WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-users

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Xen-users] Xen and routing

from [Eric E] [Permanent Link][Original]
To: James Bulpin <james@xxxxxxxxxxxxx>
Subject: Re: [Xen-users] Xen and routing
From: Eric E <whalesuit@xxxxxxxxxx>
Date: Wed, 18 May 2005 15:52:42 -0400
Cc: xen-users@xxxxxxxxxxxxxxxxxxx
Delivery-date: Wed, 18 May 2005 19:52:11 +0000
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <1116429325.19604.679.camel@xxxxxxxxxxxxxxxxx>
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
References: <428A6B6B.6050203@xxxxxxxxxx> <1116407721.19604.267.camel@xxxxxxxxxxxxxxxxx> <428B5A2C.9060305@xxxxxxxxxx> <1116429325.19604.679.camel@xxxxxxxxxxxxxxxxx>
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: Mozilla Thunderbird 1.0.2 (Windows/20050317) 
Hi James,
Sorry - for some reason I missed this message until now... I've reconfigured eth0 in dom1 without specifying a hardware module. It comes up, but still no access into or out of the network... 

TIA,

Eric

Dom0:

dom0:/# iptables -n -v -L
Chain INPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination 14613 1342K ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0 5344 352K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 0 0 input_ext all -- eth0 * 0.0.0.0/0 0.0.0.0/0 588 119K input_ext all -- xen-br0 * 0.0.0.0/0 0.0.0.0/0 0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 5 LOG flags 6 level 4 prefix `SFW2-IN-ILL-TARGET ' 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 

Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination 0 0 TCPMSS tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x06/0x02 TCPMSS clamp to PMTU 0 0 TCPMSS tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x06/0x02 TCPMSS clamp to PMTU 0 0 forward_ext all -- eth0 * 0.0.0.0/0 0.0.0.0/0 596 115K forward_ext all -- xen-br0 * 0.0.0.0/0 0.0.0.0/0 0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 5 LOG flags 6 level 4 prefix `SFW2-FWD-ILL-ROUTING ' 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 

Chain OUTPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination 14613 1342K ACCEPT all -- * lo 0.0.0.0/0 0.0.0.0/0 0 0 LOG icmp -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 5 icmp type 11 LOG flags 6 level 4 prefix `SFW2-OUT-TRACERT-ATTEMPT ' 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 11 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 3 code 3 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 3 code 4 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 3 code 9 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 3 code 10 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 3 code 13 0 0 DROP icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 3 6973 1382K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state NEW,RELATED,ESTABLISHED 0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 5 LOG flags 6 level 4 prefix `SFW2-OUT-ERROR ' 

Chain forward_dmz (0 references)
pkts bytes target prot opt in out source destination 0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 5 state INVALID LOG flags 6 level 4 prefix `SFW2-FWDdmz-DROP-DEFLT-INV ' 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 state INVALID 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED icmp type 3 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED icmp type 0 0 0 ACCEPT all -- * eth0 0.0.0.0/0 0.0.0.0/0 state NEW,RELATED,ESTABLISHED 0 0 ACCEPT all -- eth0 * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 0 0 ACCEPT all -- * xen-br0 0.0.0.0/0 0.0.0.0/0 state NEW,RELATED,ESTABLISHED 0 0 ACCEPT all -- xen-br0 * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 0 0 LOG tcp -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 5 tcp flags:0x16/0x02 LOG flags 6 level 4 prefix `SFW2-FWDdmz-DROP-DEFLT ' 0 0 LOG icmp -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 5 icmp type 4 LOG flags 6 level 4 prefix `SFW2-FWDdmz-DROP-ICMP-CRIT ' 0 0 LOG icmp -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 5 icmp type 5 LOG flags 6 level 4 prefix `SFW2-FWDdmz-DROP-ICMP-CRIT ' 0 0 LOG icmp -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 5 icmp type 8 LOG flags 6 level 4 prefix `SFW2-FWDdmz-DROP-ICMP-CRIT ' 0 0 LOG icmp -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 5 icmp type 13 LOG flags 6 level 4 prefix `SFW2-FWDdmz-DROP-ICMP-CRIT ' 0 0 LOG icmp -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 5 icmp type 17 LOG flags 6 level 4 prefix `SFW2-FWDdmz-DROP-ICMP-CRIT ' 0 0 LOG icmp -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 5 icmp type 2 LOG flags 6 level 4 prefix `SFW2-FWDdmz-DROP-ICMP-CRIT ' 0 0 LOG udp -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 5 LOG flags 6 level 4 prefix `SFW2-FWDdmz-DROP-DEFLT ' 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 

Chain forward_ext (2 references)
pkts bytes target prot opt in out source destination 0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 5 state INVALID LOG flags 6 level 4 prefix `SFW2-FWDext-DROP-DEFLT-INV ' 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 state INVALID 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED icmp type 3 4 336 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED icmp type 0 0 0 ACCEPT all -- * eth0 0.0.0.0/0 0.0.0.0/0 state NEW,RELATED,ESTABLISHED 0 0 ACCEPT all -- eth0 * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 592 115K ACCEPT all -- * xen-br0 0.0.0.0/0 0.0.0.0/0 state NEW,RELATED,ESTABLISHED 0 0 ACCEPT all -- xen-br0 * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 0 0 LOG tcp -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 5 tcp flags:0x16/0x02 LOG flags 6 level 4 prefix `SFW2-FWDext-DROP-DEFLT ' 0 0 LOG icmp -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 5 icmp type 4 LOG flags 6 level 4 prefix `SFW2-FWDext-DROP-ICMP-CRIT ' 0 0 LOG icmp -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 5 icmp type 5 LOG flags 6 level 4 prefix `SFW2-FWDext-DROP-ICMP-CRIT ' 0 0 LOG icmp -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 5 icmp type 8 LOG flags 6 level 4 prefix `SFW2-FWDext-DROP-ICMP-CRIT ' 0 0 LOG icmp -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 5 icmp type 13 LOG flags 6 level 4 prefix `SFW2-FWDext-DROP-ICMP-CRIT ' 0 0 LOG icmp -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 5 icmp type 17 LOG flags 6 level 4 prefix `SFW2-FWDext-DROP-ICMP-CRIT ' 0 0 LOG icmp -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 5 icmp type 2 LOG flags 6 level 4 prefix `SFW2-FWDext-DROP-ICMP-CRIT ' 0 0 LOG udp -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 5 LOG flags 6 level 4 prefix `SFW2-FWDext-DROP-DEFLT ' 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 

Chain forward_int (0 references)
pkts bytes target prot opt in out source destination 0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 5 state INVALID LOG flags 6 level 4 prefix `SFW2-FWDint-DROP-DEFLT-INV ' 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 state INVALID 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED icmp type 3 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED icmp type 0 0 0 ACCEPT all -- * eth0 0.0.0.0/0 0.0.0.0/0 state NEW,RELATED,ESTABLISHED 0 0 ACCEPT all -- eth0 * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 0 0 ACCEPT all -- * xen-br0 0.0.0.0/0 0.0.0.0/0 state NEW,RELATED,ESTABLISHED 0 0 ACCEPT all -- xen-br0 * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 0 0 LOG tcp -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 5 tcp flags:0x16/0x02 LOG flags 6 level 4 prefix `SFW2-FWDint-DROP-DEFLT ' 0 0 LOG icmp -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 5 icmp type 4 LOG flags 6 level 4 prefix `SFW2-FWDint-DROP-ICMP-CRIT ' 0 0 LOG icmp -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 5 icmp type 5 LOG flags 6 level 4 prefix `SFW2-FWDint-DROP-ICMP-CRIT ' 0 0 LOG icmp -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 5 icmp type 8 LOG flags 6 level 4 prefix `SFW2-FWDint-DROP-ICMP-CRIT ' 0 0 LOG icmp -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 5 icmp type 13 LOG flags 6 level 4 prefix `SFW2-FWDint-DROP-ICMP-CRIT ' 0 0 LOG icmp -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 5 icmp type 17 LOG flags 6 level 4 prefix `SFW2-FWDint-DROP-ICMP-CRIT ' 0 0 LOG icmp -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 5 icmp type 2 LOG flags 6 level 4 prefix `SFW2-FWDint-DROP-ICMP-CRIT ' 0 0 LOG udp -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 5 LOG flags 6 level 4 prefix `SFW2-FWDint-DROP-DEFLT ' 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 

Chain input_dmz (0 references)
pkts bytes target prot opt in out source destination 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 PKTTYPE = broadcast 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 4 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 8 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED icmp type 0 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED icmp type 3 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED icmp type 11 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED icmp type 12 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED icmp type 14 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED icmp type 18 0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 5 state INVALID LOG flags 6 level 4 prefix `SFW2-INdmz-DROP-DEFLT-INV ' 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 state INVALID 0 0 LOG tcp -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 5 tcp flags:0x16/0x02 LOG flags 6 level 4 prefix `SFW2-INdmz-DROP-DEFLT ' 0 0 LOG icmp -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 5 icmp type 4 LOG flags 6 level 4 prefix `SFW2-INdmz-DROP-ICMP-CRIT ' 0 0 LOG icmp -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 5 icmp type 5 LOG flags 6 level 4 prefix `SFW2-INdmz-DROP-ICMP-CRIT ' 0 0 LOG icmp -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 5 icmp type 8 LOG flags 6 level 4 prefix `SFW2-INdmz-DROP-ICMP-CRIT ' 0 0 LOG icmp -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 5 icmp type 13 LOG flags 6 level 4 prefix `SFW2-INdmz-DROP-ICMP-CRIT ' 0 0 LOG icmp -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 5 icmp type 17 LOG flags 6 level 4 prefix `SFW2-INdmz-DROP-ICMP-CRIT ' 0 0 LOG icmp -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 5 icmp type 2 LOG flags 6 level 4 prefix `SFW2-INdmz-DROP-ICMP-CRIT ' 0 0 LOG udp -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 5 LOG flags 6 level 4 prefix `SFW2-INdmz-DROP-DEFLT ' 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 

Chain input_ext (2 references)
pkts bytes target prot opt in out source destination 587 119K DROP all -- * * 0.0.0.0/0 0.0.0.0/0 PKTTYPE = broadcast 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 4 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 8 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED icmp type 0 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED icmp type 3 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED icmp type 11 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED icmp type 12 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED icmp type 14 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED icmp type 18 0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 5 state INVALID LOG flags 6 level 4 prefix `SFW2-INext-DROP-DEFLT-INV ' 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 state INVALID 1 48 LOG tcp -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 5 tcp dpt:22 flags:0x16/0x02 LOG flags 6 level 4 prefix `SFW2-INext-ACC-TCP ' 1 48 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 0 0 reject_func tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:113 state NEW 0 0 LOG tcp -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 5 tcp flags:0x16/0x02 LOG flags 6 level 4 prefix `SFW2-INext-DROP-DEFLT ' 0 0 LOG icmp -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 5 icmp type 4 LOG flags 6 level 4 prefix `SFW2-INext-DROP-ICMP-CRIT ' 0 0 LOG icmp -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 5 icmp type 5 LOG flags 6 level 4 prefix `SFW2-INext-DROP-ICMP-CRIT ' 0 0 LOG icmp -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 5 icmp type 8 LOG flags 6 level 4 prefix `SFW2-INext-DROP-ICMP-CRIT ' 0 0 LOG icmp -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 5 icmp type 13 LOG flags 6 level 4 prefix `SFW2-INext-DROP-ICMP-CRIT ' 0 0 LOG icmp -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 5 icmp type 17 LOG flags 6 level 4 prefix `SFW2-INext-DROP-ICMP-CRIT ' 0 0 LOG icmp -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 5 icmp type 2 LOG flags 6 level 4 prefix `SFW2-INext-DROP-ICMP-CRIT ' 0 0 LOG udp -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 5 LOG flags 6 level 4 prefix `SFW2-INext-DROP-DEFLT ' 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 

