This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
Home Products Support Community News


[Xen-users] iptables does not see inter-domU traffic

To: Xen-users@xxxxxxxxxxxxxxxxxxx
Subject: [Xen-users] iptables does not see inter-domU traffic
From: Bart Verwilst <lists@xxxxxxxxxxx>
Date: Thu, 11 Oct 2007 00:52:19 +0200 (CEST)
Delivery-date: Wed, 10 Oct 2007 15:53:11 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx

I'm trying to use iptables to regulate traffic between my domU's. Every domU 
has an external IP address. I have one bridge, xenbr0, configured the debian 
way like this:

auto xenbr0
iface xenbr0 inet static
        address xxx.xx.xx.xxx
        metric  0
        gateway xxx.xx.xx.xxx
        bridge_ports eth0
        bridge_maxwait 0

All domU's have internet access and can reach eachother, no problems there.

net.bridge.bridge-nf-call-iptables is set to 1.

To test/show my problem, i've set this rule:

iptables -A FORWARD -p tcp --dport 80 -d <domU ip> -j LOG 
--log-prefix="connect-http: "

Then, from a remote location, i telnet to the ip and port. I see an entry about 
it appearing in /var/log/syslog.
When I try the same from another domU, no logs whatsoever..

Any clues?


Kind regards,

Bart Verwilst

Xen-users mailing list

<Prev in Thread] Current Thread [Next in Thread>
  • [Xen-users] iptables does not see inter-domU traffic, Bart Verwilst <=