WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-devel

[Xen-devel] Re: Qestion about the Xen network?

To: Paolo Bonzini <pbonzini@xxxxxxxxxx>
Subject: [Xen-devel] Re: Qestion about the Xen network?
From: Bei Guan <gbtju85@xxxxxxxxx>
Date: Sat, 23 Oct 2010 23:27:12 +0800
Cc: Samuel Thibault <samuel.thibault@xxxxxxxxxxxx>, Xen Devel <xen-devel@xxxxxxxxxxxxxxxxxxx>
Delivery-date: Sat, 23 Oct 2010 08:27:57 -0700
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:received:in-reply-to :references:date:message-id:subject:from:to:cc:content-type; bh=0Pqx62fJ+HH/26UYwvVm7wPenxROUosvF7y16pbkCec=; b=RFrF4drk3DaTsrX0X+qmBBKoldf7uVenioGGjpITLMp09Xd5dpv+tgvDx3iB98BWSP N0iF3XZdNpN6unMr9H7qRIZsNEQ0xHfBmYbrqpHq3PI6PUmDyT643hXLDL7B12FhEmxP 7WHRU8ai9glntFESAnzAYBwS6kUJEcmOS/kuc=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; b=GHmXRKQIqMSMjv+KopLw4hEb2U2BESBgO0PQ1F0GZOfdyjL1i0KIxZMp7yVtRo0vZ2 TDkrEOpEN7Kdtmm9bc7GV3lBAFqDhAL8NiyNmWdGStMcKLZtlNCm2cyXWjmMRA5QC/Bi oykIvKNH44zVx9jKbc6ilfZ4ICO/Yw/2Hccl4=
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <4CC20F8B.2080109@xxxxxxxxxx>
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
References: <AANLkTikju8iBPZ+RTNOnCsOfpCvQwcxi3c0+pHFb_6+F@xxxxxxxxxxxxxx> <AANLkTinasTvF_+fOmomuyEJ10c6RpD_dRKoBbxwEHKji@xxxxxxxxxxxxxx> <20101022150437.GF5227@xxxxxxxxxxxxxxxxxxxxxxx> <AANLkTin63QQ68jkZ9B1W-VZizOHt=hKbBUMmxLiHkWO7@xxxxxxxxxxxxxx> <AANLkTimaqsxJU26MMLTshVVCrRWZ2ZmNkL68NQS1u1gH@xxxxxxxxxxxxxx> <4CC20F8B.2080109@xxxxxxxxxx>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx


2010/10/23 Paolo Bonzini <pbonzini@xxxxxxxxxx>
On 10/22/2010 05:50 PM, Bei Guan wrote:
My Dom0 (fedora 8) iptables /etc/sysconfig/iptables

This is only half of your configuration.  Libvirt is creating virbr0 and adding iptables rules to connect it to the outside world via NAT (the 192.168.122.x subnet).  iptables -L can show those rules.

Sorry, my Dom0 (fedora 8) iptables configuration is as following.

[root@localhost ~]# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination        
ACCEPT     udp  --  anywhere             anywhere            udp dpt:domain
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:domain
ACCEPT     udp  --  anywhere             anywhere            udp dpt:bootps
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:bootps
RH-Firewall-1-INPUT  all  --  anywhere             anywhere           

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination        
ACCEPT     all  --  anywhere             localhost/24        state RELATED,ESTABLISHED
ACCEPT     all  --  localhost/24         anywhere           
ACCEPT     all  --  anywhere             anywhere           
REJECT     all  --  anywhere             anywhere            reject-with icmp-port-unreachable
REJECT     all  --  anywhere             anywhere            reject-with icmp-port-unreachable
REJECT     all  --  anywhere             anywhere            reject-with icmp-host-prohibited

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination        

Chain RH-Firewall-1-INPUT (1 references)
target     prot opt source               destination        
ACCEPT     all  --  anywhere             anywhere           
ACCEPT     icmp --  anywhere             anywhere            icmp any
ACCEPT     esp  --  anywhere             anywhere           
ACCEPT     ah   --  anywhere             anywhere           
ACCEPT     udp  --  anywhere             224.0.0.251         udp dpt:mdns
ACCEPT     udp  --  anywhere             anywhere            udp dpt:ipp
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:ipp
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:ftp
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:nfs
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:ssh
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:telnet
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:http
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:https
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:smtp
REJECT     all  --  anywhere             anywhere            reject-with icmp-host-prohibited

 

Paolo

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel