Because I had recompiled Xen a few times and even tried installing it from
packages, I wasn't sure about the state of the machine, so I just blew it
out, and reinstalled (FC 8) from scratch.
I compiled Xen (3.2 - testing) and installed a Fedora VM, still no
networking.
I checked my iptables rules and saw that the first rule in the FORWARD chain
rejected everything. I deleted that rule and the VM's networking came right
up.
I'm not an iptables expert but looking at the FORWARD chain I originally
sent out, it looks like that may have been the original problem as well.
ORIGINAL FORWARD CHAIN:
Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere 192.168.122.0/24 state
RELATED,ESTABLISHED
ACCEPT all -- 192.168.122.0/24 anywhere
ACCEPT all -- anywhere anywhere
REJECT all -- anywhere anywhere reject-with
icmp-port-unreachable
REJECT all -- anywhere anywhere reject-with
icmp-port-unreachable
ACCEPT all -- anywhere 192.168.122.0/24 state
RELATED,ESTABLISHED
ACCEPT all -- 192.168.122.0/24 anywhere
ACCEPT all -- anywhere anywhere
REJECT all -- anywhere anywhere reject-with
icmp-port-unreachable
REJECT all -- anywhere anywhere reject-with
icmp-port-unreachable
ACCEPT all -- anywhere 192.168.122.0/24 state
RELATED,ESTABLISHED
ACCEPT all -- 192.168.122.0/24 anywhere
ACCEPT all -- anywhere anywhere
REJECT all -- anywhere anywhere reject-with
icmp-port-unreachable
REJECT all -- anywhere anywhere reject-with
icmp-port-unreachable
REJECT all -- anywhere anywhere reject-with
icmp-host-prohibited
ACCEPT all -- anywhere anywhere PHYSDEV match
--physdev-in vif2.0
There are a lot of REJECT rules before the rule that accepts to/from vif2.0.
So I'm guessing that the ACCEPT from anywhere to anywhere rules don't
include traffice to/from the virtual interface?
-matthew
> -----Original Message-----
> From: Matthew Donovan [mailto:matthew@xxxxxxxxxxxxxx]
> Sent: Tuesday, June 24, 2008 11:02 AM
> To: Keir Fraser; xen-devel
> Subject: RE: [Xen-devel] Compiling from source and networking problem
>
> Networking for an HVM linux guest (FC 8) also does not work.
> One thing I'm
> seeing on the linux guest (and I don't know if it matters) is
> that every
> time I boot it, the ethernet interface number increases:
> eth0, eth1, eth2,
> eth3.
>
> -matthew
>
>
> > -----Original Message-----
> > From: Keir Fraser [mailto:keir.fraser@xxxxxxxxxxxxx]
> > Sent: Friday, June 13, 2008 3:32 PM
> > To: Matthew Donovan; xen-devel
> > Subject: Re: [Xen-devel] Compiling from source and
> networking problem
> >
> > Networking for Windows guests should work straightforwardly
> > 'out of the
> > box'. Have you been able to get networking going with any
> > other type of
> > guest: e.g., Linux, WinXP?
> >
> > -- Keir
> >
> > On 13/6/08 18:50, "Matthew Donovan" <matthew@xxxxxxxxxxxxxx> wrote:
> >
> > > Hey,
> > >
> > > I was originally asking questions on xen-users but no one
> > seems to have any
> > > idea about this so I figured I'd try this list.
> > >
> > > I compiled Xen from source (3.2 testing) on an Intel
> > machine running Fedora
> > > Core 8 and have discovered that my guest (Windows Vista)
> > does not have a
> > > network connection.
> > >
> > > Looking at various online documentation and a machine that
> > does work, I
> > > guessed that I needed dnsmasq and libvirtd installed. I
> > did that (and I
> > > think it's configured correctly i.e. it runs when the
> > machine boots and has
> > > the same flags as the machine that works) and still nothing
> > (i.e. domU does
> > > not have a network connection). I installed libvirt from
> > source and got the
> > > Fedora package for dnsmasq.
> > >
> > > Most of the documentation I've found for networking is old
> > and doesn't seem
> > > to reflect what Xen is doing. Most sources refer to xenbr0
> > while only a
> > > couple places mention that eth0 becomes the bridge and
> > peth0 is now the
> > > interface that dom0 uses.
> > >
> > > It's possible that I have remnants of my attempt to get Xen
> > working from
> > > rpm's on this system. I don't know if that would screw
> > anything up or not.
> > >
> > > Is there an up-to-date reference for how Xen networking is
> > done? I've read
> > > the XenNetworking Wiki page through repeatedly and can't glean the
> > > appropriate trouble-shooting information from it.
> > >
> > > In the VM I've tried configuring it for DHCP and giving it
> > a static IP.
> > > Neither do anything.
> > >
> > > Should I just format the computer and start from scratch?
> > >
> > > I'm at my wit's end here.
> > > Any help is appreciated.
> > > -matthew
> > >
> > > Some other details:
> > > My _current_ guest config specifies networking as:
> > >
> > > dhcp="dhcp"
> > > vif=[ 'type=ioemu, bridge=xenbr0' ]
> > >
> > >
> > > /etc/xen/xend-config.sxp says:
> > > (network-script network-bridge)
> > > (vif-script vif-bridge)
> > >
> > > My guest is currently running and "brctl show" output:
> > > [root@moosen ~]# brctl show
> > > bridge name bridge id STP enabled interfaces
> > > eth0 8000.0019b932c635 no peth0
> > > tap0
> > > vif2.0
> > > virbr0 8000.000000000000 yes
> > >
> > >
> > > Iptables output:
> > >
> > > [root@moosen ~]# iptables -L
> > > Chain INPUT (policy ACCEPT)
> > > target prot opt source destination
> > > ACCEPT udp -- anywhere anywhere
> > udp dpt:domain
> > > ACCEPT tcp -- anywhere anywhere
> > tcp dpt:domain
> > > ACCEPT udp -- anywhere anywhere
> > udp dpt:bootps
> > > ACCEPT tcp -- anywhere anywhere
> > tcp dpt:bootps
> > > ACCEPT udp -- anywhere anywhere
> > udp dpt:domain
> > > ACCEPT tcp -- anywhere anywhere
> > tcp dpt:domain
> > > ACCEPT udp -- anywhere anywhere
> > udp dpt:bootps
> > > ACCEPT tcp -- anywhere anywhere
> > tcp dpt:bootps
> > > ACCEPT udp -- anywhere anywhere
> > udp dpt:domain
> > > ACCEPT tcp -- anywhere anywhere
> > tcp dpt:domain
> > > ACCEPT udp -- anywhere anywhere
> > udp dpt:bootps
> > > ACCEPT tcp -- anywhere anywhere
> > tcp dpt:bootps
> > > RH-Firewall-1-INPUT all -- anywhere anywhere
> > >
> > > Chain FORWARD (policy ACCEPT)
> > > target prot opt source destination
> > > ACCEPT all -- anywhere 192.168.122.0/24 state
> > > RELATED,ESTABLISHED
> > > ACCEPT all -- 192.168.122.0/24 anywhere
> > > ACCEPT all -- anywhere anywhere
> > > REJECT all -- anywhere anywhere
> > reject-with
> > > icmp-port-unreachable
> > > REJECT all -- anywhere anywhere
> > reject-with
> > > icmp-port-unreachable
> > > ACCEPT all -- anywhere 192.168.122.0/24 state
> > > RELATED,ESTABLISHED
> > > ACCEPT all -- 192.168.122.0/24 anywhere
> > > ACCEPT all -- anywhere anywhere
> > > REJECT all -- anywhere anywhere
> > reject-with
> > > icmp-port-unreachable
> > > REJECT all -- anywhere anywhere
> > reject-with
> > > icmp-port-unreachable
> > > ACCEPT all -- anywhere 192.168.122.0/24 state
> > > RELATED,ESTABLISHED
> > > ACCEPT all -- 192.168.122.0/24 anywhere
> > > ACCEPT all -- anywhere anywhere
> > > REJECT all -- anywhere anywhere
> > reject-with
> > > icmp-port-unreachable
> > > REJECT all -- anywhere anywhere
> > reject-with
> > > icmp-port-unreachable
> > > REJECT all -- anywhere anywhere
> > reject-with
> > > icmp-host-prohibited
> > > ACCEPT all -- anywhere anywhere
> > PHYSDEV match
> > > --physdev-in vif2.0
> > >
> > > Chain OUTPUT (policy ACCEPT)
> > > target prot opt source destination
> > >
> > > Chain RH-Firewall-1-INPUT (1 references)
> > > target prot opt source destination
> > > ACCEPT all -- anywhere anywhere
> > > ACCEPT icmp -- anywhere anywhere
> > icmp any
> > > ACCEPT esp -- anywhere anywhere
> > > ACCEPT ah -- anywhere anywhere
> > > ACCEPT udp -- anywhere 224.0.0.251
> > udp dpt:mdns
> > > ACCEPT udp -- anywhere anywhere
> > udp dpt:ipp
> > > ACCEPT tcp -- anywhere anywhere
> > tcp dpt:ipp
> > > ACCEPT all -- anywhere anywhere state
> > > RELATED,ESTABLISHED
> > > ACCEPT tcp -- anywhere anywhere
> > state NEW tcp
> > > dpt:ssh
> > > REJECT all -- anywhere anywhere
> > reject-with
> > > icmp-host-prohibited
> > >
> > >
> > > _______________________________________________
> > > Xen-devel mailing list
> > > Xen-devel@xxxxxxxxxxxxxxxxxxx
> > > http://lists.xensource.com/xen-devel
> >
> >
>
> _______________________________________________
> Xen-devel mailing list
> Xen-devel@xxxxxxxxxxxxxxxxxxx
> http://lists.xensource.com/xen-devel
>
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel
|
Home