Hi Todd,
Thanks for your reply.
You'll find right down all informations about my settings (including
iptables running on the Dom0)
DomU1 = fwb
uuid = "f990d210-2a76-6fa9-5130-b80a207baa89"
vif = [ "mac=00:16:3e:1c:0f:0b,bridge=xenbr0" ]
DomU2= virt-geko
uuid = "bd4497d9-6613-f595-fae1-4bf8bc4aea33"
vif = [ "mac=00:16:3e:16:ee:d4,bridge=xenbr0" ]
results of the ifconfig command. I can't undrestand why HWaddr eth0 is
different from HWaddr peth0. Do you understand why ?
eth0 Link encap:Ethernet HWaddr 00:21:85:32:CA:8E
inet adr:172.20.25.2 Bcast:172.20.25.255 Masque:255.255.255.0
adr inet6: fe80::221:85ff:fe32:ca8e/64 Scope:Lien
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:6164 errors:0 dropped:0 overruns:0 frame:0
TX packets:1491 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 lg file transmission:0
RX bytes:512499 (500.4 KiB) TX bytes:204595 (199.7 KiB)
lo Link encap:Boucle locale
inet adr:127.0.0.1 Masque:255.0.0.0
adr inet6: ::1/128 Scope:Hôte
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:8 errors:0 dropped:0 overruns:0 frame:0
TX packets:8 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 lg file transmission:0
RX bytes:560 (560.0 b) TX bytes:560 (560.0 b)
peth0 Link encap:Ethernet HWaddr FE:FF:FF:FF:FF:FF
adr inet6: fe80::fcff:ffff:feff:ffff/64 Scope:Lien
UP BROADCAST RUNNING NOARP MTU:1500 Metric:1
RX packets:11222 errors:0 dropped:0 overruns:0 frame:0
TX packets:1738 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 lg file transmission:100
RX bytes:1115603 (1.0 MiB) TX bytes:237120 (231.5 KiB)
Mémoire:de340000-de360000
vif0.0 Link encap:Ethernet HWaddr FE:FF:FF:FF:FF:FF
adr inet6: fe80::fcff:ffff:feff:ffff/64 Scope:Lien
UP BROADCAST RUNNING NOARP MTU:1500 Metric:1
RX packets:1497 errors:0 dropped:0 overruns:0 frame:0
TX packets:6167 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 lg file transmission:0
RX bytes:206963 (202.1 KiB) TX bytes:512679 (500.6 KiB)
vif1.0 Link encap:Ethernet HWaddr FE:FF:FF:FF:FF:FF
adr inet6: fe80::fcff:ffff:feff:ffff/64 Scope:Lien
UP BROADCAST RUNNING NOARP MTU:1500 Metric:1
RX packets:3 errors:0 dropped:0 overruns:0 frame:0
TX packets:4314 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 lg file transmission:32
RX bytes:84 (84.0 b) TX bytes:338534 (330.5 KiB)
vif2.0 Link encap:Ethernet HWaddr FE:FF:FF:FF:FF:FF
adr inet6: fe80::fcff:ffff:feff:ffff/64 Scope:Lien
UP BROADCAST RUNNING NOARP MTU:1500 Metric:1
RX packets:202 errors:0 dropped:0 overruns:0 frame:0
TX packets:4442 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 lg file transmission:32
RX bytes:20039 (19.5 KiB) TX bytes:358895 (350.4 KiB)
virbr0 Link encap:Ethernet HWaddr 00:00:00:00:00:00
inet adr:192.168.122.1 Bcast:192.168.122.255
Masque:255.255.255.0
adr inet6: fe80::200:ff:fe00:0/64 Scope:Lien
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:31 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 lg file transmission:0
RX bytes:0 (0.0 b) TX bytes:6837 (6.6 KiB)
xenbr0 Link encap:Ethernet HWaddr FE:FF:FF:FF:FF:FF
UP BROADCAST RUNNING NOARP MTU:1500 Metric:1
RX packets:4317 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 lg file transmission:0
RX bytes:286208 (279.5 KiB) TX bytes:0 (0.0 b)
[root@virts xen]# brctl show xenbr0
bridge name bridge id STP enabled interfaces
virbr0 8000.000000000000 yes
xenbr0 8000.feffffffffff no vif2.0
vif1.0
peth0
vif0.0
[root@virts xen]# brctl showmacs xenbr0
port no mac addr is local? ageing timer
2 00:00:85:83:0d:1f no 187.77
2 00:14:38:dd:b6:6c no 246.89
2 00:14:38:df:a9:25 no 7.46
2 00:15:17:11:d0:60 no 11.49
2 00:15:17:12:11:24 no 22.58
4 00:16:3e:16:ee:d4 no 22.58
2 00:18:8b:08:62:44 no 60.58
