| |
|
 |
|
 |
|
|
|
| |
|
|
xen-users
[Xen-users] Problem start iptables - udp broken
Hallo xen-users!
I have a problem with configuration iptables.
Whats going wrong?
regards Torsten
Launoc
---------------------------------------------------------------------
061123.prob.xen.ipt-ml
Problem:
- after starting firewall (iptables) on eth0,
all udp-connections (NFS) broken.
- no problem with tcp
- after stop firewall, udp already broken.
- when i removed any modules, udp going up.
Details:
-----------------
192.168.1.2| -| xenU |193.123.123.86
------------X xen0 |------|
eth0| -| xenU |
-----------------
l0:~# ./060302.xm_sh_ver
Linux l0.rz.example.de 2.6.16-xen0 #2 SMP Mon Jul 17 17:09:35 CEST 2006 i6
86 GNU/Linux
Xen version 3.0.2-2 (root@xxxxxxxxxxxxx) (gcc version 3.3.5 (Debian
1:3.3.5-13)
) Mon Jul 17 16:03:20 CEST 2006
Latest ChangeSet: Thu Apr 27 14:14:26 2006 +0100 9657:b5d43db15746
l0:~# /etc/init.d/netfilter start
Applying iptables firewall rules:
## - udp broken
## but not udp-rules defined:
l0:~# iptables -L -n
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state
RELATED,ESTAB
LISHED
LOG tcp -- 0.0.0.0/0 0.0.0.0/0 multiport
dports 23
LOG flags 0 level 7 prefix `INP test: '
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 multiport
dports 23
Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state
RELATED,ESTAB
LISHED
LOG tcp -- 0.0.0.0/0 193.123.123.86 multiport
dports 2
3 LOG flags 0 level 7 prefix `fwd test: '
DROP tcp -- 0.0.0.0/0 193.123.123.86 multiport
dports 2
3
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain bad_tcp_packets (0 references)
target prot opt source destination
LOG tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
flags:!0x16/0x0
2 state NEW LOG flags 0 level 7 prefix `bad_tcp New not syn: '
l0:~#
l0:~# /etc/init.d/netfilter stop
## - udp already broken
l0:~# lsmod
Module Size Used by
ipt_multiport 2464 4
ipt_LOG 6688 3
xt_state 1952 3
ip_conntrack 43608 1 xt_state
xt_tcpudp 3648 1
iptable_filter 2528 1
ip_tables 12276 1 iptable_filter
x_tables 10436 5
ipt_multiport,ipt_LOG,xt_state,xt_tcpudp,ip_tabl
es
bridge 50996 0
sg 28892 0
sworks_agp 7936 0
agpgart 30504 1 sworks_agp
e100 34308 0
mii 5088 1 e100
sr_mod 13988 0
cdrom 39072 1 sr_mod
l0:~# /etc/init.d/netfilter stop
l0:~# rmmod xt_state ip_conntrack
## - udp running!
## ...workaround...
## -> Modul ip_conntrack blocked udp
---------------------------------------------------------------------
_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users
|
| <Prev in Thread] |
Current Thread |
[Next in Thread>
|
- [Xen-users] Problem start iptables - udp broken,
Torsten Lehmann <=
|
|
|
| |
|
Home