WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-users

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Xen-users] firewalls and Xen

from [Kevin Monroe] [Permanent Link][Original]
To: xen-users@xxxxxxxxxxxxxxxxxxx
Subject: Re: [Xen-users] firewalls and Xen
From: Kevin Monroe <kevin@xxxxxxxxxxxxxxx>
Date: Wed, 08 Mar 2006 20:01:12 -0600
Delivery-date: Thu, 09 Mar 2006 12:55:26 +0000
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <1141766166.21817.2.camel@xxxxxxxxxxxxxxxxxxxxx>
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
References: <796A7B7A-174F-4A38-865B-09D316F8CAE8@xxxxxxxxx> <43F1F6EC.4010207@xxxxxxxx> <3988B614-F9C1-4DEB-A97C-65AF8E2F8E06@xxxxxxxxx> <43F20903.5050506@xxxxxxxx> <1139939476.19273.45.camel@xxxxxxxxxxxxxxxxxxxxx> <20060307210050.GA12526@xxxxxxxxxxxxxxx> <1141766166.21817.2.camel@xxxxxxxxxxxxxxxxxxxxx>
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: Thunderbird 1.5 (Windows/20051201) 
Patrick Wolfe wrote:

On Tue, 2006-03-07 at 15:00 -0600, Kevin wrote:


The domU's can access anyone without trouble.  Dom0 can successfully ping any 
IP address, but cannot connect to remote services.
From dom0, attempting a wget of google's homepage (64.233.187.99) shows the 
connection is successful, but the request times out


It sounds like you haven't run 'ethtool -K eth0 tx off' on dom0.

You need to run that command on every xen virtual ethernet interface, or
you get corrupt checksums on random packets.  You can verify this by
running 'tcpdump' or 'ethereal' while doing the wget.

I hope this fix this problem by 3.0.2.  It's sure annoying.
You were exactly right Patrick; the following patch for /etc/xen/scripts/network-bridge (thanks Nicholas -- http://lists.xensource.com/archives/html/xen-users/2006-02/msg00747.html ) worked for me in fixing up my dom0's eth1: 

      add_to_bridge2 ${bridge} ${pdev}
      do_ifup ${netdev}
      + # disable ip checksum offloading for veth device
      + [ -x /usr/sbin/ethtool ] && /usr/sbin/ethtool -K ${netdev} tx off


Thanks again,
-Kevin


_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Xen-users] default dom0 memory size is very large, Krysan, Susan
Next by Date:  Re: [Xen-users] Bridging and VLANs 802.1Q trunk, Timo Virtaneva
Previous by Thread:  Re: [Xen-users] firewalls and Xen, Kevin
Next by Thread:  AW: [Xen-users] Problem booting domU, Stefan Mikuszeit
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy