WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-users

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Xen-users] UPATED xenbr0 doesn't have an IP (should it?!)

from [John Haxby] [Permanent Link][Original]
To: Stuart Rench <Stuart.Rench@xxxxxxxxxxxx>
Subject: Re: [Xen-users] UPATED xenbr0 doesn't have an IP (should it?!)
From: John Haxby <john.haxby@xxxxxxxxxx>
Date: Mon, 28 Apr 2008 10:02:07 +0100
Cc: xen-users@xxxxxxxxxxxxxxxxxxx
Delivery-date: Mon, 28 Apr 2008 02:03:38 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
In-reply-to: <C6119BB3AD041048ABE4A72EBB59679118102B@xxxxxxxxxxxxxxxxxxxxxx>
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
References: <48047651.1030805@xxxxxxxx><200804221041.30314.fjwcash@xxxxxxxxx><4811694B.7040000@xxxxxxxx><200804250835.57392.fjwcash@xxxxxxxxx> <C6119BB3AD041048ABE4A72EBB59679118101F@xxxxxxxxxxxxxxxxxxxxxx> <C6119BB3AD041048ABE4A72EBB596791181020@xxxxxxxxxxxxxxxxxxxxxx> <C6119BB3AD041048ABE4A72EBB59679118102B@xxxxxxxxxxxxxxxxxxxxxx>
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: Thunderbird 2.0.0.12 (X11/20080226) 
Stuart Rench wrote:

So now I am convinced that something in iptables and nat has gone
awry...but I am EXTREMELY weak on IPTABLES...

If I were to flush all dom0 iptables to start from scratch, what is a
bare minimum to allow for the following basic network architecture?

Gateway - 10.0.0.1
XenServer - 10.0.0.12
Virtual Server - 10.0.0.13

Anyone else on my network - 10.0.0.x
The main thing that affects traffic to and from domU in dom0 is the FORWARD chain in the filter table: if you flush this (iptables -F FORWARD) then the usual default policy is ACCEPT which means that traffic can be forwarded. The default rule that permits traffic from some source vifX.0 phydev is only needed when the table's policy is not ACCEPT or when there is some other rule in the FORWARD chain that rejects traffic.
You might find "iptables -I FORWARD 1 -j LOG" useful, although, be warned, this can generate a _lot_ of messages that will wind up in /var/log/messages, but you will be able to see what traffic iptables is seeing on that chain.
It's also possible that you have rules in some other table that are causing you trouble; running iptables-save will show you all the rules in all the chains in all the tables. You may have something odd in the nat table that is giving you grief. 

jch

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Xen-users] conntrack_ftp problem domU not responding, Markus Hardiyanto
Next by Date:  Re: [Xen-users] dd trough scp with tar, John Haxby
Previous by Thread:  RE: [Xen-users] UPATED xenbr0 doesn't have an IP (should it?!), Stuart Rench
Next by Thread:  [Xen-users] Release: InetBoot (GRUB + BuildRoot + HTTP-FUSE), Kuniyasu Suzaki
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy