xen-users

[Top] [All Lists]

Re: [Xen-users] iptables in dom0 with bridge: no more outbound connectio

from [Peter Fokkinga]

[Permanent Link][Original]

To:	xen-users@xxxxxxxxxxxxxxxxxxx
Subject:	Re: [Xen-users] iptables in dom0 with bridge: no more outbound connections
From:	Peter Fokkinga <peter@xxxxxxxxxxx>
Date:	Fri, 29 Dec 2006 18:42:55 +0100
Delivery-date:	Fri, 29 Dec 2006 09:42:17 -0800
Envelope-to:	www-data@xxxxxxxxxxxxxxxxxx
In-reply-to:	<459544F5.7050303@xxxxxxxxx>
List-help:	<mailto:xen-users-request@lists.xensource.com?subject=help>
List-id:	Xen user discussion <xen-users.lists.xensource.com>
List-post:	<mailto:xen-users@lists.xensource.com>
List-subscribe:	<http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe:	<http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
References:	<20061229162546.1r02ekiiowoos8c8@xxxxxxxxx> <459544F5.7050303@xxxxxxxxx>
Sender:	xen-users-bounces@xxxxxxxxxxxxxxxxxxx
User-agent:	Internet Messaging Program (IMP) H3 (4.1.3)

Quoting Nico Kadel-Garcia <nkadel@xxxxxxxxx>:

Peter Fokkinga wrote:

[...]
Now for the real spooky part:
 1. I booted into dom0 (no xend)
 2. executed `telnet 129.125.14.12 daytime`, it works
 3. started xend
 4. executed `telnet 129.125.14.12 daytime`, it still works (surprise!)
 5. executed `telnet 129.125.14.13 daytime`, it does not work

DNS cache, I think.


But I'm using ip adresses, not names? I don't see how DNS fits in
this picture.

It's been discussed before: I haven't had a chance to pursue it,
myself. Basically, after you start Xend, traffic going *out* from Dom0
goes through peth0, as near as I can tell, not eth0.


Ok, but why is iptables interfering? I'm not refering to eth0 in
my rules. If I flush iptables after starting Xend everything is fine,
troubles start the moment I re-activate the rules.

I get the feeling iptables does not remember its state, so my rule
  iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
has no effect. Kernel modules xt_state and ip_conntrack are loaded.

Peter


_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
[Xen-users] iptables in dom0 with bridge: no more outbound connections, Peter Fokkinga Re: [Xen-users] iptables in dom0 with bridge: no more outbound connections, Nico Kadel-Garcia Re: [Xen-users] iptables in dom0 with bridge: no more outbound connections, Peter Fokkinga <= Re: [Xen-users] iptables in dom0 with bridge: no more outbound connections, Nico Kadel-Garcia Re: [Xen-users] iptables in dom0 with bridge: no more outbound connections, Jerry Amundson Re: [Xen-users] iptables in dom0 with bridge: no more outbound connections, Peter Fokkinga Re: [Xen-users] iptables in dom0 with bridge: no more outbound connections, Christopher G. Stach II

Previous by Date:	Re: [Xen-users] Using pygrub, Henning Sprang
Next by Date:	Re: [Xen-users] CIM @ LINUX(XEN) (FC6 or SuSE 10), Szymanski, Lukasz K
Previous by Thread:	Re: [Xen-users] iptables in dom0 with bridge: no more outbound connections, Nico Kadel-Garcia
Next by Thread:	Re: [Xen-users] iptables in dom0 with bridge: no more outbound connections, Nico Kadel-Garcia
Indexes:	[Date] [Thread] [Top] [All Lists]