The Perfect Xen 3.1.0 Setup For Debian Etch

I have successfully installed xen using the HowTo at http://www.howtoforge.com/debian_etch_xen_3.1. I chose to finish the final page, which was optional, with the hope of "Creat(ing) A Virtual Local Network From The Virtual Machines". This required me to change the gateway, netmask, and IP address of the instances.

My original goal was to create a virtual local network with the xen server acting as the router and name server:

• http://www.domain.com (domain) -> web server (port 80) (xen instance)
• http://trac.domain.com (domain) -> svn/trac server (port 80) (xen instance)

The tutorial discusses how to use iptables to achieve port forwarding but this limits me to having one server (instance) per port. Many of my servers have there own web interface (trac, mysql, etc) which means I must somehow create a name server that provides the desired functionality (shown above). Any suggestions?

 

You can try to use routing in Xen instead of NAT.

 

I am now having difficulties with the iptables discussed on the last page of the tutorial. What I need to do is forward all requests on port 3306 to my sql server. Right now this is what I have in /etc/network/if-up.d/iptables

Code:

#!/bin/sh

### Port Forwarding ###
iptables -A PREROUTING -t nat -p tcp -i eth0 --dport 3306 -j DNAT --to 10.0.0.2:3306

Even with these settings I am not able to connect to my sql server with a client. Here is the output of iptables -L:

Code:

Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     0    --  api.scratchco.com    anywhere            PHYSDEV match --physdev-in vif1.0 
ACCEPT     udp  --  anywhere             anywhere            PHYSDEV match --physdev-in vif1.0 udp spt:bootpc dpt:bootps 
ACCEPT     0    --  svn.scratchco.com    anywhere            PHYSDEV match --physdev-in vif2.0 
ACCEPT     udp  --  anywhere             anywhere            PHYSDEV match --physdev-in vif2.0 udp spt:bootpc dpt:bootps 
ACCEPT     0    --  mysql.scratchco.com  anywhere            PHYSDEV match --physdev-in vif4.0 
ACCEPT     udp  --  anywhere             anywhere            PHYSDEV match --physdev-in vif4.0 udp spt:bootpc dpt:bootps 
ACCEPT     0    --  hudson.scratchco.com  anywhere            PHYSDEV match --physdev-in vif5.0 
ACCEPT     udp  --  anywhere             anywhere            PHYSDEV match --physdev-in vif5.0 udp spt:bootpc dpt:bootps 

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination    

Any suggestions?

 

Did you run

Code:

iptables -A PREROUTING -t nat -p tcp -i eth0 --dport 3306 -j DNAT --to 10.0.0.2:3306

on the shell as well?