|  |  | 
  
    |  |  | 
 
  |   |  | 
  
    |  |  | 
  
    |  |  | 
  
    |   xen-users
Re: [Xen-users] ebtables tying mac to ip problem 
| Thanks for the insight, 
 Unfortunately i still cant get it to work. it seems to be a problem with  /sbin/ebtables -P FORWARD DROP
 
 if i change this to  /sbin/ebtables -P FORWARD  then it starts working again but i can change ip address etc on the guest
 
 Does the vif-bridge patch still apply for this setup?
 
 Will i start from scratch and try to build up a set of rules for this situation? i'm sure this will fit into most xen networking situations as this setup is popular.
 
 
 
 Cheers.
 
 
 
 
 
 
 
 On Fri, Apr 3, 2009 at 10:30 AM, Rafał Kupka <rkupka+Listy.Xen@xxxxxxxxxxxxx>  wrote:
 On Tue, Mar 31, 2009 at 07:39:31PM +0100, David Markey wrote:Hi,
 That's based on quite non-standard Xen network setup:
 - dom0 as a router,
 two interfaces eth0 (outside) and xen-br0 (private network) for Xen
 domUs
 - domU during startup joins xen-br0
 - dom0 do NAT, firewalling and finally forwards domUs traffic by eth0
 connection to Internet
 
 My old email in URL above lacks such information, sorry.
 
 I think that there is yet another problem with dom0 connectivity. Bridge> The DomU's network gets blocked both inward and outward.
 
 
 eth0 in your setup is shared by Dom0 interface and DomUs vifs?
 
 Thats the difference that matters -- ebtables rules blocks dom0 arp, and> I've patched my vif-bridge with the instructions on that page any they
 > seem to be applied correctly.
 >
 > The network is a simple 10.0.0.0 network with eth0(10.0.0.5) bridge with
 > peth0 as the physical interface.
 
 
 any traffic from peth0.
 
 Please try to extend that initial rules by permitting traffic from> There are the commands I issued at the start
 
 
 peth0. Untested, but should help.
 
 /sbin/ebtables -A INPUT --logical-in peth0 -j ACCEPT> Paris:~# /sbin/ebtables -N eth0
 > Paris:~# /sbin/ebtables -A eth0 --log-level notice --log-prefix "eth0"
 > --log-ip --log-arp -j DROP
 
 
 
 /sbin/ebtables -A FORWARD --logical-in peth0 -j ACCEPT> Paris:~# /sbin/ebtables -A INPUT --logical-in eth0 -j eth0
 
 
 
 > Paris:~# /sbin/ebtables -A FORWARD --logical-in eth0 -j eth0
 > Paris:~# /sbin/ebtables -P INPUT DROP
 > Paris:~# /sbin/ebtables -P FORWARD DROP
 
 
 > Log:Packet from interface peth0 (IN=peth0), there was no rules for that>
 > [19267.149206] eth0 IN=peth0 OUT=vif8.0 MAC source = 00:e0:81:71:9b:01
 > MAC dest = 00:16:3e:0c:8f:80 proto = 0x0806 ARP HTYPE=1, PTYPE=0x0800,
 > OPCODE=2 ARP MAC SRC=""  ARP IP SRC="" ARP MAC
 > DST=00:16:3e:0c:8f:80  ARP IP DST=10.0.0.254
 
 
 interface before.
 
 Kupson
 --
 Great software without the knowledge to run it is pretty useless.
 (Linux Gazette #1)
 
 _______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users | 
 |  | 
  
    |  |  |