[Xen-devel] strange networking issue in xen DomU

To:	xen-devel@xxxxxxxxxxxxxxxxxxx
Subject:	[Xen-devel] strange networking issue in xen DomU
From:	"Sarika Ray" <ray.sarika@xxxxxxxxx>
Date:	Wed, 3 Dec 2008 21:56:26 -0500
Delivery-date:	Wed, 03 Dec 2008 18:56:56 -0800
Dkim-signature:	v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to :subject:in-reply-to:mime-version:content-type:references; bh=877P3TXbVR7j7xrX4JRjDxsfb4Pui53WqerLKCKYD/8=; b=CcBT0hAAZu2nWAd3/LY4t9/JuYoDUf3giI2PqooKo+vqLBLQToRu4gpvYzebBRYhr0 q0o2zxYnwjB76svpiAr56lzcCuMj3xzLRQTqJTafMThR4SXi/YsmeUS+ivT7x6flHUCD JCOiJvuSZ4XGfGVG6GLyvw+GFJXMs27gbjvLU=
Domainkey-signature:	a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:in-reply-to:mime-version :content-type:references; b=wVpNdxfsaOtjCwkN7ASQ5wzOoaPJ8QFkkQImtvTI/VV0Alv6wYRuxnyiKBXriq7pX1 rni1xchoAJDoykQfFVyfj/zBpoTcbB5eSP1JKf4MAuhLE6wHNEVnJPyEAmTblH4F0EGm 6H/nsO8kPX8+DOeuGryEKLarEt2xPydatfwns=
Envelope-to:	www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to:	<9f642e900812022218s3044469bx46e83cecdfcb5c58@xxxxxxxxxxxxxx>
List-help:	<mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id:	Xen developer discussion <xen-devel.lists.xensource.com>
List-post:	<mailto:xen-devel@lists.xensource.com>
List-subscribe:	<http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe:	<http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
References:	<9f642e900812022218s3044469bx46e83cecdfcb5c58@xxxxxxxxxxxxxx>
Sender:	xen-devel-bounces@xxxxxxxxxxxxxxxxxxx

I had sent the following mail to the xen-users list. But did not get any reply there. So posting here. Please help

I have a xen 3.2.0 setup with 2.6.18. XenoLinux kernel and FC8 Dom0 file system. I have used xen-tools to create a Debian-Etch DomU. I use a static (public) IP for my DomU and have used default bridging for network setup.

With the default setup I was not able to ping to any other host except Dom0. I guess that was due to forward chaining issue with my Dom0. But then I modified my iptables configuration in Dom0 to comment out the forwarding rule that was rejecting everything. So now I am being able to ping to all the hosts in the same L3 subnet as my DomU but not not anything other than that.

So could any please tell me what I am doing wrong? I am including some details below. Let me know if I am missing to provide some necessary information.

Initially I thought it might be some DNS issue. But even after modifying the /etc/resolv.conf in DomU I am getting same error.

**********
my DomU config file is as follows:
#
# Configuration file for the Xen instance dmvirt1.xxx, created
# by xen-tools 3.9 on Tue Dec 2 17:51:45 2008.
#

#
# Kernel + memory size
#
kernel      = '/boot/vmlinuz-2.6.18.8-xen'
ramdisk     = '/boot/initrd-2.6.18.8-xen.img'
memory      = '128'

#
# Disk device(s).
#
root        = '/dev/sda2 ro'
disk        = [
                  'phy:/dev/DomUVols/dmvirt1.xxx-swap,sda1,w',
                  'phy:/dev/DomUVols/dmvirt1.xxx-disk,sda2,w',
              ]

#
# Hostname
#
name        = 'dmvirt1.xxxx'

#
# Networking
#
vif         = [ 'ip=143.215.129.1xx,mac=00:16:3E:88:22:AA' ]

vfb = ['type=vnc']
#
# Behaviour
#
>on_reboot   = 'restart'
on_crash    = 'restart'

extra = "xencons=xvc console=xvc console=tty"
*******************

*****************
Some other DomU Details

dmvirt1:~# ifconfig
eth0      Link encap:Ethernet HWaddr 00:16:3E:88:22:AA
          inet addr:143.215.129.157 Bcast:143.215.129.255 Mask:255.255.255.0
          inet6 addr: fe80::216:3eff:fe88:22aa/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
          RX packets:1206 errors:0 dropped:0 overruns:0 frame:0
          TX packets:68 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:114259 (111.5 KiB) TX bytes:10024 (9.7 KiB)

lo        Link encap:Local Loopback
          inet addr:127.0.0.1 Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING MTU:16436 Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)

dmvirt1:~# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
143.215.129.0   0.0.0.0         255.255.255.0   U     0      0        0 eth0

dmvirt1:/etc# cat /etc/network/interfaces
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface
auto eth0
iface eth0 inet static
address 143.215.129.1xx
gateway 143.215.129.1
netmask 255.255.255.0
broadcast ${broadcast}

