|  |  | 
  
    |  |  | 
 
  |   |  | 
  
    |  |  | 
  
    |  |  | 
  
    |   xen-users
[Xen-users] Xen bridge + iptables FORWARD 
| Hi all, 
 I have Xen 3.2 newly installed on Lenny with network bridging configured. When I built my first VM, I found it couldn't connect to the Internet. This turned out to be because my dom0's iptables was configured to DROP all packets on the FORWARD chain (when I removed that, it started working).
 
 The "Xen Networking" page on the wiki describes this exact situation (http://wiki.xensource.com/xenwiki/XenNetworking#head-602e26cd4a03b992f3938fe1bea03fa0fea0ed8b) and suggests adding the following iptables rules:
 
 
 iptables -A FORWARD -m physdev --physdev-in eth0 --physdev-out '!' eth0  -j ACCEPTThis, however, did not work for me. I have 2 questions about this:iptables -A FORWARD -m physdev --physdev-out eth0 --physdev-in '!' eth0  -j ACCEPT
 
 
 1. The description of what this is supposed to do is "allowing packet forwarding (at the iptables level) between the external physical interface and the vifs for the guests". But in the diagram, it looks like external physical interface is peth0, not eth0. Am I misunderstanding something, or should eth0 in the rules above actually be peth0?
 
 2. Just for fun, I tried changing eth0 in the rules above to peth0, based on the reasoning above. That actually seemed to work. But now my syslog is getting flooded with messages like this, which makes me wonder if I'm barking up the wrong tree entirely:
 physdev match: using --physdev-out in the OUTPUT, FORWARD and POSTROUTING chains for non-bridged traffic is not supported anymore.
 
 To my surprise, I haven't been able to find any resource aside from the wiki page mentioned above that discusses the best practice for disabling forwarding on the dom0 except what's required for Xen bridging. If anybody has any thoughts on how to achieve this, it'd be much appreciated.
 
 Best regards,
 
 Martin Goldman _______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users | 
 
| <Prev in Thread] | Current Thread | [Next in Thread> |  | 
[Xen-users] Xen bridge + iptables FORWARD,
Martin Goldman <=
 |  |  | 
  
    |  |  |