| |
|
 |
|
 |
|
|
|
| |
|
|
xen-users
Re: [Xen-users] iptables in dom0
Hi,
I have the exact same problems (running Debian Etch). When I disable the
firewall (I'm using the firehol script) and reboot the problem goes away.
Flushing the firewall also makes the problem disapear.
I will try to load the fw-rules after xend starts tonight.
Best,
Mark
> Quoting Sipos Ferenc <frank@xxxxxxx>:
>> How come then, that a
>> -A INPUT -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT
>> rule leaves me with no outbound connection? The other end cleary states
>> that a high port in my dom0 is not accessible to it, which means my
>> firewall is not stateful, as it was initiated by me (dom0)?
>
> I don't know whether it's a bug or by design (but I don't understand
> why/how either), but I had the same experience.
>
>> Furthermore, if I do the --physdev filtering like most people do, when
>> shall I run the script from? Right after xend starts? Is there
>> preferable point in time to do it during dom0's boot?
>
> Could you confirm it is a firewall problem? In other words, if you
> execute `iptables -F`, does your networking work then?
>
> I run my firewall script after starting xend. However, I noticed that
> at that time eth0 is sometimes not "up" at that moment. I worked around
> that problem by adding the following two lines to my firewall script
> (before calling iptables):
> /sbin/ifdown eth0 2> /dev/null
> /sbin/ifup eth0
>
> Cheers, Peter
_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users
|
|
|
| |
|
Home