WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-users

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Xen-users] Re: CentOS 5.2, xen-3.3, network/firewall setup

from [Robin Bowes] [Permanent Link][Original]
To: xen-users@xxxxxxxxxxxxxxxxxxx
Subject: [Xen-users] Re: CentOS 5.2, xen-3.3, network/firewall setup
From: Robin Bowes <robin-lists@xxxxxxxxxxxxxx>
Date: Wed, 22 Oct 2008 16:56:41 +0100
Delivery-date: Wed, 22 Oct 2008 08:57:47 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <90B74634-36FD-4B3F-AC34-277C33C57782@xxxxxxxxx>
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
References: <gdn5kk$ofi$1@xxxxxxxxxxxxx> <90B74634-36FD-4B3F-AC34-277C33C57782@xxxxxxxxx>
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: Thunderbird 2.0.0.17 (X11/20080925) 
Meng Kuan wrote:


On Oct 22, 2008, at 8:17 PM, Robin Bowes wrote:
I have CentOS 5.2 Dom0, which was running xen-3.1.2 which I rebuilt from Fedora RPMS. All DomUs worked fine (CentOS PV installs).
I recently upgraded to xen-3.3 (from the gitco repo - nice job!) and I've found that guest networking is working the same. Specifically, the Dom0 firewall is blocking traffic to/from the DomUs. 

If I turn off iptables on the dom0, the guest networking works OK.



Try the following tip from http://wiki.libvirt.org/page/Networking
Alternatively, you can prevent bridged traffic getting pushed through the host's iptables rules. In /etc/sysctl.conf add 

# cat >> /etc/sysctl.conf <<EOF
net.bridge.bridge-nf-call-ip6tables = 0
net.bridge.bridge-nf-call-iptables = 0
net.bridge.bridge-nf-call-arptables = 0
EOF
# sysctl -p /etc/sysctl.conf


Thanks.
I'm doing a new install so I can see what the "out-of-the-box" settings are, and take it from there. 

Cheers,

R.


_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Xen-users] HVM, USB devices and qemu monitor, Marianne Spiller
Next by Date:  [Xen-users] MacAddress / ioemu driver in HVM + GPLPV, Bruno Bertechini
Previous by Thread:  Re: [Xen-users] CentOS 5.2, xen-3.3, network/firewall setup, Meng Kuan
Next by Thread:  [Xen-users] destination frame 7fffffff invalid?, Ferenc Wagner
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy