This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
Home Products Support Community News


Re: [Xen-devel] [PATCH] Re: network-bridge script breaks networkconnecti

To: xen-devel@xxxxxxxxxxxxxxxxxxx
Subject: Re: [Xen-devel] [PATCH] Re: network-bridge script breaks networkconnectivity
From: Luciano Miguel Ferreira Rocha <strange@xxxxxxxxxxxxx>
Date: Tue, 11 Jul 2006 09:46:08 +0100
Delivery-date: Tue, 11 Jul 2006 01:46:49 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
In-reply-to: <A95E2296287EAD4EB592B5DEEFCE0E9D572044@xxxxxxxxxxxxxxxxxxxxxxxxxxx>
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
References: <A95E2296287EAD4EB592B5DEEFCE0E9D572044@xxxxxxxxxxxxxxxxxxxxxxxxxxx>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: Mutt/1.5.11
On Tue, Jul 11, 2006 at 06:45:01AM +0100, Ian Pratt wrote:
> > This patch configures the bridge to *not* apply iptables filtering.
> This
> > makes the virtual bridge more like a real bridge (in that ip-layer
> filter
> > does not happen) and it makes the installation/configuration of xen
> from
> > sources easier (at least on FC5).
> The interaction with host firewall rules has always been a bit icky, not
> least because the xen network scripts typically run after the host's
> firewall scripts (and rename the network device). I've never understood
> what happens to the firewall rules - do they stay with the old eth0 (now
> peth0) or do they now apply to the new device name?

IIRC, interface names in iptables rules are symbolic, so eth0 means what
currently stands for eth0.

For what is worth, I never understood why Xen decides to rename the real
interface or why it tries to manually set the bridge's MAC address.

What I do, in my machines, is use the system's method of bridge
configuration (/etc/sysconfig/network-scripts/ifcfg-xenbr0). That fixed
some problems I had with xen (some instances of connections resetted on
xend start and domU unable to talk to other domU on another machine).


Attachment: pgpT2W9HQVVI8.pgp
Description: PGP signature

Xen-devel mailing list
<Prev in Thread] Current Thread [Next in Thread>