2 00:18:8b:08:80:9c no 91.25
2 00:18:8b:08:84:4f no 16.63
2 00:18:8b:08:85:3b no 65.18
2 00:18:8b:08:85:7b no 137.78
2 00:18:8b:08:85:ae no 7.96
2 00:18:8b:08:86:27 no 24.48
2 00:18:8b:08:8c:a9 no 135.02
2 00:18:8b:08:8c:ed no 35.36
2 00:18:8b:25:9e:f8 no 121.48
2 00:18:8b:27:b3:9a no 238.33
2 00:18:8b:27:d5:38 no 97.22
2 00:18:8b:27:e4:1d no 75.80
2 00:18:fe:9e:0a:6c no 7.48
2 00:19:30:6f:ca:8f no 1.18
2 00:19:b9:67:8a:8f no 0.00
2 00:1a:a0:ae:54:25 no 10.45
2 00:1a:e2:ca:5f:00 no 25.44
2 00:1a:e3:4d:1b:0a no 0.26
2 00:1a:e3:4d:1b:43 no 70.06
2 00:1b:2a:20:2b:d1 no 296.46
2 00:1b:2a:20:6b:3c no 179.91
2 00:1b:2a:20:b2:24 no 249.45
2 00:1b:2a:20:b2:2a no 277.33
2 00:1b:2a:89:95:50 no 269.97
2 00:1b:2a:89:95:68 no 27.25
2 00:1b:2a:89:ab:d0 no 297.39
2 00:1b:2a:89:ac:6b no 240.17
2 00:1b:2a:89:e4:f3 no 72.68
2 00:1b:53:39:b3:00 no 26.38
2 00:1c:ee:04:ef:4c no 50.50
2 00:1e:f7:c4:b7:65 no 285.87
1 00:21:85:32:ca:8e no 0.00
2 08:00:1f:82:7d:a3 no 75.80
1 fe:ff:ff:ff:ff:ff yes 0.00
[root@virts xen]# brctl showmacs virbr0
port no mac addr is local? ageing timer
Here are the Dom0's iptables :
Table filter
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
num pkts bytes target prot opt in out source
destination
1 0 0 ACCEPT udp -- virbr0 * 0.0.0.0/0
0.0.0.0/0 udp dpt:53
2 0 0 ACCEPT tcp -- virbr0 * 0.0.0.0/0
0.0.0.0/0 tcp dpt:53
3 0 0 ACCEPT udp -- virbr0 * 0.0.0.0/0
0.0.0.0/0 udp dpt:67
4 0 0 ACCEPT tcp -- virbr0 * 0.0.0.0/0
0.0.0.0/0 tcp dpt:67
5 0 0 RH-Firewall-1-INPUT all -- * *
0.0.0.0/0 0.0.0.0/0
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
num pkts bytes target prot opt in out source
destination
1 0 0 ACCEPT all -- * virbr0 0.0.0.0/0
192.168.122.0/24 state RELATED,ESTABLISHED
2 0 0 ACCEPT all -- virbr0 * 192.168.122.0/24
0.0.0.0/0
3 0 0 ACCEPT all -- virbr0 virbr0 0.0.0.0/0
0.0.0.0/0
4 0 0 REJECT all -- * virbr0 0.0.0.0/0
0.0.0.0/0 reject-with icmp-port-unreachable
5 0 0 REJECT all -- virbr0 * 0.0.0.0/0
0.0.0.0/0 reject-with icmp-port-unreachable
6 0 0 RH-Firewall-1-INPUT all -- * *
0.0.0.0/0 0.0.0.0/0
7 0 0 ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0 PHYSDEV match --physdev-in vif1.0
8 0 0 ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0 PHYSDEV match --physdev-in vif2.0
Chain OUTPUT (policy ACCEPT 1459 packets, 178K bytes)
num pkts bytes target prot opt in out source
destination
Chain RH-Firewall-1-INPUT (2 references)
num pkts bytes target prot opt in out source
destination
1 0 0 ACCEPT all -- lo * 0.0.0.0/0
0.0.0.0/0
2 0 0 ACCEPT icmp -- * * 0.0.0.0/0
0.0.0.0/0 icmp type 255
3 0 0 ACCEPT esp -- * * 0.0.0.0/0
0.0.0.0/0
4 0 0 ACCEPT ah -- * * 0.0.0.0/0
0.0.0.0/0
5 0 0 ACCEPT udp -- * * 0.0.0.0/0
224.0.0.251 udp dpt:5353
6 0 0 ACCEPT udp -- * * 0.0.0.0/0
0.0.0.0/0 udp dpt:631
7 0 0 ACCEPT tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:631
8 0 0 ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0 state RELATED,ESTABLISHED
9 0 0 ACCEPT tcp -- * * 0.0.0.0/0
0.0.0.0/0 state NEW tcp dpt:22
10 0 0 REJECT all -- * * 0.0.0.0/0
0.0.0.0/0 reject-with icmp-host-prohibited
Table nat
Chain PREROUTING (policy ACCEPT 859 packets, 100K bytes)
num pkts bytes target prot opt in out source
destination
Chain POSTROUTING (policy ACCEPT 3 packets, 357 bytes)
num pkts bytes target prot opt in out source
destination
1 0 0 MASQUERADE all -- * *
192.168.122.0/24 0.0.0.0/0
Chain OUTPUT (policy ACCEPT 3 packets, 357 bytes)
num pkts bytes target prot opt in out source
destination
~
Regards,
Todd Deshane a écrit :
On Fri, Aug 1, 2008 at 4:32 AM, Stéphane Cesbron
<Stephane.Cesbron@xxxxxxxxx> wrote:
Hi,
I 've got a CentOS 5.2 server running xen 3.0 with 2 DomUs also running
CentOS 5.2.
