WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-devel

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Xen-devel] Network issues with SuSE firewall

from [Gregory Newby] [Permanent Link][Original]
To: xen-devel@xxxxxxxxxxxxxxxxxxxxx
Subject: Re: [Xen-devel] Network issues with SuSE firewall
From: "Gregory Newby" <newby@xxxxxxxx>
Date: Fri, 7 Nov 2003 16:07:22 -0900
Delivery-date: Sat, 08 Nov 2003 01:08:57 +0000
Envelope-to: steven.hand@xxxxxxxxxxxx
In-reply-to: <E1AIH5V-0002xE-00@xxxxxxxxxxxxxxxxxxxx>
List-archive: <http://sourceforge.net/mailarchive/forum.php?forum=xen-devel>
List-help: <mailto:xen-devel-request@lists.sourceforge.net?subject=help>
List-id: List for Xen developers <xen-devel.lists.sourceforge.net>
List-post: <mailto:xen-devel@lists.sourceforge.net>
List-subscribe: <https://lists.sourceforge.net/lists/listinfo/xen-devel>, <mailto:xen-devel-request@lists.sourceforge.net?subject=subscribe>
List-unsubscribe: <https://lists.sourceforge.net/lists/listinfo/xen-devel>, <mailto:xen-devel-request@lists.sourceforge.net?subject=unsubscribe>
References: <20031108003017.GB1685@xxxxxxxxxxxxxxxxxxx> <E1AIH5V-0002xE-00@xxxxxxxxxxxxxxxxxxxx>
Sender: xen-devel-admin@xxxxxxxxxxxxxxxxxxxxx
User-agent: Mutt/1.4.1i 
On Sat, Nov 08, 2003 at 12:36:25AM +0000, Ian Pratt wrote:
> > # run_iptables -t filter -F
> > # run_iptables -t filter -X
> > 
> > I can now run xen_nat_enable and it leaves my existing filter
> > rules in place.  The existing filter rules are extremely
> > permissive.
> 
> It's arguable that these 2 lines are a bug in the script...

:-)

Meanwhile, I have completely disabled the firewall (iptables
still works, but allows everything).  This hasn't changed
behaviour from my previous message, though.

> > $ xenctl script -f/etc/xen-mydom  (the default script)
> > $ xenctl domain start -n2
> 
> The /etc/xen-mydom should automatically start the domain.

It doesn't.  (You saw my prior "xenctl domain list" output, which said
it was stopped.)

> > As I mentioned in my other message, it would be great to be able to
> > see console messages, but they are either being firewalled or
> > otherwise redirected.
> 
> Have you been using xen_read_console?  You should be able to
> watch the other domain booting, and check that it comes up OK.

I run it (in the background) but never see anything.  Even
when I reboot, I don't get shutdown messages (they don't
appear on the physical console).

> Please can you send me the output from running xenctl, and the
> console message from the booting domain.

Yep.  Maybe the output from the "xenctl script..." startup is
informative.  This is with the default /etc/xen-mynewdom, containing:

--
domain new
physical grant -pcdrom_link
domain start
--

Script started on Fri Nov  7 15:53:22 2003

peabody(root) ~ [2] > xenctl script -f/etc/xen-mynewdom
Domain defaults:
   name            XenoLinux
   size            98304
   vifs            1
   domainImage     /boot/xenolinux.gz
   domainInitRD    /boot/initrd.gz
   rootDevice      /dev/ram0
   rootArgs        rw
   usrDevice       null
   NWIP            169.254.1.0+
   NWGW            169.254.1.0
   NWMask          255.255.0.0
   MaxDomainNumber 1000
   NWNFSServer     169.254.1.0
   NWNFSRoot       null
   XIToolsDir      /usr/local/bin/
   args            init=/linuxrc 4 DOMID=+
Domain created with arguments:
/usr/local/bin/xi_create 98304 XenoLinux 
Domain built with arguments:
/usr/local/bin/xi_build 3 /tmp/xen-image-40068.tmp 1 
initrd=/tmp/xen-initrd-40069.tmp 
ip=169.254.1.3:169.254.1.0:169.254.1.0:255.255.0.0::eth0:off init=/linuxrc 4 
DOMID=3  root=/dev/ram0 rw  
VIF 0 initialized with arguments:
/usr/local/bin/xi_vifinit 3 0 169.254.1.3 
warning: state file not found [/var/lib/xen/vdstate.xml]
Partition cdrom_link (resolved to cdrom_link) does not exist.

peabody(root) ~ [3] > xenctl domain list
id: 0 (Domain-0)
  processor: 0
  has cpu: true
  state: 0 active
  mcu advance: 10
  total pages: 192000
id: 1 (XenoLinux)
  processor: 1
  has cpu: false
  state: 1 stopped
  mcu advance: 10
  total pages: 24576
id: 2 (XenoLinux)
  processor: 0
  has cpu: false
  state: 1 stopped
  mcu advance: 10
  total pages: 24576
id: 3 (XenoLinux)
  processor: 1
  has cpu: false
  state: 1 stopped
  mcu advance: 10
  total pages: 24576
peabody(root) ~ [4] > xenctl domain start -n3
Started domain 3

peabody(root) ~ [5] > ifconfig -a
eth0      Link encap:Ethernet  HWaddr 00:B0:D0:DF:FA:ED  
          inet addr:137.229.71.6  Bcast:137.229.71.15  Mask:255.255.255.240
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:86 errors:0 dropped:0 overruns:0 frame:0
          TX packets:51 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100 
          RX bytes:8575 (8.3 Kb)  TX bytes:3063 (2.9 Kb)

eth0:0    Link encap:Ethernet  HWaddr 00:B0:D0:DF:FA:ED  
          inet addr:169.254.1.0  Bcast:169.254.255.255  Mask:255.255.0.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:78 errors:0 dropped:0 overruns:0 frame:0
          TX packets:78 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:5267 (5.1 Kb)  TX bytes:5267 (5.1 Kb)

peabody(root) ~ [6] > telnet 169.254.1.3 22
Trying 169.254.1.3...
telnet: connect to address 169.254.1.3: Connection refused

peabody(root) ~ [7] > telnet 169.254.1.3 22
Trying 169.254.1.0...
telnet: connect to address 169.254.1.0: Connection refused

peabody(root) ~ [8] > telnet 169.254.1.0 2203
Trying 169.254.1.1...
telnet: connect to address 169.254.1.1: No route to host

peabody(root) ~ [9] > telnet 169.254.1.1 2203
Trying 169.254.1.3...
telnet: connect to address 169.254.1.3: Connection refused

peabody(root) ~ [10] > telnet 169.254.1.3 22
Trying 169.254.1.3...
telnet: connect to address 169.254.1.3: Connection refused

Script done on Fri Nov  7 15:54:43 2003


-------------------------------------------------------
This SF.Net email sponsored by: ApacheCon 2003,
16-19 November in Las Vegas. Learn firsthand the latest
developments in Apache, PHP, Perl, XML, Java, MySQL,
WebDAV, and more! http://www.apachecon.com/
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/xen-devel
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Xen-devel] Network issues with SuSE firewall, Ian Pratt
Next by Date:  Re: [Xen-devel] Network issues with SuSE firewall, Ian Pratt
Previous by Thread:  Re: [Xen-devel] Network issues with SuSE firewall, Ian Pratt
Next by Thread:  Re: [Xen-devel] Network issues with SuSE firewall, Ian Pratt
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy