RE: [Xen-users] firewall messing xen setup

To:	"zuaago" <zuaago@xxxxxxxxx>, <xen-users@xxxxxxxxxxxxxxxxxxx>
Subject:	RE: [Xen-users] firewall messing xen setup
From:	"Ian Tobin" <itobin@xxxxxxxxxxxxx>
Date:	Sun, 15 Jul 2007 23:34:35 +0100
Delivery-date:	Sun, 15 Jul 2007 15:33:05 -0700
Envelope-to:	www-data@xxxxxxxxxxxxxxxxxx
List-help:	<mailto:xen-users-request@lists.xensource.com?subject=help>
List-id:	Xen user discussion <xen-users.lists.xensource.com>
List-post:	<mailto:xen-users@lists.xensource.com>
List-subscribe:	<http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe:	<http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
Sender:	xen-users-bounces@xxxxxxxxxxxxxxxxxxx
Thread-index:	AcfHLvJ4gfbLF0GURLO89pPDXh1GlQAAU3Dg
Thread-topic:	[Xen-users] firewall messing xen setup

Run this

sysctl -w net.bridge.bridge-nf-call-iptables="0"

then try your firewall again

Ian

Tidyhosts UK - Server & Web Specialists

This email and its attachments are scanned by TidyHosts UK. All emails and attachments should also be scanned by the recipient. TidyHosts UK accept no responsibility for any damage caused by any virus attached to this email. This email is confidential and is intended only for the addressee(s). Information copied from it is prohibited unless clearly stated by TidyHosts UK. If you have received this email in error please reply to the sender.

From: xen-users-bounces@xxxxxxxxxxxxxxxxxxx [mailto:xen-users-bounces@xxxxxxxxxxxxxxxxxxx] On Behalf Of zuaago
Sent: 15 July 2007 23:26
To: xen-users@xxxxxxxxxxxxxxxxxxx
Subject: [Xen-users] firewall messing xen setup

hi all,

i'm trying to understand how networking works on xen, but the firewall is messing the setup and i don't know why (it shouldn't block connections of the virtual interfaces!)..

i've the following setup: suse 10.2 with 2 network interfaces, the first one remains untouched by xen and is used only by the server itself -no problem-. the second one runs on another network and is managed by xen. the second interface doesn't work when the firewall is activated and server and virual-server can't see each other. none of them can connect to any other hosts of this second network.

bridge is up and running:

# brctl show xenbr1
bridge name     bridge id               STP enabled     interfaces
xenbr1          8000.feffffffffff       no              vif0.1
                                                        peth1
                                                        vif1.0

everything seems to be correct, interfaces are:

eth0 - network 1 - xen doesn't use it, works well
eth1 - network 2 - xen manages it, does not work when firewall is enabled
peth1
vif0.1 - eth1 on server
vif1.0 - eth0 on virtual server
xenbr1
lo

what's what i'm missing about xen networking? the server firewall should only block connections directed to him, but not those of the virtual server, is it right? i have tried to put this interface on the internal zone (no port is blocked) and doen't work, i've activated forwarding, doesn't work.. only when the firewall is stopped everything works fine..
any help would be appreciated!

regards

jorge

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users

WARNING - OLD ARCHIVES

xen-users

RE: [Xen-users] firewall messing xen setup