# post-up ethtool -K eth0 tx off

#
# The commented out line above will disable TCP checksumming which
# might resolve problems for some users. It is disabled by default
#

dmvirt1:~# ping www.yahoo.com
ping: unknown host www.yahoo.com
dmvirt1:~# ping 69.147.76.15
connect: Network is unreachable

*******************
Dom0 Details

[root@kahn dev]# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
RH-Firewall-1-INPUT all -- anywhere             anywhere

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
ACCEPT     all -- dmvirt1              anywhere            PHYSDEV match --physdev-in vif17.0
ACCEPT     udp -- anywhere             anywhere            PHYSDEV match --physdev-in vif17.0 udp spt:bootpc dpt:bootps

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Chain RH-Firewall-1-INPUT (1 references)
target     prot opt source               destination
ACCEPT     all -- anywhere             anywhere
ACCEPT     icmp -- anywhere             anywhere            icmp any
ACCEPT     esp -- anywhere             anywhere
ACCEPT     ah   -- anywhere             anywhere
ACCEPT     udp -- anywhere             224.0.0.251         udp dpt:mdns
ACCEPT     udp -- anywhere             anywhere            udp dpt:ipp
ACCEPT     tcp -- anywhere             anywhere            tcp dpt:ipp
ACCEPT     all -- anywhere             anywhere            state RELATED,ESTABLISHED
ACCEPT     tcp -- anywhere             anywhere            state NEW tcp dpt:ssh
ACCEPT     tcp -- anywhere             anywhere            state NEW tcp dpt:http
ACCEPT     tcp -- anywhere             anywhere            state NEW tcp dpt:nfs
ACCEPT     udp -- anywhere             anywhere            state NEW udp dpt:nfs
ACCEPT     tcp -- anywhere             anywhere            state NEW tcp dpt:https
ACCEPT     tcp -- anywhere             anywhere            state NEW tcp dpt:domain
ACCEPT     udp -- anywhere             anywhere            state NEW udp dpt:domain
ACCEPT     tcp -- anywhere             anywhere            state NEW tcp dpt:sunrpc
ACCEPT     tcp -- anywhere             anywhere            state NEW tcp dpt:telnet
ACCEPT     tcp -- anywhere             anywhere            state NEW tcp dpt:cvspserver
ACCEPT     tcp -- anywhere             anywhere            state NEW tcp dpts:terabase:pxc-splr-ft
ACCEPT     udp -- anywhere             anywhere            state NEW udp dpts:terabase:pxc-splr-ft
ACCEPT     tcp -- anywhere             anywhere            state NEW tcp dpt:teradataordbms
REJECT     all -- anywhere             anywhere            reject-with icmp-host-prohibited

[root@kahn dev]# ifconfig
eth0      Link encap:Ethernet HWaddr 00:1A:A0:1B:88:E1
          inet addr:143.215.129.2xx Bcast:143.215.129.255 Mask:255.255.255.0
          inet6 addr: fe80::21a:a0ff:fe1b:88e1/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
          RX packets:506521 errors:0 dropped:0 overruns:0 frame:0
          TX packets:165558 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:423458331 (403.8 MiB) TX bytes:11964484 (11.4 MiB)

lo        Link encap:Local Loopback
          inet addr:127.0.0.1 Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING MTU:16436 Metric:1
          RX packets:235929 errors:0 dropped:0 overruns:0 frame:0
          TX packets:235929 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:36772495 (35.0 MiB) TX bytes:36772495 (35.0 MiB)

peth0     Link encap:Ethernet HWaddr 00:1A:A0:1B:88:E1
          inet6 addr: fe80::21a:a0ff:fe1b:88e1/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
          RX packets:553720 errors:0 dropped:0 overruns:0 frame:0
          TX packets:162980 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:434130358 (414.0 MiB) TX bytes:13050967 (12.4 MiB)
          Interrupt:20

vif17.0   Link encap:Ethernet HWaddr FE:FF:FF:FF:FF:FF
          inet6 addr: fe80::fcff:ffff:feff:ffff/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
          RX packets:361 errors:0 dropped:0 overruns:0 frame:0
          TX packets:4092 errors:0 dropped:5 overruns:0 carrier:0
          collisions:0 txqueuelen:32
          RX bytes:43052 (42.0 KiB) TX bytes:393229 (384.0 KiB)

[root@kahn dev]# brctl show
bridge name     bridge id               STP enabled     interfaces
eth0            8000.001aa01b88e1       no              peth0
                                                        vif17.0

******************

Thanks in advance for all help.

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel

WARNING - OLD ARCHIVES

xen-devel

[Xen-devel] strange networking issue in xen DomU