On Monday 08 March 2010, Pasi Kärkkäinen wrote:
> On Mon, Mar 08, 2010 at 09:59:57PM +0100, Christian Fischer wrote:
> > On Monday 08 March 2010, Pasi Kärkkäinen wrote:
> > > On Mon, Mar 08, 2010 at 09:43:16PM +0100, Christian Fischer wrote:
> > > > Hi Folks,
> > > >
> > > > hope that helps a bit.
> > > >
> > > > Tried 3.4.2, gentoo xen-sources-2.6.31-r10, to ran into the heavy
> > > > discussed hotplug script bug.
> > > >
> > > > That's (in my case) not a udev or driver problem, the problem is
> > > > iptables. It hangs in frob_iptable() (vif-common.sh), the forward
> > > > state rule never returns.
> > > >
> > > > I've simply commented out the handle_iptable call in vif-bridge,
> > > > don't need that because I have shorewall running.
> > > >
> > > >
> > > > Confirmed with:
> > > >
> > > > xen-3.4.2
> > > > iptables-1.4.3.2
> > > > gentoo xen-sources-2.6.31-r10
> > > > gentoo xen-sources-2.6.29-r4
> > > > udev-146-r1
> > > >
> > > > nothing more checked.
> > >
> > > Can you paste the actual iptables rule/line that doesn't work for you?
> > >
> > > -- Pasi
> >
> > iptables "$c" FORWARD -m state --state RELATED,ESTABLISHED -m physdev \
> > --physdev-out "$vif" -j ACCEPT 2>/dev/null
> >
> > which expands to
> >
> > iptables -I FORWARD -m state --state RELATED,ESTABLISHED -m physdev \
> > --physdev-out vif32.0 -j ACCEPT 2>/dev/null
> >
> >
> > It returns immediately if I enter this on the command promt, running from
> > inside the script fails.
>
> Hmm.. do you get any errors about that iptables command in kernel "dmesg" ?
> I remember reading about that bridging + --physdev-out stuff being
> deprecated in newer kernels..
>
> -- Pasi
No, no errors.
Christian
--
_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users
|