This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
Home Products Support Community News


[Xen-users] Shorewall-Xen problems... (Cross-posted to Xen and Shorewall

To: shorewall-users@xxxxxxxxxxxxxxxxxxxxx, xen-users@xxxxxxxxxxxxxxxxxxx
Subject: [Xen-users] Shorewall-Xen problems... (Cross-posted to Xen and Shorewall mailing lists)
From: Seth Green <registrations@xxxxxxxxxxxxxxx>
Date: Fri, 23 Oct 2009 10:45:08 -0400
Delivery-date: Fri, 23 Oct 2009 07:44:40 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: Thunderbird (Windows/20090812)
I have recently replaced my external firewall with a Shorewall setup in
a Xen DomU domain similar to what's described in
http://www.shorewall.net/XenMyWay.html.  I'm using PCI pass-through to
isolate two NICs in the Shorewall DomU, using one of the NICs for the
net and one for my lan.  I am also using a bridge off of a dummy
interface (pdummy0 as the physical interface; dummy0 in Dom0) to provide
network access to Dom0 and other DomU's running on the same box.

On at least an intermittent basis, if I try to download a large file in
Dom0 (for example, upgrading a large Debian package via apt-get) the
dummy bridge goes down and I lose all network connectivity to Dom0 and
the non-Shorewall DomU's.  (I believe this may have also happened once
during a download from a non-Shorewall DomU, but to date I've only
recreated it with Dom0).  I can generally restore function with the
following commands in Dom0:  "ifconfig dummy0 down; ifconfig pdummy0
down; ifconfig pdummy0 up; ifconfig dummy0 up" (on at least one
occasion, I also had to correct the routing policies to send everything
through dummy0).

I have found no logs reflecting any error messages at the time of the
network outages (have checked sylog, dmesg, and xen logs).

Does anyone have any thoughts?


Seth Green

Xen-users mailing list

<Prev in Thread] Current Thread [Next in Thread>
  • [Xen-users] Shorewall-Xen problems... (Cross-posted to Xen and Shorewall mailing lists), Seth Green <=