This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
Home Products Support Community News


Re: [Xen-users] 3.4.x networking

On Sun, Sep 13, 2009 at 03:09:54PM -0500, Mark Chaney wrote:
> It appears to work for the most part. Som im guessing I should be able to
> comment out the handle_iptable for vif-bridge. BUT, according to my diff
> findings the vif-bridge for 3.3.1 and 3.4.1 are exactly the same.

Well like Mike already pointed out the changes are in

> On Sunday 13 September 2009 14:46:26 Pasi Kärkkäinen wrote:
> > > I know it says the error is with vif-bridge, but that's stock, so I
> don't
> > > know what could be wrong with it. I dont get these errors witht he Xen
> > > 3.3.1 and Kernel i mentioned earlier.
> > 
> > Did you diff vif-bridge script between xen 3.3.1 and xen 3.4.1 versions? 
> > What are the differences? 
> > 
> > What's the failing iptables command? Please paste the whole command here, 
> > including the parameters.


> frob_iptables in /etc/xen/scripts/vif-common.sh has changed, mostly by the 
> addition of:
> iptables "$c" FORWARD -m state --state RELATED,ESTABLISHED -m physdev \
>     --physdev-out "$vif" -j ACCEPT 2>/dev/null
> I found this not only caused the probably innocuous physdev depreciation 
> warning, but caused the conntrack modules to be loaded due to the state
> check. 
> The default conntrack size was far too small for me.
> So either remove iptables, or comment out "handle_iptable" from 
> /etc/xen/scripts/vif-bridge, I've no need for Xen to change iptables.


-- Pasi

> -- 
> Mike Williams

Xen-users mailing list

<Prev in Thread] Current Thread [Next in Thread>