WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-users

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Xen-users] FC5 -- Xen 3.0.2 -- iptables with dom0 and domU

from [dgreen] [Permanent Link][Original]
To: xen-users@xxxxxxxxxxxxxxxxxxx
Subject: [Xen-users] FC5 -- Xen 3.0.2 -- iptables with dom0 and domU
From: dgreen@xxxxxxxxxxx
Date: Sat, 26 Aug 2006 18:13:51 -0400 (EDT)
Delivery-date: Sat, 26 Aug 2006 15:14:40 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
Importance: Normal
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: SquirrelMail/1.4.6 
Situation:

Running a simple UDP client/server program where the client on one domU on
one computer sends echo packets to another domU on another computer,
server sends echoes back.  They do this on a specified port (will use any
port between 5000-6000).  This program works on non-Xen machines in
various environments, Linux and Solaris.  Program just hangs on the domUs.
 I believe I need help with my ports to allow connections and UDP/TCP
packets to go through ports 5000-6000.

--------------------------------------------

My environment:

(machine1) domU 10.0.0.1 <-> (machine1) dom0 172.16.48.252 <-> (machine2)
dom0 172.16.48.253 <-> (machine1) domU 10.0.1.1

dom0s -- FC5  (2.6.17-1.2157_FC5xen0, using 512MB RAM)
domUs -- FC5  (2.6.17-1.2157_FC5xen0, using 256MB RAM)
-NAT scripts (network-nat, vif-nat) are used on bootup
-can ping and ssh between dom0 and domUs (on both machines)
-I have disabled selinux and firewall

-------------------------------------------------

My routing table on (machine1) dom0:
Destination  Gateway       Genmask         Flags Metric Ref    Use Iface
10.0.0.1     0.0.0.0       255.255.255.255 UH    0      0        0 vif1.0
10.0.1.0     172.16.48.253 255.255.255.0   UG    0      0        0 eth0
172.16.48.0  0.0.0.0       255.255.254.0   U     0      0        0 eth0
169.254.0.0  0.0.0.0       255.255.0.0     U     0      0        0 eth0
0.0.0.0      172.16.48.1   0.0.0.0         UG    0      0        0 eth0

-------------------------------------------------

My routing table on (machine1) domU:
Destination   Gateway      Genmask         Flags Metric Ref    Use Iface
10.0.0.0      0.0.0.0      255.255.255.0   U     0      0        0 eth0
169.254.0.0   0.0.0.0      255.255.0.0     U     0      0        0 eth0
0.0.0.0       10.0.0.1     0.0.0.0         UG    0      0        0 eth0

-------------------------------------------------

'iptables -L' on (machine1) dom0:
Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
ACCEPT     all  --  10.0.0.1             anywhere            PHYSDEV match
--physdev-in vif1.0
ACCEPT     udp  --  anywhere             anywhere            PHYSDEV match
--physdev-in vif1.0 udp spt:bootpc dpt:bootps

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

------------------------------------------------

'iptables -L' on (machine1) domU:
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
RH-Firewall-1-INPUT  all  --  anywhere             anywhere

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
RH-Firewall-1-INPUT  all  --  anywhere             anywhere

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Chain RH-Firewall-1-INPUT (2 references)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere
ACCEPT     icmp --  anywhere             anywhere            icmp any
ACCEPT     ipv6-crypt--  anywhere             anywhere
ACCEPT     ipv6-auth--  anywhere             anywhere
ACCEPT     udp  --  anywhere             224.0.0.251         udp dpt:mdns
ACCEPT     udp  --  anywhere             anywhere            udp dpt:ipp
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:ipp
ACCEPT     all  --  anywhere             anywhere            state
RELATED,ESTABLISHED
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp
dpt:ssh
REJECT     all  --  anywhere             anywhere            reject-with
icmp-host-prohibited

-----------------------------------

Would like domU on machine1 to have the ability to use tcp/udp over ports
5000-6000 with domU on machine2.  Sorry if the columns aren't aligned. 
Any help sent, thanks in advance.

Vince


_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
  • [Xen-users] FC5 -- Xen 3.0.2 -- iptables with dom0 and domU, dgreen <=
Previous by Date:  Re: [Xen-users] Differences in performance between file and LVM based images, Christoph Purrucker
Next by Date:  [Xen-users] Re: Differences in performance between file and LVM based images, Ligesh
Previous by Thread:  Next-of-kin, tony_ibe1948
Next by Thread:  [Xen-users] FC5/xen/iptables kernel panic -- further testing, master
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy