Simple Questions
This is your chance to ask questions and provide answers about basic use of the Xen Project software. For debugging problems and for more complex issues, consider using the xen-users mailing list instead. You can find information about xen-users under "HELP | Mailing Lists" in the navigation bar above.
I am quite new to Xen and having a bit of issue. I am sure there will be Wizs out there who can help me on my issue.
I am testing XCP. I was given a public IP address for my server NIC and was given a public IP address range for my VMs. following are the sample network details
Primary IP: 213.xxx.xx.73
Subnet Mask: 255.255.255.192
Default Gateway: 213.xxx.xx.65
Secondary IP: 94.xx.xxx.161
Subnet Mask: 255.255.255.248
Network Address: 94.xx.xxx.160
Broadcast Address: 94.xx.xxx.167
So basically what I have done is,
- I have enabled IPV4 forwarding in /etc/sysctl.conf
- Added the secondary network as a second management network
- Added second management IP: 94.xx.xxx.161 with Default Gateway as 213.xxx.xx.73 (Primary NIC Address)
Result: Ok. With the above config I am able to connect to the host via both the primary and secondary IPs.
- Created a Windows VM using XenCenter
- Set its IP as 94.xx.xxx.162 and Default Gateway as 94.xx.xxx.161
Result: I am able to ping external IP addresses from my VM but I am not able to resolve DNS from the VM also unable to access the VM from outside.
What I have Tried: At this moment the only way I could connect to the VM from outside or get the DNS to work is by disabling the firewall for the Xen Server using lokkit which is indeed not the best solution.
What I want to Achieve: I would really be grateful if anyone out there could help me to reconfigure the firewall so that anything to and from my secondary IP range 94.xx.xxx.162 - 94.xx.xxx.166 is allowed without any filtering. I have attached some screenshot for the network and firewall settings.
Thanks in Advance guys really appreciate your help
Accepted AnswerRussell PavlicekOnline
Accepted AnswerDMTelOffline0Hi Russ
I actually got a solution for this by one of the kind guys in the IRC chat room (##xen) All I had to do was to was to remark the Forward policy (Line: 10) on /etc/sysconfig/iptables
apparently that will bypass the whole policy for any forwarded IPs which is my case as I don't want the Hypervisor to filter any traffic for my VMs as the VMs will have their own firewalls within the OS.
Thanks ever so much for coming back though.