I'm using Xen 4 as per Debian Squeeze (Linux 2.6.32-5-xen-amd64, Xen
4.0.1-rc5). Dom0 is up and running with an IPTABLES firewall I successfully
used on the bare hardware.
The Firewall is pretty restrictive but allows for incoming SSH and outgoing FTP
(FTP client functionality). However, outgoing FTP (FTP client functionality) is
allowed by an ESTABLISHED, RELATED rule, rather than opening the FTP data port
This Firewall works perfectly well with exactly this script on the bare
hardware, that is, apt-get works, and SSH works.
Under Xen, with the peth0 bridge, SSH works, but passive FTP fails.
The system has a single eth0 network card and uses the standard Xen bridging
The firewall rules are located in interface specific chains which are referencd
from INPUT, OUTPUT and FORWARD by jumping to them after maching the device, as
in -A IPNUT -i eth0 -j inp_eth0.
I have played with forwarding and ip_forward settings and set the default
FORWARD policy to ACCEPT but all that does not change a thing.
BTW, I am wondering whether http://wiki.xensource.com/xenwiki/XenNetworking is
correct; shouldn't it read peth0 in the IPTABLES example?
If you have the slightest idea what I may be missing here, any
keyword/pointer/explanation would be highly appreciated.
Neu: GMX De-Mail - Einfach wie E-Mail, sicher wie ein Brief!
Jetzt De-Mail-Adresse reservieren: http://portal.gmx.net/de/go/demail
Xen-users mailing list