-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Fri, 7 Apr 2006 09:04:06 -0500
Jacob S <stormspotter@xxxxxxxxxxx> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hello list,
>
> I'm having trouble getting my firewall working on dom0. I do not have
> any domUs setup yet, it is just the primary dom0 running.
>
> I had a firewall script that worked great and did what I needed it to
> before I installed Xen. However, after installing Xen, it seems to
> block all incoming traffic (including pings). Previously it allowed
> incoming ssh, smtp, http, etc. The script uses iptables.
>
> I have not changed anything in the firewall script. Since it still
> uses the same ip address and the ip is still assigned to the same
> eth0 NIC, it seems like I shouldn't need to change anything in the
> firewall script. But it doesn't seem to be working that way.
>
> Do I need to tell the firewall about any of the xenbrX or vifX.X
> interfaces or anything to get it to work? Ip_tables is obviously
> compiled into the kernel, and I can see it is loaded when I check with
> an lsmod. I can post the iptables rules here if needed, but didn't
> want to make the e-mail extra long if it's not needed.
Thanks to someone that e-mailed me off-list, I was able to get the
firewall working by switching to network-route instead of the default
network-bride in xend-config.sxp.
So, now my question is, is it expected for network-bridge to be
incompatible with iptables, or is this a bug?
Thanks,
Jacob
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)
iD8DBQFENqUakpJ43hY3cTURAhRcAKDEhUaMfj+7Ltr18+GXKBHSodnhKgCgopZg
ulUKfeEmlhS/EN07INixODA=
=tTNU
-----END PGP SIGNATURE-----
_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users
|
Home