Re: [Xen-users] Problem start iptables - udp broken

To:	"Torsten Lehmann" <tlehmann@xxxxxxxxxxxxx>
Subject:	Re: [Xen-users] Problem start iptables - udp broken
From:	"Abel Martín" <abel.martin.ruiz@xxxxxxxxx>
Date:	Tue, 28 Nov 2006 02:19:39 +0100
Cc:	xen-users@xxxxxxxxxxxxxxxxxxx
Delivery-date:	Mon, 27 Nov 2006 17:19:53 -0800
Domainkey-signature:	a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=KzDBAjEV5Xt4qrN+HH9zGFTiyuhoW7CMxnZD46eaOiztZvvcoSvbZ5APTEhddGbEKQOIZRRRZPZn416n0hnJ6eksGnHgcXF8EpIfo9hYkPNCSw2J1Z4P+hxdjexzPTvHC/P7Em0VjfLAlrZGLrCHHV+GxfmjN4TdBeCbyuWaQ0k=
Envelope-to:	www-data@xxxxxxxxxxxxxxxxxx
In-reply-to:	<Pine.LNX.4.53.0611271710020.18147@xxxxxxxxxxxxxxxxx>
List-help:	<mailto:xen-users-request@lists.xensource.com?subject=help>
List-id:	Xen user discussion <xen-users.lists.xensource.com>
List-post:	<mailto:xen-users@lists.xensource.com>
List-subscribe:	<http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe:	<http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
References:	<Pine.LNX.4.53.0611261237150.25607@xxxxxxxxxxxxxxxxx> <915136920611270342p4576cb6fpe79143a27afea84b@xxxxxxxxxxxxxx> <Pine.LNX.4.53.0611271710020.18147@xxxxxxxxxxxxxxxxx>
Sender:	xen-users-bounces@xxxxxxxxxxxxxxxxxxx

On 11/27/06, Torsten Lehmann <tlehmann@xxxxxxxxxxxxx> wrote:

l1:~# tcpdump -vv -n -i eth0  host NFSserver and udp
17:15:04.814142 IP (tos 0x0, ttl  64, id 65529, offset 0, flags [+],
length: 1500) 193.123.123.86.2879998019 > 193.123.123.85.2049: 1472 write
[|nfs]
17:15:04.814203 IP (tos 0x0, ttl  64, id 65529, offset 1480, flags [none],
length: 720) 193.123.123.86 > 193.123.123.85: udp
17:15:05.266099 IP (tos 0x0, ttl  64, id 65530, offset 0, flags [+],
length: 1500) 193.123.123.86.2896775235 > 193.123.123.85.2049: 1472 write
[|nfs]
17:15:05.266176 IP (tos 0x0, ttl  64, id 65530, offset 1480, flags [none],
length: 720) 193.123.123.86 > 193.123.123.85: udp
17:15:05.714048 IP (tos 0x0, ttl  64, id 65531, offset 0, flags [+],
length: 1500) 193.123.123.86.2913552451 > 193.123.123.85.2049: 1472 write
[|nfs]
17:15:05.714122 IP (tos 0x0, ttl  64, id 65531, offset 1480, flags [none],
length: 720) 193.123.123.86 > 193.123.123.85: udp

This is telling you that domU's eth0 interface is not getting any
response from NFS server. The problem might reside on domU's network
configuration or dom0 network (don't think it's on NFS server
networking, althoug you could check to find out more info).


## - dump on xen0
l0:~# tcpdump -vv -n -i eth0  host NFSserver and udp
## ... nothing...

- xen0:eth0 seen to be blind...

If you're using Xen bridged networking you should try to run tcpdump
on the bridge interface in dom0.


Any solutions?

Might be related to bridged networking when applying iptables rules to
a bridged interface (eth0, in your case). If you aren't using bridged
networking I have no idea of what could be happening... In any case
your workaround is interesting. Are your sure that this solves the
problem or does it go away after waiting for some time? Does your
netfilter script play with the interfaces? Could you post its content?



regards Torsten
Launoc


_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users

WARNING - OLD ARCHIVES

xen-users

Re: [Xen-users] Problem start iptables - udp broken