WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-devel

Re: [Xen-devel] Network issues with SuSE firewall

To: "Gregory Newby" <newby@xxxxxxxx>
Subject: Re: [Xen-devel] Network issues with SuSE firewall
From: Ian Pratt <Ian.Pratt@xxxxxxxxxxxx>
Date: Mon, 10 Nov 2003 23:25:38 +0000
Cc: xen-devel@xxxxxxxxxxxxxxxxxxxxx, Ian.Pratt@xxxxxxxxxxxx
Delivery-date: Mon, 10 Nov 2003 23:26:37 +0000
Envelope-to: steven.hand@xxxxxxxxxxxx
In-reply-to: Your message of "Mon, 10 Nov 2003 14:09:31 -0900." <20031110230931.GA3167@xxxxxxxxxxxxxxxxxxx>
List-archive: <http://sourceforge.net/mailarchive/forum.php?forum=xen-devel>
List-help: <mailto:xen-devel-request@lists.sourceforge.net?subject=help>
List-id: List for Xen developers <xen-devel.lists.sourceforge.net>
List-post: <mailto:xen-devel@lists.sourceforge.net>
List-subscribe: <https://lists.sourceforge.net/lists/listinfo/xen-devel>, <mailto:xen-devel-request@lists.sourceforge.net?subject=subscribe>
List-unsubscribe: <https://lists.sourceforge.net/lists/listinfo/xen-devel>, <mailto:xen-devel-request@lists.sourceforge.net?subject=unsubscribe>
Sender: xen-devel-admin@xxxxxxxxxxxxxxxxxxxxx
> I experiemented a lot, and this message was 1000 lines longer
> with output from iptables etc.  Bottom line is this now works,
> though I'm not 100% certain I can replicate all the differences.
> 
> Basically:
> 1) Reconfigure the default firewall rules to block nothing and
> accept everything;
> 2) Reboot

Great. Everything was pointing toward a firewall problem -- if
the messages were making it to serial, they really should have
been making it to domain 0. What domain0 chooses to do with them
is another matter ;-)

> There is still a very desirable feature: I'd *really* like
> xenconsole messages from all domains to go to a file.

There's plans to change some of the domain console stuff to make
it do input as well as output. One option under consideration is
to make the console present itself to domain0 using a custom
mechanism rather than UDP. This would have the advantage of
avoiding dependencies on people's firewall setups, but I'm not
personally keen on introducing another communication mechanism. 
Besides, it's only a dependency on the domain 0 firewall
configuration -- all other domains can do what they like.

As for sending to a file, you can just redirect as per normal.
"xen_read_console | tee myconsole" (though this obviously assumes
that the 169.254.1.0 alias is in place and your firewall isn't
binning the packets)
 
> The basic setup I have for virtual domains required:
> 1) ln -s /dev/hdc /dev/cdrom_link   (or modify /etc/xen-mynewdom)
> 2) leave the CD-ROM in the drawer, but don't boot from it
> 3) boot to Xen (my new images, discussed earlier)
> 3a) run "xen_read_console &" as root, to see boot messages  
> 4) start new domains with xenctl
> 
> Steps 1 and 2 are not clear from the 1.0 README.CD.

Phew. 

We hadn't anticipated that anyone would want to use the CD
in quite this manner, but we can update the documentation
accordingly. 
 
> I now have virtual domains booted and can access them.  I will send
> another note describing what I'd like to do to get these living on the
> real (non-ram) file system with NFS and shared /usr etc., but will
> experiment more first.

NFS to domain0 is the way I have my laptop configured and it
works well.

Ian


-------------------------------------------------------
This SF.Net email sponsored by: ApacheCon 2003,
16-19 November in Las Vegas. Learn firsthand the latest
developments in Apache, PHP, Perl, XML, Java, MySQL,
WebDAV, and more! http://www.apachecon.com/
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/xen-devel