WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-users

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Xen-users] firewall messing xen setup

from [zuaago] [Permanent Link][Original]
To: "Ian Tobin" <itobin@xxxxxxxxxxxxx>, xen-users@xxxxxxxxxxxxxxxxxxx
Subject: Re: [Xen-users] firewall messing xen setup
From: zuaago <zuaago@xxxxxxxxx>
Date: Mon, 16 Jul 2007 13:39:34 +0200
Delivery-date: Mon, 16 Jul 2007 04:37:36 -0700
Dkim-signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=Oyn0O4jLF9qoEB65Es2mHImVBql4sYq1P0uKESjC0GITkiqzffbHvEyA0V6zOilGsZY3AWrWBSDt6Yo/UIBZjBhazx2qZeTCiJuaQJDlsguIVwsu8eWE2Lh46cxIKwwBsw6a4kK8PsBR8QG0kd4eyI5GyenvxTwFScLrfZfuOTg=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=iC+ZEKwraf1e3JRX3ZgeitagHMqDEXoVVLmU+P3kmaROYfHfs1emzB7/a+cl12o2iG6rm9hxhvjIDEd6K8na0+ivZCWkhcaxOo+cIir3YNeZX+hGNWUn2dkARY2uqfeGjRIDAGXe7Is6mD8EwCftallkwUirz4Otz+fxCV98QGQ=
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
In-reply-to: <E0E43F8F0962AD4C8A1D6CE8ED5EDE3F2196B6@xxxxxxxxxxxxxxxxxxxxxx>
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
References: <E0E43F8F0962AD4C8A1D6CE8ED5EDE3F2196B6@xxxxxxxxxxxxxxxxxxxxxx>
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx 
now everything works, great!

thank you very very much ian!


regards

jorge



2007/7/16, Ian Tobin <itobin@xxxxxxxxxxxxx>:





Run this



sysctl -w net.bridge.bridge-nf-call-iptables="0"



then try your firewall again



Ian



Tidyhosts UK - Server & Web Specialists



This email and its attachments are scanned by TidyHosts UK. All emails and 
attachments should also be scanned by the recipient. TidyHosts UK accept no 
responsibility for any damage caused by any virus attached to this email.  This 
email is confidential and is intended only for the addressee(s). Information 
copied from it is prohibited unless clearly stated by TidyHosts UK. If you have 
received this email in error please reply to the sender.




From: xen-users-bounces@xxxxxxxxxxxxxxxxxxx 
[mailto:xen-users-bounces@xxxxxxxxxxxxxxxxxxx] On Behalf Of zuaago
 Sent: 15 July 2007 23:26
 To: xen-users@xxxxxxxxxxxxxxxxxxx
 Subject: [Xen-users] firewall messing xen setup




hi all,

 i'm trying to understand how networking works on xen, but the firewall is 
messing the setup and i don't know why (it shouldn't block connections of the 
virtual interfaces!)..

 i've the following setup: suse 10.2 with 2 network interfaces, the first one 
remains untouched by xen and is used only by the server itself -no problem-. 
the second one runs on another network and is managed by xen. the second 
interface doesn't work when the firewall is activated and server and 
virual-server can't see each other. none of them can connect to any other hosts 
of this second network.

 bridge is up and running:

 # brctl show xenbr1
 bridge name     bridge id               STP enabled     interfaces
 xenbr1          8000.feffffffffff       no              vif0.1
                                                         peth1
                                                         vif1.0

 everything seems to be correct, interfaces are:

 eth0 - network 1 - xen doesn't use it, works well
 eth1 - network 2 - xen manages it, does not work when firewall is enabled
 peth1
 vif0.1 - eth1 on server
 vif1.0 - eth0 on virtual server
 xenbr1
 lo

 what's what i'm missing about xen networking? the server firewall should only 
block connections directed to him, but not those of the virtual server, is it 
right? i have tried to put this interface on the internal zone (no port is 
blocked) and doen't work, i've activated forwarding, doesn't work.. only when 
the firewall is stopped everything works fine..
 any help would be appreciated!

 regards

 jorge











_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: R: Re: [Xen-users] Can't migrate domains, mail4dla
Next by Date:  RE: [Xen-users] firewall messing xen setup, Ian Tobin
Previous by Thread:  RE: [Xen-users] firewall messing xen setup, Ian Tobin
Next by Thread:  RE: [Xen-users] firewall messing xen setup, Ian Tobin
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy