WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-users

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Xen-users] locked myself out with iptables

from [Heiko] [Permanent Link][Original]
To: xen-users@xxxxxxxxxxxxxxxxxxx
Subject: [Xen-users] locked myself out with iptables
From: Heiko <rupertt@xxxxxxxxx>
Date: Wed, 6 Aug 2008 15:34:06 +0200
Delivery-date: Wed, 06 Aug 2008 06:34:43 -0700
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to :subject:mime-version:content-type:content-transfer-encoding :content-disposition; bh=7Z1kF07addmlb1QGVsa40sEK1ybsYcDFxVssIkMUY/Q=; b=Qe1mVXMPpo+53a9oJxqIY7XNu1mEUggLYdfpSOYlZUg9+BO7Z16ANBDKdvEJGs8Jvf pBKoE7UUPQdg5pqUh2qIGXc3bCUvE23jcxCr0yfVLeCw2/T2RTGxZTRZ7WVpl05CaaqV C5xDcRn39zxgRufw0CIKlngbDZiOCFsUW+LCY=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:mime-version:content-type :content-transfer-encoding:content-disposition; b=Ac4Yj2f5Z1arfgEErULzH3CEizQmuoaQkDI+qQjdSep81dZmg6jco9Qg7AXnQ10a/0 ohG+jqHQhULnna5slDElPO7jQCJm5kapt+XYcvB4IN63+mtRCJJkZMP9gquzJEnKED+C 9cQR5xBbF7CZpvfZtJZFH8+llE/OOb885s5M8=
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx 
Hello,

i created a failover cluster with 2 Server where 1 VM ist replicated
through DRBD and Heartbeat,
it all worked well some days and I could reboot the first server and
the second did take over the VM..
Today I started to creating some iptables rules on server 1, after
that one VM(not replicated, runs nagios) lost connections to some
servers,
but not all!. I can ping the VM that is replicated but not the host
where it lives(Server1).
So i deleted my iptables rules and rebooted the machine, after some
time I had the VM on both servers,
another reboot got me the VM back on the server1, but I couldnt acces
it, a login did not procedd and hang after entering the password.
A third reboot did solve the problem with th VM, i can now acces with
SSH and the Site.

Back to my problem:

I still cant monitor 1 VM and the 2 hosts where drbd ist running, no
ping and no other connections,
What can be the reason of this? I removed the /eetc/sysconfig/iptables
on server1, so only the rules are active that xen creates:

 iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     udp  --  anywhere             anywhere            udp dpt:domain
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:domain
ACCEPT     udp  --  anywhere             anywhere            udp dpt:bootps
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:bootps

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
ACCEPT     all  --  anywhere             192.168.122.0/24    state
RELATED,ESTABLISHED
ACCEPT     all  --  192.168.122.0/24     anywhere
ACCEPT     all  --  anywhere             anywhere
REJECT     all  --  anywhere             anywhere
reject-with icmp-port-unreachable
REJECT     all  --  anywhere             anywhere
reject-with icmp-port-unreachable
ACCEPT     all  --  anywhere             anywhere            PHYSDEV
match --physdev-in vif2.0
ACCEPT     all  --  anywhere             anywhere            PHYSDEV
match --physdev-in vif3.0

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination


All the machines are in a VLAN, i use this for monitoring,
even if I stop the firewall on all machine I cant ping the other machines.

Does someone have an idea whats wrong here?


thx

Rupertt

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Xen-users] HVM iSCSI Boot ROM, Pasi Kärkkäinen
Next by Date:  [Xen-users] Prob Connecting VM through http or ssh, Mahendra Kutare
Previous by Thread:  [Xen-users] vcpus in HVM, Aleix Dorca
Next by Thread:  RE: [Xen-users] locked myself out with iptables, Ross S. W. Walker
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy