Solved

Can discover but not logon to a iSCSI Enterprise Target in a linux VM and behind a NAT

Posted on 2007-11-27
6
2,246 Views
Last Modified: 2013-11-14
Hello!  This is starting to consume too much time, so may I ask for assistance with:

An iSCSI Enterprise Target (iscsi-target v4.15) is running inside a VMWare guest on CentOS 5.

It is configured and running properly, and via the virtual LAN, I have successfully connected to a drive from the windows host using Microsoft iSCSI Initiator 2.05.

From outside the LAN however, I am able to discover the Target using the public IP, but unable to Logon to the Target, getting a connection failed message.  All firewalls (vm guest, host, and external client) are set to allow TCP and UDP 3260.  VMnet8 has port forwarding setup for the same.

Perhaps I need to open and forward additional ports?

However there is a clue to the problem in the initiator: In the MS iSCSI Initiator I go to Log On -> Advanced -> Target Portal combo box.

It shows Default, so I open the combo box and it lists the Local IP (192.168.x.x / 3260) instead of the Public IP.  This would explain why an initiator cannot connect outside the LAN.

What is my configuration problem?
Does the target need to be corrected to use the public IP when responding to SendTargets?
Does the initiator need to be corrected not the target?
I looked for parameters to fix the IP in ietd.conf but am still unfamiliar with configuration.

To my surprise searching online did not help but my time is also limited so any assistance is very sincerely appreciated!!
The uncommented lines in the ietd.conf are currently:
 

Target iqn.2007-11.com.mydomainname:storage.disk1

Lun 1 Path=/dev/sdb,Type=fileio

Alias iSCSIQ

Open in new window

0
Comment
Question by:mgladkowski
  • 2
6 Comments
 
LVL 1

Expert Comment

by:Cédric MARCOUX
ID: 20364574
Are you sure that your Iscsi target accept connection from public IP?
Perhaps somewhere in the config, a settings define that only local network can connect.

Allowed_host = 192.168.0.0/16 or something else..?
0
 

Author Comment

by:mgladkowski
ID: 20415473
cmarcx:  Thank you - I tried again being as careful as I could but no I could not find anything blocking outside access.  All of the .allow and .deny files are not restricting anything, no further parameters are documented to that effect, firewall disabled during troubleshooting, etc...

Because of limited time I used StarWind iSCSI on the windows host and I'm up and running instantly.

I would still love to host the Target in my virtual CentOS server behind NAT so if anyone comes across this who can help me do so, I would love to give the points, but otherwise I have to set this aside for now due to other workload.
0
 
LVL 1

Accepted Solution

by:
Cédric MARCOUX earned 500 total points
ID: 20440341
Hi,
sorry you don't find a solution however instead of using StarWind that is a pay solution you can use Freenas that is free:

http://www.freenas.org/index.php?lang=en

I have use it for a while and can be a Iscsi target using microsoft initiator driver
http://www.microsoft.com/downloads/details.aspx?FamilyID=12cb3c1a-15d6-4585-b385-befd1319f825&displaylang=en

Good luck
0
 

Expert Comment

by:Marc_Johnson
ID: 23223120
Actually your configs are fine, the issue you are encountering is because of NAT/PAT. When an iSCSI discovery connection is to be used through a port redirector, a target will have to be configured to return a domain name instead of an IP address in a SendTargets response, since the port redirector will not be able to map the IP address(es)  returned in the iSCSI message.

You may want to take a look at RFC 3721 which describes these issues in more detail, please see

http://www.faqs.org/rfcs/rfc3721.html

I'm currently trying to get around this myself and have yet to get it working through NAT/PAT. If you happen to figure it out before me please post how you got it working ;)

SD


0

Featured Post

Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
Nic to NIC 5 46
Vmware 5.5 3 22
Lenovo ThinkServer RAID Drives Not Showing Up: 2 23
Clone VM in Vmware Workstation. 9 10
Will try to explain how to use the VMware feature TAGs in the VMs and create Veeam Backup Jobs using TAGs. Since this article is too long, I will create second article for the Veeam tasks.
HOW TO: Install and Configure VMware vSphere Hypervisor 6.5 (ESXi 6.5), Step by Step Tutorial with screenshots. From Download, Checking Media, to Completed Installation.
This Micro Tutorial will teach you how to reformat your flash drive. Sometimes your flash drive may have issues carrying files so this will completely restore it to manufacturing settings. Make sure to backup all files before reformatting. This w…
Connecting to an Amazon Linux EC2 Instance from Windows Using PuTTY.

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now