WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-devel

Re: [Xen-devel] Network issues with SuSE firewall

To: xen-devel@xxxxxxxxxxxxxxxxxxxxx
Subject: Re: [Xen-devel] Network issues with SuSE firewall
From: "Gregory Newby" <newby@xxxxxxxx>
Date: Fri, 7 Nov 2003 17:56:04 -0900
Delivery-date: Sat, 08 Nov 2003 02:57:20 +0000
Envelope-to: steven.hand@xxxxxxxxxxxx
In-reply-to: <E1AIIM5-0003qo-00@xxxxxxxxxxxxxxxxxxxx>
List-archive: <http://sourceforge.net/mailarchive/forum.php?forum=xen-devel>
List-help: <mailto:xen-devel-request@lists.sourceforge.net?subject=help>
List-id: List for Xen developers <xen-devel.lists.sourceforge.net>
List-post: <mailto:xen-devel@lists.sourceforge.net>
List-subscribe: <https://lists.sourceforge.net/lists/listinfo/xen-devel>, <mailto:xen-devel-request@lists.sourceforge.net?subject=subscribe>
List-unsubscribe: <https://lists.sourceforge.net/lists/listinfo/xen-devel>, <mailto:xen-devel-request@lists.sourceforge.net?subject=unsubscribe>
References: <20031108013917.GA1819@xxxxxxxxxxxxxxxxxxx> <E1AIIM5-0003qo-00@xxxxxxxxxxxxxxxxxxxx>
Sender: xen-devel-admin@xxxxxxxxxxxxxxxxxxxxx
User-agent: Mutt/1.4.1i
On Sat, Nov 08, 2003 at 01:57:36AM +0000, Ian Pratt wrote:
> 
> > > Very odd. Any chance you can get a serial line on the system?
> > > The other domain's boot messages should also come out on serial.
> > 
> > Yes, I brought in a null modem.  I'll try this.
> 
> This will be very intersting.

I'll forward the console log to you privately (since it's long
and boring) in my next message.  Basically, the serial port
captured the DOM0 boot messages (which, previously, I had
not seen), but didn't generate anything from DOMID=1 etc.
when I started them.

The log shows a boot, then I ran "xen_nat_enable" followed by "xenctl
script -f/etc/xen-mynewdom" followed by "xenctl domain start -n1"

Only the boot generated any messages.

> > > > > Please can you send me the output from running xenctl, and the
> > > > > console message from the booting domain.
> > > > 
> > > > Yep.  Maybe the output from the "xenctl script..." startup is
> > > > informative.  This is with the default /etc/xen-mynewdom, containing:
> > > 
> > > I take it that you're wanting to boot with the initrd copied
> > > off the CD, and use the CD for the new domain's /usr ?
> > 
> > Huh?  No, that's the first I heard about that.
> > 
> > I'm using the standard /usr
> > 
> > This could explain a lot.  How am I supposed to make
> > the CD's /usr available to the domains?
> 
> The easiest thing to do for testing is to put the CD in the
> drive.

You mean, it will automatically mount & find the /usr on
the drive?

OR, I should mount first (where?)

OR, I need to boot from the CD (that was last week...this
week, we're trying to get it all installed on the hard drives).

> You really need to install other filesystems (on either real
> partitions or virtual disks) for other domains, or export them
> from domain 0 via local NFS.

Actually, this might be easier.  Let's say I allocate
a real partition, and configure grub to boot from it
(rather than my current /dev/sda2)

Should I simply copy (with the same permissions)
the entire CD, so that the root on the real partition
is the root on the CD...and then, over-write the 
files in /boot and /bin with those from the new
xeno-clone/install/.. tree?

> > > an sshd, but I think your problem lies elsewhere...
> > 
> > sshd listens on port 22.  By "telnet HOSTNAME 22" I'm trying
> > to connect to the ssh port.  The advantage of doing it this way
> > is that the client & negotiation don't matter...  just the
> > ability to connect.
> 
> I missed the final "22".
>  
> > The NAT rules in iptables redirects port 22 on 169.254.1.3
> > (in this case) to port 2203 on 169.254.1.0.  So, theoretically,
> > "telnet 169.254.1.3 22" is the same as "telnet 169.254.1.0 2203".
> > To actually login,
> >     ssh root@xxxxxxxxxxx
> > or  ssh -p 2203 root@xxxxxxxxxxx
> 
> I'm still nervous about the NAT/firewall set up.
> 
> Seeing as you're only using local networking for this, you
> shouldn't need xen_nat_enable at all -- just reboot and bring up
> eth0:0 by hand.

I tried that...

> After starting a new domain you should be able to ping and ssh
> root@xxxxxxxxxxx if things are well.

Things are not well.  It's looking to me like DOMID=1 etc.
are not able to access the network, or start sshd, or some
other trajedy.

> > > What happens if you run tcpdump in domain0. Do you see any
> > > packets arriving at 169.254.1.0 ?
> > 
> > Yes.  Here is "grep 169" from a tcpdump log while I tried (from
> > domain0) "telnet 169.254.1.3 22" (yes, the arp reply matches 
> > eth0's MAC):
> 
> It would be interesting to see if you receive any packets while
> the domain is booting (console packets).

I'll check this.



-------------------------------------------------------
This SF.Net email sponsored by: ApacheCon 2003,
16-19 November in Las Vegas. Learn firsthand the latest
developments in Apache, PHP, Perl, XML, Java, MySQL,
WebDAV, and more! http://www.apachecon.com/
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/xen-devel