WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-devel

Re: [Xen-devel] Network issues with SuSE firewall

To: "Gregory Newby" <newby@xxxxxxxx>
Subject: Re: [Xen-devel] Network issues with SuSE firewall
From: Ian Pratt <Ian.Pratt@xxxxxxxxxxxx>
Date: Sat, 08 Nov 2003 01:57:36 +0000
Cc: xen-devel@xxxxxxxxxxxxxxxxxxxxx, Ian.Pratt@xxxxxxxxxxxx
Delivery-date: Sat, 08 Nov 2003 01:59:32 +0000
Envelope-to: steven.hand@xxxxxxxxxxxx
In-reply-to: Your message of "Fri, 07 Nov 2003 16:39:17 -0900." <20031108013917.GA1819@xxxxxxxxxxxxxxxxxxx>
List-archive: <http://sourceforge.net/mailarchive/forum.php?forum=xen-devel>
List-help: <mailto:xen-devel-request@lists.sourceforge.net?subject=help>
List-id: List for Xen developers <xen-devel.lists.sourceforge.net>
List-post: <mailto:xen-devel@lists.sourceforge.net>
List-subscribe: <https://lists.sourceforge.net/lists/listinfo/xen-devel>, <mailto:xen-devel-request@lists.sourceforge.net?subject=subscribe>
List-unsubscribe: <https://lists.sourceforge.net/lists/listinfo/xen-devel>, <mailto:xen-devel-request@lists.sourceforge.net?subject=unsubscribe>
Sender: xen-devel-admin@xxxxxxxxxxxxxxxxxxxxx
> > Very odd. Any chance you can get a serial line on the system?
> > The other domain's boot messages should also come out on serial.
> 
> Yes, I brought in a null modem.  I'll try this.

This will be very intersting.

> > > > Please can you send me the output from running xenctl, and the
> > > > console message from the booting domain.
> > > 
> > > Yep.  Maybe the output from the "xenctl script..." startup is
> > > informative.  This is with the default /etc/xen-mynewdom, containing:
> > 
> > I take it that you're wanting to boot with the initrd copied
> > off the CD, and use the CD for the new domain's /usr ?
> 
> Huh?  No, that's the first I heard about that.
> 
> I'm using the standard /usr
> 
> This could explain a lot.  How am I supposed to make
> the CD's /usr available to the domains?

The easiest thing to do for testing is to put the CD in the
drive.

You really need to install other filesystems (on either real
partitions or virtual disks) for other domains, or export them
from domain 0 via local NFS.


> > an sshd, but I think your problem lies elsewhere...
> 
> sshd listens on port 22.  By "telnet HOSTNAME 22" I'm trying
> to connect to the ssh port.  The advantage of doing it this way
> is that the client & negotiation don't matter...  just the
> ability to connect.

I missed the final "22".
 
> The NAT rules in iptables redirects port 22 on 169.254.1.3
> (in this case) to port 2203 on 169.254.1.0.  So, theoretically,
> "telnet 169.254.1.3 22" is the same as "telnet 169.254.1.0 2203".
> To actually login,
>       ssh root@xxxxxxxxxxx
> or    ssh -p 2203 root@xxxxxxxxxxx

I'm still nervous about the NAT/firewall set up.

Seeing as you're only using local networking for this, you
shouldn't need xen_nat_enable at all -- just reboot and bring up
eth0:0 by hand.

After starting a new domain you should be able to ping and ssh
root@xxxxxxxxxxx if things are well.

> > What happens if you run tcpdump in domain0. Do you see any
> > packets arriving at 169.254.1.0 ?
> 
> Yes.  Here is "grep 169" from a tcpdump log while I tried (from
> domain0) "telnet 169.254.1.3 22" (yes, the arp reply matches 
> eth0's MAC):

It would be interesting to see if you receive any packets while
the domain is booting (console packets).

Ian


-------------------------------------------------------
This SF.Net email sponsored by: ApacheCon 2003,
16-19 November in Las Vegas. Learn firsthand the latest
developments in Apache, PHP, Perl, XML, Java, MySQL,
WebDAV, and more! http://www.apachecon.com/
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/xen-devel