Solved

Can discover but not logon to a iSCSI Enterprise Target in a linux VM and behind a NAT

Posted on 2007-11-27
6
2,277 Views
Last Modified: 2013-11-14
Hello!  This is starting to consume too much time, so may I ask for assistance with:

An iSCSI Enterprise Target (iscsi-target v4.15) is running inside a VMWare guest on CentOS 5.

It is configured and running properly, and via the virtual LAN, I have successfully connected to a drive from the windows host using Microsoft iSCSI Initiator 2.05.

From outside the LAN however, I am able to discover the Target using the public IP, but unable to Logon to the Target, getting a connection failed message.  All firewalls (vm guest, host, and external client) are set to allow TCP and UDP 3260.  VMnet8 has port forwarding setup for the same.

Perhaps I need to open and forward additional ports?

However there is a clue to the problem in the initiator: In the MS iSCSI Initiator I go to Log On -> Advanced -> Target Portal combo box.

It shows Default, so I open the combo box and it lists the Local IP (192.168.x.x / 3260) instead of the Public IP.  This would explain why an initiator cannot connect outside the LAN.

What is my configuration problem?
Does the target need to be corrected to use the public IP when responding to SendTargets?
Does the initiator need to be corrected not the target?
I looked for parameters to fix the IP in ietd.conf but am still unfamiliar with configuration.

To my surprise searching online did not help but my time is also limited so any assistance is very sincerely appreciated!!
The uncommented lines in the ietd.conf are currently:
 

Target iqn.2007-11.com.mydomainname:storage.disk1

Lun 1 Path=/dev/sdb,Type=fileio

Alias iSCSIQ

Open in new window

0
Comment
Question by:mgladkowski
  • 2
6 Comments
 
LVL 1

Expert Comment

by:Cédric MARCOUX
ID: 20364574
Are you sure that your Iscsi target accept connection from public IP?
Perhaps somewhere in the config, a settings define that only local network can connect.

Allowed_host = 192.168.0.0/16 or something else..?
0
 

Author Comment

by:mgladkowski
ID: 20415473
cmarcx:  Thank you - I tried again being as careful as I could but no I could not find anything blocking outside access.  All of the .allow and .deny files are not restricting anything, no further parameters are documented to that effect, firewall disabled during troubleshooting, etc...

Because of limited time I used StarWind iSCSI on the windows host and I'm up and running instantly.

I would still love to host the Target in my virtual CentOS server behind NAT so if anyone comes across this who can help me do so, I would love to give the points, but otherwise I have to set this aside for now due to other workload.
0
 
LVL 1

Accepted Solution

by:
Cédric MARCOUX earned 500 total points
ID: 20440341
Hi,
sorry you don't find a solution however instead of using StarWind that is a pay solution you can use Freenas that is free:

http://www.freenas.org/index.php?lang=en

I have use it for a while and can be a Iscsi target using microsoft initiator driver
http://www.microsoft.com/downloads/details.aspx?FamilyID=12cb3c1a-15d6-4585-b385-befd1319f825&displaylang=en

Good luck
0
 

Expert Comment

by:Marc_Johnson
ID: 23223120
Actually your configs are fine, the issue you are encountering is because of NAT/PAT. When an iSCSI discovery connection is to be used through a port redirector, a target will have to be configured to return a domain name instead of an IP address in a SendTargets response, since the port redirector will not be able to map the IP address(es)  returned in the iSCSI message.

You may want to take a look at RFC 3721 which describes these issues in more detail, please see

http://www.faqs.org/rfcs/rfc3721.html

I'm currently trying to get around this myself and have yet to get it working through NAT/PAT. If you happen to figure it out before me please post how you got it working ;)

SD


0

Featured Post

Backup Your Microsoft Windows Server®

Backup all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Finding original email is quite difficult due to their duplicates. From this article, you will come to know why multiple duplicates of same emails appear and how to delete duplicate emails from Outlook securely and instantly while vital emails remai…
This article aims to explain the working of CircularLogArchiver. This tool was designed to solve the buildup of log file in cases where systems do not support circular logging or where circular logging is not enabled
Teach the user how to use create log bundles for vCenter Server or ESXi hosts Open vSphere Web Client: Generate vCenter Server and ESXi host log bundle:  Open vCenter Server Appliance Web Management interface and generate log bundle: Open vCenter Se…
Advanced tutorial on how to run the esxtop command to capture a batch file in csv format in order to export the file and use it for performance analysis. He demonstrates how to download the file using a vSphere web client (or vSphere client) and exp…

895 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now