Chain input_int (0 references)
pkts bytes target prot opt in out source destination 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 4 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 8 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED icmp type 0 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED icmp type 3 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED icmp type 11 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED icmp type 12 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED icmp type 14 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED icmp type 18 0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 5 state INVALID LOG flags 6 level 4 prefix `SFW2-INint-DROP-DEFLT-INV ' 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 state INVALID 0 0 LOG tcp -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 5 tcp flags:0x16/0x02 LOG flags 6 level 4 prefix `SFW2-INint-DROP-DEFLT ' 0 0 LOG icmp -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 5 icmp type 4 LOG flags 6 level 4 prefix `SFW2-INint-DROP-ICMP-CRIT ' 0 0 LOG icmp -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 5 icmp type 5 LOG flags 6 level 4 prefix `SFW2-INint-DROP-ICMP-CRIT ' 0 0 LOG icmp -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 5 icmp type 8 LOG flags 6 level 4 prefix `SFW2-INint-DROP-ICMP-CRIT ' 0 0 LOG icmp -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 5 icmp type 13 LOG flags 6 level 4 prefix `SFW2-INint-DROP-ICMP-CRIT ' 0 0 LOG icmp -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 5 icmp type 17 LOG flags 6 level 4 prefix `SFW2-INint-DROP-ICMP-CRIT ' 0 0 LOG icmp -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 5 icmp type 2 LOG flags 6 level 4 prefix `SFW2-INint-DROP-ICMP-CRIT ' 0 0 LOG udp -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 5 LOG flags 6 level 4 prefix `SFW2-INint-DROP-DEFLT ' 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 

Chain reject_func (1 references)
pkts bytes target prot opt in out source destination 0 0 REJECT tcp -- * * 0.0.0.0/0 0.0.0.0/0 reject-with tcp-reset 0 0 REJECT udp -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable 0 0 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-proto-unreachable 

-------------------------------------------------------------------------------------------------------------------------------
dom0:/ # ifconfig
eth0      Link encap:Ethernet  HWaddr 00:11:85:F4:87:76
         inet addr:192.168.1.22  Bcast:192.168.1.255  Mask:255.255.255.0
         inet6 addr: fe80::211:85ff:fef4:8776/64 Scope:Link
         UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
         RX packets:7554 errors:0 dropped:0 overruns:0 frame:0
         TX packets:6522 errors:0 dropped:0 overruns:0 carrier:0
         collisions:0 txqueuelen:1000
         RX bytes:717401 (700.5 Kb)  TX bytes:1512430 (1.4 Mb)
         Interrupt:20

lo        Link encap:Local Loopback
         inet addr:127.0.0.1  Mask:255.0.0.0
         inet6 addr: ::1/128 Scope:Host
         UP LOOPBACK RUNNING  MTU:16436  Metric:1
         RX packets:14725 errors:0 dropped:0 overruns:0 frame:0
         TX packets:14725 errors:0 dropped:0 overruns:0 carrier:0
         collisions:0 txqueuelen:0
         RX bytes:1351344 (1.2 Mb)  TX bytes:1351344 (1.2 Mb)

vif7.0    Link encap:Ethernet  HWaddr FE:FF:FF:FF:FF:FF
         inet6 addr: fe80::fcff:ffff:feff:ffff/64 Scope:Link
         UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
         RX packets:13 errors:0 dropped:0 overruns:0 frame:0
         TX packets:88 errors:0 dropped:411 overruns:0 carrier:0
         collisions:0 txqueuelen:0
         RX bytes:754 (754.0 b)  TX bytes:10175 (9.9 Kb)

xen-br0   Link encap:Ethernet  HWaddr 00:11:85:F4:87:76
         inet addr:192.168.1.22  Bcast:192.168.1.255  Mask:255.255.255.255
         inet6 addr: fe80::200:ff:fe00:0/64 Scope:Link
         UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
         RX packets:7471 errors:0 dropped:0 overruns:0 frame:0
         TX packets:6303 errors:0 dropped:0 overruns:0 carrier:0
         collisions:0 txqueuelen:0
         RX bytes:550732 (537.8 Kb)  TX bytes:1459651 (1.3 Mb)

--------------------------------------------------------------------------------------------------------------------------------
dom0:/ # route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface 192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 xen-br0 169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 xen-br0 
127.0.0.0       0.0.0.0         255.0.0.0       U     0      0        0 lo
0.0.0.0 192.168.1.2 0.0.0.0 UG 0 0 0 xen-br0 

--------------------------------------------------------------------------------------------------------------------------------
dom0:/# brctl show
bridge name     bridge id               STP enabled     interfaces
xen-br0         8000.001185f48776       no              eth0
                                                       vif7.0
--------------------------------------------------------------------------------------------------------------------------------
dom0:/# brctl showmacs xen-br0
port no mac addr                is local?       ageing timer
 1     00:08:02:96:ee:f1       no                33.65
 1     00:0d:56:e7:9e:cc       no               235.29
 1     00:11:85:7d:39:af       no                 8.98
 1     00:11:85:7e:51:eb       no               113.87
 1     00:11:85:ee:79:f4       no                 0.00
 1     00:11:85:f2:54:4a       no               290.09
 1     00:11:85:f2:55:be       no                46.89
 1     00:11:85:f4:87:76       yes                0.00
 1     00:c0:9f:46:e4:1b       no               128.81
 1     00:e0:4c:ae:e6:07       no                17.76
 2     fe:ff:ff:ff:ff:ff       yes                0.00

--------------------------------------------------------------------------------------------------------------------------------


In dom1 (I turned the firewall in dom1 off for now):

dom1:/ #  iptables -n -v -L
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination 

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination 

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination 
---------------------------------------------------------------------------------------
dom1:/boot # iptables -n -v -L -t nat
Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination 

Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination 

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination 
----------------------------------------------------------------------------------------

dom1:/ # ifconfig

eth0      Link encap:Ethernet  HWaddr 00:11:85:F4:87:76
         inet addr:192.168.1.25  Bcast:192.168.1.255  Mask:255.255.255.0
         inet6 addr: fe80::211:85ff:fef4:8776/64 Scope:Link
         UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
         RX packets:55 errors:0 dropped:0 overruns:0 frame:0
         TX packets:13 errors:0 dropped:0 overruns:0 carrier:0
         collisions:0 txqueuelen:1000
         RX bytes:6434 (6.2 Kb)  TX bytes:754 (754.0 b)

lo        Link encap:Local Loopback
         inet addr:127.0.0.1  Mask:255.0.0.0
         inet6 addr: ::1/128 Scope:Host
         UP LOOPBACK RUNNING  MTU:16436  Metric:1
         RX packets:14 errors:0 dropped:0 overruns:0 frame:0
         TX packets:14 errors:0 dropped:0 overruns:0 carrier:0
         collisions:0 txqueuelen:0
         RX bytes:1344 (1.3 Kb)  TX bytes:1344 (1.3 Kb)

----------------------------------------------------------------------------------------
dom1:/boot # route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface 
192.168.1.0   0.0.0.0         255.255.255.0   U     0      0        0 eth0
169.254.0.0     0.0.0.0         255.255.0.0     U     0      0        0 eth0
127.0.0.0       0.0.0.0         255.0.0.0       U     0      0        0 lo
0.0.0.0         192.168.1.2   0.0.0.0         UG    0      0        0 eth0




James Bulpin wrote:


On Wed, 2005-05-18 at 16:07, Eric E wrote:

Hi James,
Many thanks for your quick reply, and for the help. I'm now able to see the dom0 machine from the network, but I can't seem to get into our out of dom1. In my domain configuation file for dom1, I've tried the following for the vif: 
1) vif= ['mac=00:xx:xx:xx:xx:xx, bridge=xen-br0']
2) vif = ['bridge=xen-br0']
3) nothing (commented out)
Only 1) creates an eth0 interface in dom1, and even then I can't see any IP addresses on my network such as 192.168.1.10 from within dom1, nor can I ping the machine's address from dom0 or elsewhere on the network. 

Can you give me the output of the following:

in dom0:

iptables -n -v -L
iptables -n -v -L -t nat
ifconfig
route -n
brctl show
brctl showmacs xen-br0

in domU booted using your 1) above:

iptables -n -v -L
iptables -n -v -L -t nat
ifconfig
route -n

Regards,

James






_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Xen-users] Firewall problem resolved - cannot set up networking in domU, Eric E
Next by Date:  [Xen-users] Re: oom-killer keeps killing big un-tars, Stephan Seitz
Previous by Thread:  Re: [Xen-users] Xen and routing, James Bulpin
Next by Thread:  Re: [Xen-users] Xen and routing, James Bulpin
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy