[Xen-users] strange networking issue in xen DomU

I have a xen 3.2.0 setup with 2.6.18. XenoLinux kernel and FC8 Dom0 file system. I have used xen-tools to create a Debian-Etch DomU.

With the default setup I was not able to ping to any other host except Dom0. I guess that was due to forward chaining issue with my Dom0. But then I modified my iptables configuration in Dom0 to comment out the forwarding rule that was rejecting everything. So now I am being able to ping to all the hosts in the same L3 subnet as my DomU but not not anything other than that.

So could any please tell me what I am doing wrong? I am including some details below. Let me know if I am missing to provide some necessary information.

**********
my DomU config file is as follows:
#
# Configuration file for the Xen instance dmvirt1.xxx, created
# by xen-tools 3.9 on Tue Dec 2 17:51:45 2008.
#

#
# Kernel + memory size
#
kernel      = '/boot/vmlinuz-2.6.18.8-xen'
ramdisk     = '/boot/initrd-2.6.18.8-xen.img'
memory      = '128'

#
# Disk device(s).
#
root        = '/dev/sda2 ro'
disk        = [
                  'phy:/dev/DomUVols/dmvirt1.xxx-swap,sda1,w',
                  'phy:/dev/DomUVols/dmvirt1.xxx-disk,sda2,w',
              ]

#
# Hostname
#
name        = 'dmvirt1.xxxx'

#
# Networking
#
vif         = [ 'ip=143.215.129.1xx,mac=00:16:3E:88:22:AA' ]

vfb = ['type=vnc']
#
# Behaviour
#
>on_reboot   = 'restart'
on_crash    = 'restart'

extra = "xencons=xvc console=xvc console=tty"
*******************

*****************
Some other DomU Details

dmvirt1:~# ifconfig
eth0      Link encap:Ethernet HWaddr 00:16:3E:88:22:AA
          inet addr:143.215.129.157 Bcast:143.215.129.255 Mask:255.255.255.0
          inet6 addr: fe80::216:3eff:fe88:22aa/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
          RX packets:1206 errors:0 dropped:0 overruns:0 frame:0
          TX packets:68 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:114259 (111.5 KiB) TX bytes:10024 (9.7 KiB)

lo        Link encap:Local Loopback
          inet addr:127.0.0.1 Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING MTU:16436 Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)

dmvirt1:~# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
143.215.129.0   0.0.0.0         255.255.255.0   U     0      0        0 eth0

dmvirt1:/etc# cat /etc/network/interfaces
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface
auto eth0
iface eth0 inet static
address 143.215.129.1xx
gateway 143.215.129.1
netmask 255.255.255.0
broadcast ${broadcast}

# post-up ethtool -K eth0 tx off

#
# The commented out line above will disable TCP checksumming which
# might resolve problems for some users. It is disabled by default
#

dmvirt1:~# ping www.yahoo.com
ping: unknown host www.yahoo.com
dmvirt1:~# ping 69.147.76.15
connect: Network is unreachable

*******************
Dom0 Details

[root@kahn dev]# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
RH-Firewall-1-INPUT all -- anywhere             anywhere

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
ACCEPT     all -- dmvirt1              anywhere            PHYSDEV match --physdev-in vif17.0
ACCEPT     udp -- anywhere             anywhere            PHYSDEV match --physdev-in vif17.0 udp spt:bootpc dpt:bootps

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Chain RH-Firewall-1-INPUT (1 references)
target     prot opt source               destination
ACCEPT     all -- anywhere             anywhere
ACCEPT     icmp -- anywhere             anywhere            icmp any
ACCEPT     esp -- anywhere             anywhere
ACCEPT     ah   -- anywhere             anywhere
ACCEPT     udp -- anywhere             224.0.0.251         udp dpt:mdns
ACCEPT     udp -- anywhere             anywhere            udp dpt:ipp
ACCEPT     tcp -- anywhere             anywhere            tcp dpt:ipp
ACCEPT     all -- anywhere             anywhere            state RELATED,ESTABLISHED
ACCEPT     tcp -- anywhere             anywhere            state NEW tcp dpt:ssh
ACCEPT     tcp -- anywhere             anywhere            state NEW tcp dpt:http
ACCEPT     tcp -- anywhere             anywhere            state NEW tcp dpt:nfs
ACCEPT     udp -- anywhere             anywhere            state NEW udp dpt:nfs
ACCEPT     tcp -- anywhere             anywhere            state NEW tcp dpt:https
ACCEPT     tcp -- anywhere             anywhere            state NEW tcp dpt:domain
ACCEPT     udp -- anywhere             anywhere            state NEW udp dpt:domain
ACCEPT     tcp -- anywhere             anywhere            state NEW tcp dpt:sunrpc
ACCEPT     tcp -- anywhere             anywhere            state NEW tcp dpt:telnet
ACCEPT     tcp -- anywhere             anywhere            state NEW tcp dpt:cvspserver
ACCEPT     tcp -- anywhere             anywhere            state NEW tcp dpts:terabase:pxc-splr-ft
ACCEPT     udp -- anywhere             anywhere            state NEW udp dpts:terabase:pxc-splr-ft
ACCEPT     tcp -- anywhere             anywhere            state NEW tcp dpt:teradataordbms
REJECT     all -- anywhere             anywhere            reject-with icmp-host-prohibited

[root@kahn dev]# ifconfig
eth0      Link encap:Ethernet HWaddr 00:1A:A0:1B:88:E1
          inet addr:143.215.129.2xx Bcast:143.215.129.255 Mask:255.255.255.0
          inet6 addr: fe80::21a:a0ff:fe1b:88e1/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
          RX packets:506521 errors:0 dropped:0 overruns:0 frame:0
          TX packets:165558 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:423458331 (403.8 MiB) TX bytes:11964484 (11.4 MiB)

lo        Link encap:Local Loopback
          inet addr:127.0.0.1 Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING MTU:16436 Metric:1
          RX packets:235929 errors:0 dropped:0 overruns:0 frame:0
          TX packets:235929 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:36772495 (35.0 MiB) TX bytes:36772495 (35.0 MiB)

peth0     Link encap:Ethernet HWaddr 00:1A:A0:1B:88:E1
          inet6 addr: fe80::21a:a0ff:fe1b:88e1/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
          RX packets:553720 errors:0 dropped:0 overruns:0 frame:0
          TX packets:162980 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:434130358 (414.0 MiB) TX bytes:13050967 (12.4 MiB)
          Interrupt:20

vif17.0   Link encap:Ethernet HWaddr FE:FF:FF:FF:FF:FF
          inet6 addr: fe80::fcff:ffff:feff:ffff/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
          RX packets:361 errors:0 dropped:0 overruns:0 frame:0
          TX packets:4092 errors:0 dropped:5 overruns:0 carrier:0
          collisions:0 txqueuelen:32
          RX bytes:43052 (42.0 KiB) TX bytes:393229 (384.0 KiB)

[root@kahn dev]# brctl show
bridge name     bridge id               STP enabled     interfaces
eth0            8000.001aa01b88e1       no              peth0
                                                        vif17.0

******************

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users

WARNING - OLD ARCHIVES

xen-users

[Xen-users] strange networking issue in xen DomU