Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Can discover but not logon to a iSCSI Enterprise Target in a linux VM and behind a NAT

Posted on 2007-11-27
6
2,306 Views
Last Modified: 2013-11-14
Hello!  This is starting to consume too much time, so may I ask for assistance with:

An iSCSI Enterprise Target (iscsi-target v4.15) is running inside a VMWare guest on CentOS 5.

It is configured and running properly, and via the virtual LAN, I have successfully connected to a drive from the windows host using Microsoft iSCSI Initiator 2.05.

From outside the LAN however, I am able to discover the Target using the public IP, but unable to Logon to the Target, getting a connection failed message.  All firewalls (vm guest, host, and external client) are set to allow TCP and UDP 3260.  VMnet8 has port forwarding setup for the same.

Perhaps I need to open and forward additional ports?

However there is a clue to the problem in the initiator: In the MS iSCSI Initiator I go to Log On -> Advanced -> Target Portal combo box.

It shows Default, so I open the combo box and it lists the Local IP (192.168.x.x / 3260) instead of the Public IP.  This would explain why an initiator cannot connect outside the LAN.

What is my configuration problem?
Does the target need to be corrected to use the public IP when responding to SendTargets?
Does the initiator need to be corrected not the target?
I looked for parameters to fix the IP in ietd.conf but am still unfamiliar with configuration.

To my surprise searching online did not help but my time is also limited so any assistance is very sincerely appreciated!!
The uncommented lines in the ietd.conf are currently:
 
Target iqn.2007-11.com.mydomainname:storage.disk1
Lun 1 Path=/dev/sdb,Type=fileio
Alias iSCSIQ

Open in new window

0
Comment
Question by:mgladkowski
  • 2
6 Comments
 
LVL 1

Expert Comment

by:Cédric MARCOUX
ID: 20364574
Are you sure that your Iscsi target accept connection from public IP?
Perhaps somewhere in the config, a settings define that only local network can connect.

Allowed_host = 192.168.0.0/16 or something else..?
0
 

Author Comment

by:mgladkowski
ID: 20415473
cmarcx:  Thank you - I tried again being as careful as I could but no I could not find anything blocking outside access.  All of the .allow and .deny files are not restricting anything, no further parameters are documented to that effect, firewall disabled during troubleshooting, etc...

Because of limited time I used StarWind iSCSI on the windows host and I'm up and running instantly.

I would still love to host the Target in my virtual CentOS server behind NAT so if anyone comes across this who can help me do so, I would love to give the points, but otherwise I have to set this aside for now due to other workload.
0
 
LVL 1

Accepted Solution

by:
Cédric MARCOUX earned 500 total points
ID: 20440341
Hi,
sorry you don't find a solution however instead of using StarWind that is a pay solution you can use Freenas that is free:

http://www.freenas.org/index.php?lang=en

I have use it for a while and can be a Iscsi target using microsoft initiator driver
http://www.microsoft.com/downloads/details.aspx?FamilyID=12cb3c1a-15d6-4585-b385-befd1319f825&displaylang=en

Good luck
0
 

Expert Comment

by:Marc_Johnson
ID: 23223120
Actually your configs are fine, the issue you are encountering is because of NAT/PAT. When an iSCSI discovery connection is to be used through a port redirector, a target will have to be configured to return a domain name instead of an IP address in a SendTargets response, since the port redirector will not be able to map the IP address(es)  returned in the iSCSI message.

You may want to take a look at RFC 3721 which describes these issues in more detail, please see

http://www.faqs.org/rfcs/rfc3721.html

I'm currently trying to get around this myself and have yet to get it working through NAT/PAT. If you happen to figure it out before me please post how you got it working ;)

SD


0

Featured Post

Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Google Drive is extremely cheap offsite storage, and it's even possible to get extra storage for free for two years.  You can use the free account 15GB, and if you have an Android device..when you install Google Drive for the first time it will give…
Many businesses neglect disaster recovery and treat it as an after-thought. I can tell you first hand that data will be lost, hard drives die, servers will be hacked, and careless (or malicious) employees can ruin your data.
Teach the user how to edit .vmx files to add advanced configuration options Open vSphere Web Client: Edit Settings for a VM: Choose VM Options -> Advanced: Add Configuration Parameters:
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question