WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-users

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Xen-users] so close! an iptables rule away.....

from [Rob Dyke] [Permanent Link][Original]
To: xen-users@xxxxxxxxxxxxxxxxxxx
Subject: [Xen-users] so close! an iptables rule away.....
From: Rob Dyke <robdyke@xxxxxxxxx>
Date: Wed, 23 Nov 2005 19:55:44 +0000
Delivery-date: Wed, 23 Nov 2005 23:59:40 +0000
Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:mime-version:content-transfer-encoding:message-id:content-type:to:subject:date:x-mailer:from; b=rCvqXxL+bViO4GorXTAF4y21LaZ2q9dowWo5P53eg3Awsvl8LMspUuvYgDr4O2VJka2MKxVB0yn48vchD8A5k8CylShFJMH0aQmV474IV34yDMC5kdI/GIJFROz4xg4vKMKt6E3p33yaVlnR4thphO6Bq6UNto/yQ/U0wGtUQMo=
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx 
Hi,
I've been making leaps and strides with Xen on FC4. It has been easy to get installed and to start our first virtual host. I've got one outstanding issue with iptables that is preventing me progressing further. 

This is a colo'd server. It has s single NIC with public IPs.
The bridge is set to come up binding vif* <> xen-br0 <> eth1.
I can start a virtual host and I am able to ping & SSH to the virtual host.
I am not able to resolve DNS query from my virtual host though - tcpdump shows Admin Prohibited e.g.: 14:45:01.527142 IP dellserver.comwifinet.lan > vm- colo1.comwifinet.lan: icmp 80: host 217.160.133.239 unreachable - admin prohibited
If I drop IP tables then all name resolution works from the virtual machines.
I have not had any success with adding the iptables rules as shown in the wiki 

# iptables -L -v -n
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination 8216 809K RH-Firewall-1-INPUT all -- * * 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 PHYSDEV match --physdev-in eth1 ! --physdev-out eth1 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 PHYSDEV match ! --physdev-in eth1 --physdev-out eth1 

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination 1844 216K RH-Firewall-1-INPUT all -- * * 0.0.0.0/0 0.0.0.0/0 

Chain OUTPUT (policy ACCEPT 1256 packets, 373K bytes)
pkts bytes target prot opt in out source destination 

Chain RH-Firewall-1-INPUT (2 references)
pkts bytes target prot opt in out source destination 42 3108 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0 19 1540 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 255 0 0 ACCEPT esp -- * * 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT ah -- * * 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT udp -- * * 0.0.0.0/0 224.0.0.251 udp dpt:5353 0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:631 3296 287K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 2 116 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:143 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:53 9 740 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22 7 336 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:25 4 228 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:80 6681 732K REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited 

Running 2.6.12-1.1398_FC4xen0
I have read https://bugzilla.redhat.com/bugzilla/show_bug.cgi? id=161792 - is this the cause of my problems? do I need to run a newer kernel to resolve this issue?
Thanks for any advice - please prompt me to supply further info (e.g. credit card number, inside leg measurement, etc......) 

/rob

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
  • [Xen-users] so close! an iptables rule away....., Rob Dyke <=
Previous by Date:  [Xen-users] Re: [Xen-devel] ERROR network-bridge, Litux (sent by Nabble.com)
Next by Date:  [Xen-users] Network configuration for domU/installing modules for domU, Amitayu Das
Previous by Thread:  [Xen-users] Re: [Xen-devel] ERROR network-bridge, Litux (sent by Nabble.com)
Next by Thread:  [Xen-users] Network configuration for domU/installing modules for domU, Amitayu Das
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy