Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Can discover but not logon to a iSCSI Enterprise Target in a linux VM and behind a NAT

Posted on 2007-11-27
6
Medium Priority
?
2,412 Views
Last Modified: 2013-11-14
Hello!  This is starting to consume too much time, so may I ask for assistance with:

An iSCSI Enterprise Target (iscsi-target v4.15) is running inside a VMWare guest on CentOS 5.

It is configured and running properly, and via the virtual LAN, I have successfully connected to a drive from the windows host using Microsoft iSCSI Initiator 2.05.

From outside the LAN however, I am able to discover the Target using the public IP, but unable to Logon to the Target, getting a connection failed message.  All firewalls (vm guest, host, and external client) are set to allow TCP and UDP 3260.  VMnet8 has port forwarding setup for the same.

Perhaps I need to open and forward additional ports?

However there is a clue to the problem in the initiator: In the MS iSCSI Initiator I go to Log On -> Advanced -> Target Portal combo box.

It shows Default, so I open the combo box and it lists the Local IP (192.168.x.x / 3260) instead of the Public IP.  This would explain why an initiator cannot connect outside the LAN.

What is my configuration problem?
Does the target need to be corrected to use the public IP when responding to SendTargets?
Does the initiator need to be corrected not the target?
I looked for parameters to fix the IP in ietd.conf but am still unfamiliar with configuration.

To my surprise searching online did not help but my time is also limited so any assistance is very sincerely appreciated!!
The uncommented lines in the ietd.conf are currently:
 
Target iqn.2007-11.com.mydomainname:storage.disk1
Lun 1 Path=/dev/sdb,Type=fileio
Alias iSCSIQ

Open in new window

0
Comment
Question by:mgladkowski
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
6 Comments
 
LVL 1

Expert Comment

by:Cédric MARCOUX
ID: 20364574
Are you sure that your Iscsi target accept connection from public IP?
Perhaps somewhere in the config, a settings define that only local network can connect.

Allowed_host = 192.168.0.0/16 or something else..?
0
 

Author Comment

by:mgladkowski
ID: 20415473
cmarcx:  Thank you - I tried again being as careful as I could but no I could not find anything blocking outside access.  All of the .allow and .deny files are not restricting anything, no further parameters are documented to that effect, firewall disabled during troubleshooting, etc...

Because of limited time I used StarWind iSCSI on the windows host and I'm up and running instantly.

I would still love to host the Target in my virtual CentOS server behind NAT so if anyone comes across this who can help me do so, I would love to give the points, but otherwise I have to set this aside for now due to other workload.
0
 
LVL 1

Accepted Solution

by:
Cédric MARCOUX earned 2000 total points
ID: 20440341
Hi,
sorry you don't find a solution however instead of using StarWind that is a pay solution you can use Freenas that is free:

http://www.freenas.org/index.php?lang=en

I have use it for a while and can be a Iscsi target using microsoft initiator driver
http://www.microsoft.com/downloads/details.aspx?FamilyID=12cb3c1a-15d6-4585-b385-befd1319f825&displaylang=en

Good luck
0
 

Expert Comment

by:Marc_Johnson
ID: 23223120
Actually your configs are fine, the issue you are encountering is because of NAT/PAT. When an iSCSI discovery connection is to be used through a port redirector, a target will have to be configured to return a domain name instead of an IP address in a SendTargets response, since the port redirector will not be able to map the IP address(es)  returned in the iSCSI message.

You may want to take a look at RFC 3721 which describes these issues in more detail, please see

http://www.faqs.org/rfcs/rfc3721.html

I'm currently trying to get around this myself and have yet to get it working through NAT/PAT. If you happen to figure it out before me please post how you got it working ;)

SD


0

Featured Post

Cloud Training Guides

FREE GUIDES: In-depth and hand-crafted Linux, AWS, OpenStack, DevOps, Azure, and Cloud training guides created by Linux Academy instructors and the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Concerto Cloud Services, a provider of fully managed private, public and hybrid cloud solutions, announced today it was named to the 20 Coolest Cloud Infrastructure Vendors Of The 2017 Cloud  (http://www.concertocloud.com/about/in-the-news/2017/02/0…
Google Drive is extremely cheap offsite storage, and it's even possible to get extra storage for free for two years.  You can use the free account 15GB, and if you have an Android device..when you install Google Drive for the first time it will give…
Teach the user how to install and configure the vCenter Orchestrator virtual appliance Open vSphere Web Client: Deploy vCenter Orchestrator virtual appliance OVA file: Verify vCenter Orchestrator virtual appliance boots successfully: Connect to the …
This tutorial will walk an individual through the process of installing the necessary services and then configuring a Windows Server 2012 system as an iSCSI target. To install the necessary roles, go to Server Manager, and select Add Roles and Featu…

715 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question