WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-users

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Xen-users] XPC ip address on dom0 xenbr0 inaccessible from other lo

from [Andrew Eross] [Permanent Link][Original]
To: Steve Allison <xen-users@xxxxxxxxxxxxxxxxxx>
Subject: Re: [Xen-users] XPC ip address on dom0 xenbr0 inaccessible from other local hosts
From: Andrew Eross <eross@xxxxxxxxxxxx>
Date: Thu, 6 Oct 2011 16:35:31 -0300
Cc: xen-users@xxxxxxxxxxxxxxxxxxx
Delivery-date: Thu, 06 Oct 2011 12:37:23 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <4E8E0138.5020409@xxxxxxxxxxxxxxxxxx>
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
References: <CAL_tfFe8=-a0B8TThOsuqGio1nBVkHzh3W4tVEvAwroxxN2Ezw@xxxxxxxxxxxxxx> <4E8DFBD0.8040204@xxxxxxxxxxxxxxxxxx> <CAL_tfFdrOkmpW6QJaT+rgF1oX4K+jp29__diBMauJ1i5TA7GTQ@xxxxxxxxxxxxxx> <4E8DFE70.5000504@xxxxxxxxxxxxxxxxxx> <4E8DFEA2.80609@xxxxxxxxxxxxxxxxxx> <CAL_tfFeXGQH89Z7hm1uqoN_6nQbSLXTsjmiofz7OgeF5FuPeqg@xxxxxxxxxxxxxx> <4E8E0138.5020409@xxxxxxxxxxxxxxxxxx>
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx
Good god why didn't I think about iptables...never occurred to me that XCP might ship with iptables built in..

And guess what, that was it.

Default XCP iptables looks like this:

target     prot opt source               destination         
ACCEPT     all  --  anywhere             anywhere            
ACCEPT     icmp --  anywhere             anywhere            icmp any 
ACCEPT     esp  --  anywhere             anywhere            
ACCEPT     ah   --  anywhere             anywhere            
ACCEPT     udp  --  anywhere             224.0.0.251         udp dpt:mdns 
ACCEPT     udp  --  anywhere             anywhere            udp dpt:ipp 
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:ipp 
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED 
ACCEPT     udp  --  anywhere             anywhere            state NEW udp dpt:ha-cluster 
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:ssh 
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:http 
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:https 
REJECT     all  --  anywhere             anywhere            reject-with icmp-host-prohibited 

Just had to fix that up and poof now I have connectivity to my service.

Thanks a heap mate!



On Thu, Oct 6, 2011 at 4:27 PM, Steve Allison <xen-users@xxxxxxxxxxxxxxxxxx> wrote:
On 06/10/2011 20:19, Andrew Eross wrote:

Interestingly, I can ping the other host..

[root@vh02 ~]# ping 192.168.41.21
PING 192.168.41.21 (192.168.41.21) 56(84) bytes of data.
64 bytes from 192.168.41.21: icmp_seq=1 ttl=64 time=0.387 ms

Both hosts are XCP 1.0 and plugged directly into the same physical switch.

Just not route anything to it..



Hmm, interesting! I'd go for the other obvious, and that is iptables. Checking both filter and nat chains.

Have tcpdump or tshark running on vh01 and see if the packets are arriving to the machine.

It could be an ACL of XCP which denies connectivity with an ICMP "destination unreachable", however I am not familiar with XCP but I'm sure someone else on the list can chime in for you.


-- 
May the ping be with you ..

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Xen-users] XPC ip address on dom0 xenbr0 inaccessible from other local hosts, Steve Allison
Next by Date:  Re: [Xen-users] XCP 1.5 Beta availability, Javier Frias
Previous by Thread:  Re: [Xen-users] XPC ip address on dom0 xenbr0 inaccessible from other local hosts, Steve Allison
Next by Thread:  Re: [Xen-users] XCP 1.5 Beta availability, Javier Frias
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy