This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
Home Products Support Community News


Re: [Xen-users] xen3 with bind in domU

To: xen-users@xxxxxxxxxxxxxxxxxxx
Subject: Re: [Xen-users] xen3 with bind in domU
From: Tom Eastep <teastep@xxxxxxxxxxxxx>
Date: Tue, 14 Mar 2006 09:37:27 -0800
Cc: Daniel Bauer <mlist@xxxxxxxxxxx>
Delivery-date: Tue, 14 Mar 2006 17:38:40 +0000
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <05f801c6478c$c4ea22b0$0101010a@mobile>
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
References: <05f801c6478c$c4ea22b0$0101010a@mobile>
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: KMail/1.9.1
On Tuesday 14 March 2006 09:28, Daniel Bauer wrote:
> Hi @all,
> I've got a runnig xen host with "nothing" inside dom0 and some domU
> 1. domU: firewall and router (external and internal interface)
> 2. domU: webserver with bind (internal interface)
> 3. domU: mailserver (internal interface)
> if I start a query at the domU bind from the inside of the network it
> works,
> if I start the same query from the outside of the network then it fails.
> I'm sure that the firewall allowed this query, I'm using the same
> iptables rules which worked on the 3 differnt real boxes.
> Does anybody knows this problem?

I had problems with bind in domU until I arranged for the following to be 
executed in the domU when interface 'eth0' was brought up:

        ethtool -K eth0 tx off

Before I applied that change, tcpdump showed that UDP packets from the domU 
had invalid checksums.

Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@xxxxxxxxxxxxx
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key

Attachment: pgp2kSwyZeJbO.pgp
Description: PGP signature

Xen-users mailing list