All my boxes are up-to date.
I'm experiencing trouble with networking.
Dom0 can reach the outside world when no DomU are started. It can also reach
the outside world when only one DomU is running.
The troubles begin when I start the second DomU. At first, this new DomU,
called DomU2, can't get outside. (at the time Dom0 and DomU1 are still
reachable from outside).
Once I get connected to DomU2 (console mode, xm console DomU2) and try to
get outside, I'll get through after a small amout of time. Nevertheless,
this causes Dom0 to stop being reachable from the outside.
Therefore when my two DomUs are running, there are running fine and I can
reach them with SSH but Dom0 becomes unreachable. After sometimes it changes
Dom0 becomes reachable again and one of the 2 DomUs becomes unreachable from
the outside. It is completely random but there's still one of the Doms which
is unreachable. It depends on the one I'm connected to !
BUT being connected to the console on the server, I can reach each DomU
(DomU1 and DomU2) from Dom0 or reach Dom0 from each DomUs (DomU1 and DomU2)
I help myself with some tutorials but can't get through my difficulties.
http://wiki.xensource.com/xenwiki/XenNetworking
http://doc.fedora-fr.org/wiki/Xen_et_le_réseau
http://www.shorewall.net/XenMyWay.html => Xen and the Art of Consolidation
Nevertheless, I can't get through my troubles.
Here's the result of the ifconfig command when everything is started : DomUs
+ Dom0
eth0 Link encap:Ethernet HWaddr 00:21:85:32:CA:8E inet
adr:172.20.25.2 Bcast:172.20.25.255 Masque:255.255.255.0
adr inet6: fe80::221:85ff:fe32:ca8e/64 Scope:Lien
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:88446 errors:0 dropped:0 overruns:0 frame:0
TX packets:2906 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 lg file transmission:0
RX bytes:6888620 (6.5 MiB) TX bytes:189520 (185.0 KiB)
lo Link encap:Boucle locale inet adr:127.0.0.1
Masque:255.0.0.0
adr inet6: ::1/128 Scope:Hôte
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:34 errors:0 dropped:0 overruns:0 frame:0
TX packets:34 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 lg file transmission:0
RX bytes:7010 (6.8 KiB) TX bytes:7010 (6.8 KiB)
peth0 Link encap:Ethernet HWaddr FE:FF:FF:FF:FF:FF adr inet6:
fe80::fcff:ffff:feff:ffff/64 Scope:Lien
UP BROADCAST RUNNING NOARP MTU:1500 Metric:1
RX packets:25871448 errors:0 dropped:0 overruns:0 frame:0
TX packets:5396663 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 lg file transmission:100
RX bytes:31027675382 (28.8 GiB) TX bytes:434789497 (414.6 MiB)
MÃ(c)moire:de340000-de360000
vif0.0 Link encap:Ethernet HWaddr FE:FF:FF:FF:FF:FF adr inet6:
fe80::fcff:ffff:feff:ffff/64 Scope:Lien
UP BROADCAST RUNNING NOARP MTU:1500 Metric:1
RX packets:2906 errors:0 dropped:0 overruns:0 frame:0
TX packets:88446 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 lg file transmission:0
RX bytes:189520 (185.0 KiB) TX bytes:6888620 (6.5 MiB)
vif1.0 Link encap:Ethernet HWaddr FE:FF:FF:FF:FF:FF adr inet6:
fe80::fcff:ffff:feff:ffff/64 Scope:Lien
UP BROADCAST RUNNING NOARP MTU:1500 Metric:1
RX packets:1886 errors:0 dropped:0 overruns:0 frame:0
TX packets:86964 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 lg file transmission:32
RX bytes:127848 (124.8 KiB) TX bytes:6453003 (6.1 MiB)
vif2.0 Link encap:Ethernet HWaddr FE:FF:FF:FF:FF:FF adr inet6:
fe80::fcff:ffff:feff:ffff/64 Scope:Lien
UP BROADCAST RUNNING NOARP MTU:1500 Metric:1
RX packets:5389130 errors:0 dropped:0 overruns:0 frame:0
TX packets:10150353 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 lg file transmission:32
RX bytes:358810111 (342.1 MiB) TX bytes:15229333872 (14.1 GiB)
virbr0 Link encap:Ethernet HWaddr 00:00:00:00:00:00 inet
adr:192.168.122.1 Bcast:192.168.122.255 Masque:255.255.255.0
