Re: [Xen-users] xen, fc4, bridging, iptables and conntrack problem

["Michael Paesold" <mpaesold@xxxxxx>]

Paul Jakma wrote:


> On Sat, 25 Jun 2005, Jon Howse wrote:
>
> > Hi Paul,
> > I have Fedora Core 4 and I am having exactly the same problem as you.
> Aha, so it's not just me. Time to raise a bug with fedora.
I can confirm the problem here.

[snip]
> > machine and i can't then log in via ssh. It seems that the conntrack 
> > system is failing to match already accepted connections.
> See above. For me, all dom0 initiated connections fail to appear in 
> conntrack state (but strangely the remote replies still get seen by 
> tcpdump on xen-br0). domU's work fine though, as FORWARD is unrestricted.
> > The initial packet seems to get accepted by the INPUT rule, then the 
> > reply packet slips past the ESTABLISHED,RELATED rule and gets logged then 
> > dropped by the default policy.
[snip]
> https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=161792 and please add 
> your comments to it.
The snapshot for -unstable used for the latest FC4 package is quite old: * 
Tue Apr 26 2005 Rik van Riel <...> 2-20050424
- upgrade to last night's snapshot

So perhaps this is already fixed in xen-unstable. Or it was just an artefact 
of code changes, similar to the problem that xm restore does not work 
correctly in that snapshot.
Rik said he would upgrade to a new snapshot for rawhide rather soon. Not 
sure when that will be, though.
Can anyone not using FC4 confirm problems with iptables and conntrack in the 
latest -unstable?
Best Regards,
Michael Paesold 

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users