Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Can discover but not logon to a iSCSI Enterprise Target in a linux VM and behind a NAT

Posted on 2007-11-27
6
Medium Priority
?
2,515 Views
Last Modified: 2013-11-14
Hello!  This is starting to consume too much time, so may I ask for assistance with:

An iSCSI Enterprise Target (iscsi-target v4.15) is running inside a VMWare guest on CentOS 5.

It is configured and running properly, and via the virtual LAN, I have successfully connected to a drive from the windows host using Microsoft iSCSI Initiator 2.05.

From outside the LAN however, I am able to discover the Target using the public IP, but unable to Logon to the Target, getting a connection failed message.  All firewalls (vm guest, host, and external client) are set to allow TCP and UDP 3260.  VMnet8 has port forwarding setup for the same.

Perhaps I need to open and forward additional ports?

However there is a clue to the problem in the initiator: In the MS iSCSI Initiator I go to Log On -> Advanced -> Target Portal combo box.

It shows Default, so I open the combo box and it lists the Local IP (192.168.x.x / 3260) instead of the Public IP.  This would explain why an initiator cannot connect outside the LAN.

What is my configuration problem?
Does the target need to be corrected to use the public IP when responding to SendTargets?
Does the initiator need to be corrected not the target?
I looked for parameters to fix the IP in ietd.conf but am still unfamiliar with configuration.

To my surprise searching online did not help but my time is also limited so any assistance is very sincerely appreciated!!
The uncommented lines in the ietd.conf are currently:
 
Target iqn.2007-11.com.mydomainname:storage.disk1
Lun 1 Path=/dev/sdb,Type=fileio
Alias iSCSIQ

Open in new window

0
Comment
Question by:mgladkowski
  • 2
4 Comments
 
LVL 1

Expert Comment

by:Cédric MARCOUX
ID: 20364574
Are you sure that your Iscsi target accept connection from public IP?
Perhaps somewhere in the config, a settings define that only local network can connect.

Allowed_host = 192.168.0.0/16 or something else..?
0
 

Author Comment

by:mgladkowski
ID: 20415473
cmarcx:  Thank you - I tried again being as careful as I could but no I could not find anything blocking outside access.  All of the .allow and .deny files are not restricting anything, no further parameters are documented to that effect, firewall disabled during troubleshooting, etc...

Because of limited time I used StarWind iSCSI on the windows host and I'm up and running instantly.

I would still love to host the Target in my virtual CentOS server behind NAT so if anyone comes across this who can help me do so, I would love to give the points, but otherwise I have to set this aside for now due to other workload.
0
 
LVL 1

Accepted Solution

by:
Cédric MARCOUX earned 2000 total points
ID: 20440341
Hi,
sorry you don't find a solution however instead of using StarWind that is a pay solution you can use Freenas that is free:

http://www.freenas.org/index.php?lang=en

I have use it for a while and can be a Iscsi target using microsoft initiator driver
http://www.microsoft.com/downloads/details.aspx?FamilyID=12cb3c1a-15d6-4585-b385-befd1319f825&displaylang=en

Good luck
0
 

Expert Comment

by:Marc_Johnson
ID: 23223120
Actually your configs are fine, the issue you are encountering is because of NAT/PAT. When an iSCSI discovery connection is to be used through a port redirector, a target will have to be configured to return a domain name instead of an IP address in a SendTargets response, since the port redirector will not be able to map the IP address(es)  returned in the iSCSI message.

You may want to take a look at RFC 3721 which describes these issues in more detail, please see

http://www.faqs.org/rfcs/rfc3721.html

I'm currently trying to get around this myself and have yet to get it working through NAT/PAT. If you happen to figure it out before me please post how you got it working ;)

SD


0

Featured Post

[Webinar On Demand] Database Backup and Recovery

Does your company store data on premises, off site, in the cloud, or a combination of these? If you answered “yes”, you need a data backup recovery plan that fits each and every platform. Watch now as as Percona teaches us how to build agile data backup recovery plan.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Ransomware is a malware that is again in the list of security  concerns. Not only for companies, but also for Government security and  even at personal use. IT departments should be aware and have the right  knowledge to how to fight it.
It’s time for spooky stories and consuming way too much sugar, including the many treats we’ve whipped for you in the world of tech. Check it out!
Teach the user how to install log collectors and how to configure ESXi 5.5 for remote logging Open console session and mount vCenter Server installer: Install vSphere Core Dump Collector: Install vSphere Syslog Collector: Open vSphere Client: Config…
Teach the user how to use vSphere Update Manager to update the VMware Tools and virtual machine hardware version Open vSphere Client: Review manual processes for updating VMware Tools and virtual hardware versions: Create a new baseline group in vSp…
Suggested Courses

564 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question