WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-users

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Xen-users] iptables does not see inter-domU traffic

from [Bart Verwilst] [Permanent Link][Original]
To: Xen-users@xxxxxxxxxxxxxxxxxxx
Subject: [Xen-users] iptables does not see inter-domU traffic
From: Bart Verwilst <lists@xxxxxxxxxxx>
Date: Thu, 11 Oct 2007 00:52:19 +0200 (CEST)
Delivery-date: Wed, 10 Oct 2007 15:53:11 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx 
Hi!

I'm trying to use iptables to regulate traffic between my domU's. Every domU 
has an external IP address. I have one bridge, xenbr0, configured the debian 
way like this:

auto xenbr0
iface xenbr0 inet static
        address xxx.xx.xx.xxx
        netmask 255.255.255.192
        metric  0
        gateway xxx.xx.xx.xxx
        bridge_ports eth0
        bridge_maxwait 0


All domU's have internet access and can reach eachother, no problems there.

net.bridge.bridge-nf-call-iptables is set to 1.

To test/show my problem, i've set this rule:

iptables -A FORWARD -p tcp --dport 80 -d <domU ip> -j LOG 
--log-prefix="connect-http: "

Then, from a remote location, i telnet to the ip and port. I see an entry about 
it appearing in /var/log/syslog.
When I try the same from another domU, no logs whatsoever..

Any clues?

Thanks!

Kind regards,

Bart Verwilst

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
  • [Xen-users] iptables does not see inter-domU traffic, Bart Verwilst <=
Previous by Date:  Re: [Xen-users] clocksource/0: Time went backwards, Bart Verwilst
Next by Date:  Re: [Xen-users] clocksource/0: Time went backwards, Shane D. Johnson
Previous by Thread:  [Xen-devel] dom0 and domU /dev/urandom generating too less entropy, Stephan Seitz
Next by Thread:  [Xen-users] VCPU migration count, Jyotirmaya Tripathi
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy