Kees Cook wrote:
Hi! I've built a xen domain without bridging, and it seems that tcp is
broken. ICMP works fine (I can ping either end), but TCP doesn't ACK in
the xen client. I found one mention this on the mailing list back in
March, but it didn't have an answer. I watched the communication in
ethereal, and the client simply ignored the SYN,ACK packets from the
Can you tell where they were being dropped? Was netstat -s showing
anything? Have you tried different TCP apps? ftp, hping, rsync, ssh?
Are you running IPSec or some other filtering?
Linux host 22.214.171.124-xen0 #1 Sun May 22 11:38:50 BST 2005 i686 GNU/Linux
I'm intentionally isolating my xen clients, but I need them to talk to
the host. What sort of diagnostics can I provide to help track this
This is usually caused by a misconfiguration of the firewall
or having some needed port not open.
Could you collect the ethereal or tcpdump trace of that happening, and also
ifconfig, netstat -tan, netstat -s, sysctl -a, ip show rule, output?
Xen-users mailing list