0

Can't get my vm's guest out connection..!

Premised: I alreay use xenserver on a test server dellt310 with two ethernet card that works perfectly, but now... ->

I have an hetzner dedicated server with only one ethernet card and two public ip's in the same subnet.

The first one is assigned to the management interface, the second ip will be assigned to a virtual machine that run Endian firewall that act as router and allow connection to other vm's from a private isolated network with a web proxy, nginx vps, apache2 vps and mysql vps, using as gateway the private ip of the endian firewall and the public ip of the endian router as bridge..

1) I have setup the xenserver host allowing ip forwarding.

2) I have assigned the second hetzner public ip using xencenter with the gateway of the xen host (not the subnet ip gateway). I can see with the "ifconfig" on the xen host that the first one is assigned to the xenbr0 interface and the second is assigned to the xapi0 device.

3) I have created a virtual MAC address in the hetzner control pannel and I have assigned it to the virtual ethernet (the xapi0 device) as "wan" ethernet of the endian firewall, and created a new virtual private network where endian will give connection to other virtual machines.

4) I have setup endian firewall using as public interface (wan) the second public ip that hetzner give me, with as gateway, the xen host ip (the first public ip) but it can't ping the xen host ip and any other outside network ip.. like the gateway of the subnet, and external ip like 8.8.8.8 etc.. All vm's in the endian private network see each other without problems, and can ping the second public ip assigned to the wan of the endian firewall.

4.1) Not solving, I have tried to setup as gateway instead of the xen host ip, the default hetzner gateway ip , but doesn't works...

5) added ip route like: ip route add xxx.xxx.xxx.xxx dev xapi0 - (first ip of the xen host) to allow route of the xapi0 device trought the xenbr0 gateway... but doesn't works!!!

Another test....(hungry!) using directly the dom0 ethernet device. I have created a virtual xenbr0:1 device assigning it the second public ip, therefore create a ip route of the xenbr0:1 to the xenbr0, and with a new debian vps assigned it to the second public ip, using the dom0 ip as gateway...and doesn't works! therefore changed the gateway to the default gateway of the subnet ...and doesn't works!!!

I'm running the "same" vm's configuration with a dell t310 server but with two ethernet device where the second one is assigned directly to the endian firewall wan and all is working perfectly... ( i need to transfer this vm's to the hetzner server)

Where I'm wrong?! Please help!!

user205124
  • 1
  • 3
  • beginning to think that the firmware of the network card is bad.. – user205124 Mar 31 '15 at 12:24
  • Do I good understand: do you have plan to configure your firewall as NAT? If yes, tcp_forwarding and adding default route is not enough, you shoud also modify IP using iptables: http://www.revsys.com/writings/quicktips/nat.html But of course - first, you need to be able ping from firewall both private and public network. – Jack Jun 10 '15 at 23:16

0 Answers0