[Xen-users] XEN 4/Squeeze: Dom0 FTP Killed by Bridge; SSH Works

[andre.d@xxxxxxx]

Hey there,

I'm using Xen 4 as per Debian Squeeze (Linux 2.6.32-5-xen-amd64, Xen 
4.0.1-rc5). Dom0 is up and running with an IPTABLES firewall I successfully 
used on the bare hardware.

The Firewall is pretty restrictive but allows for incoming SSH and outgoing FTP 
(FTP client functionality). However, outgoing FTP (FTP client functionality) is 
allowed by an ESTABLISHED, RELATED rule, rather than opening the FTP data port 
directly.

This Firewall works perfectly well with exactly this script on the bare 
hardware, that is, apt-get works, and SSH works.

Under Xen, with the peth0 bridge, SSH works, but passive FTP fails.

The system has a single eth0 network card and uses the standard Xen bridging 
setup.

The firewall rules are located in interface specific chains which are referencd 
from INPUT, OUTPUT and FORWARD by jumping to them after maching the device, as 
in -A IPNUT -i eth0 -j inp_eth0.

I have played with forwarding and ip_forward settings and set the default 
FORWARD policy to ACCEPT but all that does not change a thing.

BTW, I am wondering whether http://wiki.xensource.com/xenwiki/XenNetworking is 
correct; shouldn't it read peth0 in the IPTABLES example?

If you have the slightest idea what I may be missing here, any 
keyword/pointer/explanation would be highly appreciated.

Thank you!
-- 
Neu: GMX De-Mail - Einfach wie E-Mail, sicher wie ein Brief!  
Jetzt De-Mail-Adresse reservieren: http://portal.gmx.net/de/go/demail

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users