XCP Firewall Settings for Second Management Network

posted in Hypervisor
Friday, December 13 2013, 06:07 PM
DMTel
DMTel
Offline
0
Hi

I am quite new to Xen and having a bit of issue. I am sure there will be Wizs out there who can help me on my issue.

I am testing XCP. I was given a public IP address for my server NIC and was given a public IP address range for my VMs. following are the sample network details

Primary IP: 213.xxx.xx.73
Subnet Mask: 255.255.255.192
Default Gateway: 213.xxx.xx.65

Secondary IP: 94.xx.xxx.161
Subnet Mask: 255.255.255.248
Network Address: 94.xx.xxx.160
Broadcast Address: 94.xx.xxx.167

So basically what I have done is,

Step 1:

- I have enabled IPV4 forwarding in /etc/sysctl.conf
- Added the secondary network as a second management network
- Added second management IP: 94.xx.xxx.161 with Default Gateway as 213.xxx.xx.73 (Primary NIC Address)

Result: Ok. With the above config I am able to connect to the host via both the primary and secondary IPs.


Step 2:

- Created a Windows VM using XenCenter
- Set its IP as 94.xx.xxx.162 and Default Gateway as 94.xx.xxx.161

Result: I am able to ping external IP addresses from my VM but I am not able to resolve DNS from the VM also unable to access the VM from outside.


What I have Tried: At this moment the only way I could connect to the VM from outside or get the DNS to work is by disabling the firewall for the Xen Server using lokkit which is indeed not the best solution.

What I want to Achieve: I would really be grateful if anyone out there could help me to reconfigure the firewall so that anything to and from my secondary IP range 94.xx.xxx.162 - 94.xx.xxx.166 is allowed without any filtering. I have attached some screenshot for the network and firewall settings.

Thanks in Advance guys really appreciate your help

Sakib
Responses (2)
  • Accepted Answer

    Tuesday, December 17 2013, 02:38 PM - #permalink
    0
    Since XCP is basically the unbranded version of XenServer, I am going to forward this to some of the XenServer folks for comment.

    If you don't get an answer soon, you might want to ask over at XenServer.org.

    Thanks,

    Russ
    The reply is currently minimized Show
  • Accepted Answer

    DMTel
    DMTel
    Offline
    Tuesday, December 17 2013, 03:56 PM - #permalink
    0
    Hi Russ

    I actually got a solution for this by one of the kind guys in the IRC chat room (##xen) All I had to do was to was to remark the Forward policy (Line: 10) on /etc/sysconfig/iptables

    apparently that will bypass the whole policy for any forwarded IPs which is my case as I don't want the Hypervisor to filter any traffic for my VMs as the VMs will have their own firewalls within the OS.

    Thanks ever so much for coming back though.

    Sakib
    The reply is currently minimized Show
Your Reply