[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] Network issues with SuSE firewall



> > Very odd. Any chance you can get a serial line on the system?
> > The other domain's boot messages should also come out on serial.
> 
> Yes, I brought in a null modem.  I'll try this.

This will be very intersting.

> > > > Please can you send me the output from running xenctl, and the
> > > > console message from the booting domain.
> > > 
> > > Yep.  Maybe the output from the "xenctl script..." startup is
> > > informative.  This is with the default /etc/xen-mynewdom, containing:
> > 
> > I take it that you're wanting to boot with the initrd copied
> > off the CD, and use the CD for the new domain's /usr ?
> 
> Huh?  No, that's the first I heard about that.
> 
> I'm using the standard /usr
> 
> This could explain a lot.  How am I supposed to make
> the CD's /usr available to the domains?

The easiest thing to do for testing is to put the CD in the
drive.

You really need to install other filesystems (on either real
partitions or virtual disks) for other domains, or export them
from domain 0 via local NFS.


> > an sshd, but I think your problem lies elsewhere...
> 
> sshd listens on port 22.  By "telnet HOSTNAME 22" I'm trying
> to connect to the ssh port.  The advantage of doing it this way
> is that the client & negotiation don't matter...  just the
> ability to connect.

I missed the final "22".
 
> The NAT rules in iptables redirects port 22 on 169.254.1.3
> (in this case) to port 2203 on 169.254.1.0.  So, theoretically,
> "telnet 169.254.1.3 22" is the same as "telnet 169.254.1.0 2203".
> To actually login,
>       ssh root@xxxxxxxxxxx
> or    ssh -p 2203 root@xxxxxxxxxxx

I'm still nervous about the NAT/firewall set up.

Seeing as you're only using local networking for this, you
shouldn't need xen_nat_enable at all -- just reboot and bring up
eth0:0 by hand.

After starting a new domain you should be able to ping and ssh
root@xxxxxxxxxxx if things are well.

> > What happens if you run tcpdump in domain0. Do you see any
> > packets arriving at 169.254.1.0 ?
> 
> Yes.  Here is "grep 169" from a tcpdump log while I tried (from
> domain0) "telnet 169.254.1.3 22" (yes, the arp reply matches 
> eth0's MAC):

It would be interesting to see if you receive any packets while
the domain is booting (console packets).

Ian


-------------------------------------------------------
This SF.Net email sponsored by: ApacheCon 2003,
16-19 November in Las Vegas. Learn firsthand the latest
developments in Apache, PHP, Perl, XML, Java, MySQL,
WebDAV, and more! http://www.apachecon.com/
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/xen-devel


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.