adr inet6: fe80::200:ff:fe00:0/64 Scope:Lien
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:44 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 lg file transmission:0
RX bytes:0 (0.0 b) TX bytes:8758 (8.5 KiB)
xenbr0 Link encap:Ethernet HWaddr FE:FF:FF:FF:FF:FF UP BROADCAST
RUNNING NOARP MTU:1500 Metric:1
RX packets:84790 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 lg file transmission:0
RX bytes:4982000 (4.7 MiB) TX bytes:0 (0.0 b)
I can't understand why the MAC addresses of peth0 is different from the one
of eth0. vibr0 seems to be useless. These should be the same, shouldn't they
?
peth0's MAC address and xenbr0's MAC address are the same which seems
logical to me. Am I wrong ?
Can anyone help ?
Any suggestions will be greatly appreciated.
What is the output of:
brctl show
ip route list
with 0, 1 and 2 domUs running?
The networking parts of xend-config.sxp and the vif lines in your
domUs might be useful.
Cheers.
Todd
Kind regards,
--
Stéphane Cesbron
Responsable Régional Informatique,
INSERM ADR Grand-Ouest,
BRETAGNE, PAYS DE LA LOIRE et CENTRE
63, quai Magellan
3ème étage - Hall B
B.P. 32116
44021 Nantes cedex 1
Email : stephane.cesbron@xxxxxxxxx
Tél : 02.40.20.92.28
Portable : 06.78.68.76.39
-----------------------------------------------------------------
Ce message et toutes les pieces jointes sont etablis a l'intention exclusive
de ses destinataires et peuvent etre confidentiels ou proteges. L'internet
ne permettant pas d'assurer l'integrite de ce message, l'INSERM decline
toute responsabilite au titre de ce message, dans l'hypothese ou il aurait
ete modifie. Toute utilisation de ce message non conforme a sa destination,
toute diffusion ou toute publication, totale ou partielle, est interdite,
sauf autorisation expresse. Si vous recevez ce message par erreur, merci de
le detruire et d'en avertir immediatement l'expediteur. Merci.
The information transmitted is intended exclusively for the person or entity
to which it is addressed and may contain confidential and/or privileged
material. Any disclosure, copying, distribution or other action based upon
the information by persons or entities other than the intended recipient is
prohibited. If you receive this information in error, please contact the
sender and delete the material from any and all computers.
_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users
--
Stéphane Cesbron
Responsable Régional Informatique,
INSERM ADR Grand-Ouest,
BRETAGNE, PAYS DE LA LOIRE et CENTRE
63, quai Magellan
3ème étage - Hall B
B.P. 32116
44021 Nantes cedex 1
Email : stephane.cesbron@xxxxxxxxx
Tél : 02.40.20.92.28
Portable : 06.78.68.76.39
-----------------------------------------------------------------
Ce message et toutes les pieces jointes sont etablis a l'intention exclusive de
ses destinataires et peuvent etre confidentiels ou proteges. L'internet ne
permettant pas d'assurer l'integrite de ce message, l'INSERM decline toute
responsabilite au titre de ce message, dans l'hypothese ou il aurait ete
modifie. Toute utilisation de ce message non conforme a sa destination, toute
diffusion ou toute publication, totale ou partielle, est interdite, sauf
autorisation expresse. Si vous recevez ce message par erreur, merci de le
detruire et d'en avertir immediatement l'expediteur. Merci.
The information transmitted is intended exclusively for the person or entity to
which it is addressed and may contain confidential and/or privileged material.
Any disclosure, copying, distribution or other action based upon the
information by persons or entities other than the intended recipient is
prohibited. If you receive this information in error, please contact the sender
and delete the material from any and all computers.
_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users
|
Home