WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-users

Re: [Xen-users] IPTABLES on Xen

I am now back to the original problem where the Xen machine is able to
ping other machines on network
here is the output from of the Xen machine the issue started with ssh
[root@localhost ~]# netstat -tualp | grep 22
tcp        0      0 localhost.localdomain:2208  *:*
     LISTEN      2594/hpiod
tcp        0      0 192.168.122.1:domain        *:*
     LISTEN      2829/dnsmasq
tcp        0      0 localhost.localdomain:2207  *:*
     LISTEN      2599/python
tcp        0      0 192.168.1.84:58022
qw-in-f83.1e100.net:http    ESTABLISHED 4056/firefox
udp        0      0 192.168.122.1:domain        *:*
                 2829/dnsmasq


So it is clear that port 22 is not open here but I have not enabled
firewall and not disabled ICMP echo still it is not able reply back I
am able to have outgoing ssh/ping from Xen machine but any incoming
ssh/ping is notworking while if you read above replies in the thread I
was able to this Xen machine from my LAN but then it was not able to
access internet
Once again I am doing it from start here is what iptables on this machine say

[root@localhost ~]# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     udp  --  anywhere             anywhere            udp dpt:domain
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:domain
ACCEPT     udp  --  anywhere             anywhere            udp dpt:bootps
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:bootps

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
ACCEPT     all  --  anywhere             192.168.122.0/24    state
RELATED,ESTABLISHED
ACCEPT     all  --  192.168.122.0/24     anywhere
ACCEPT     all  --  anywhere             anywhere
REJECT     all  --  anywhere             anywhere
reject-with icmp-port-unreachable
REJECT     all  --  anywhere             anywhere
reject-with icmp-port-unreachable

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
[root@localhost ~]#

Now what ?
On Tue, Dec 1, 2009 at 7:40 AM, Tapas Mishra <tapas@xxxxxxxxxxxx> wrote:
> I have resolved this probblem here is what I did
> I added to /etc/sysconfig/network-scripts/ifcfg-eth0
> PEERDNS=no
> DNS1=XXX.XXX.XXX.XXX (that is my gateway)
>
> But still I am wondering why did it happned
> ssh and everything else including internet is working fine on the Xen machine
> On Tue, Dec 1, 2009 at 7:00 AM, Tait Clarridge <tait@xxxxxxxxxxxx> wrote:
>>
>>> Yes the problem is happening when using the normal kernel also
>>> I checked /etc/resolv.conf
>>> and the nameserver entry there is wrong it should be 4.2.2.6 but each
>>> time I manually edit it is still taking it from ADSL router.
>>
>> Do you have NetworkManager running? If so, stop it and disable it:
>>
>> If you are running CentOS you should be able to change the ifcfg-eth*
>> scripts in /etc/sysconfig/network-scripts to not automatically set DNS
>> according to the gateway.
>>
>> In the ifcfg-ethX (where X is the interface number that your server is
>> connected to the network, eg eth0) file you can add PEERDNS=no to stop
>> it from overwriting the DNS entries.
>>
>
>
>
> --
>
> http://www.abhitech.com
>



-- 

http://www.abhitech.com

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users