WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/

Home

xen-users

[Top] [All Lists]

Re: [Xen-users] iptables and state matches (established, related)

from [Geert Janssens]

[Permanent Link][Original]

To:	xen-users@xxxxxxxxxxxxxxxxxxx
Subject:	Re: [Xen-users] iptables and state matches (established, related)
From:	Geert Janssens <info@xxxxxxxxxxxx>
Date:	Mon, 30 Apr 2007 16:29:50 +0200
Delivery-date:	Mon, 30 Apr 2007 07:28:32 -0700
Envelope-to:	www-data@xxxxxxxxxxxxxxxxxx
In-reply-to:	<4d95b0990704280549i4827eaddmeec7a2b902259dd3@xxxxxxxxxxxxxx>
List-help:	<mailto:xen-users-request@lists.xensource.com?subject=help>
List-id:	Xen user discussion <xen-users.lists.xensource.com>
List-post:	<mailto:xen-users@lists.xensource.com>
List-subscribe:	<http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe:	<http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
Organization:	Kobalt W.I.T.
References:	<c8749d500704100344n14cbf826x3cb70dc77373ce97@xxxxxxxxxxxxxx> <Pine.LNX.4.61.0704201317390.4846@xxxxxxxxxxx> <4d95b0990704280549i4827eaddmeec7a2b902259dd3@xxxxxxxxxxxxxx>
Sender:	xen-users-bounces@xxxxxxxxxxxxxxxxxxx
User-agent:	KMail/1.9.4

Hi,

I'm just about to setup xen together with iptables, so this statement slightly 
worries me.

Do you have more details (or a link to them) about this problem ? What are the 
exact symptoms and in which circumstances do the occur ?

For example, is this a problem when using iptables in dom0 or in domU or in 
both ?

Or does it only happen when trying to apply connection tracking on the bridge 
level ?

Geert

On Saturday 28 April 2007 14:49, John Hannfield wrote:
> This is a known problem with Xen 3.0.x  and iptables connection tracking.
> Connection tracking and state filtering only works as long as xen is
> not running.
> Try doing this:
>
> echo "0" >/proc/sys/net/bridge/bridge-nf-call-iptables
>
> That fixed it for me.

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
[Xen-users] iptables and state matches (established, related), Andrey Oreshnikov [Xen-users] iptables and state matches (established, related), Andrey Oreshnikov Re: [Xen-users] iptables and state matches (established, related), Tomas Lund Re: [Xen-users] iptables and state matches (established, related), John Hannfield Re: [Xen-users] iptables and state matches (established, related), Geert Janssens <=

Previous by Date:	Re: [Xen-users] error creating domain in xen 3.0.5, Itamar Reis Peixoto
Next by Date:	[Xen-devel] RE: [Xen-users] error creating domain in xen 3.0.5, Petersson, Mats
Previous by Thread:	Re: [Xen-users] iptables and state matches (established, related), John Hannfield
Next by Thread:	[Xen-users] Help with a transfer, Formoso, Travis
Indexes:	[Date] [Thread] [Top] [All Lists]

This site is hosted by Citrix