WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-users

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Xen-users] UPATED xenbr0 doesn't have an IP (should it?!)

from [John Haxby] [Permanent Link][Original]
To: Stuart Rench <Stuart.Rench@xxxxxxxxxxxx>
Subject: Re: [Xen-users] UPATED xenbr0 doesn't have an IP (should it?!)
From: John Haxby <john.haxby@xxxxxxxxxx>
Date: Mon, 28 Apr 2008 10:02:07 +0100
Cc: xen-users@xxxxxxxxxxxxxxxxxxx
Delivery-date: Mon, 28 Apr 2008 02:03:38 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
In-reply-to: <C6119BB3AD041048ABE4A72EBB59679118102B@xxxxxxxxxxxxxxxxxxxxxx>
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
References: <48047651.1030805@xxxxxxxx><200804221041.30314.fjwcash@xxxxxxxxx><4811694B.7040000@xxxxxxxx><200804250835.57392.fjwcash@xxxxxxxxx> <C6119BB3AD041048ABE4A72EBB59679118101F@xxxxxxxxxxxxxxxxxxxxxx> <C6119BB3AD041048ABE4A72EBB596791181020@xxxxxxxxxxxxxxxxxxxxxx> <C6119BB3AD041048ABE4A72EBB59679118102B@xxxxxxxxxxxxxxxxxxxxxx>
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: Thunderbird 2.0.0.12 (X11/20080226) 
Stuart Rench wrote:

So now I am convinced that something in iptables and nat has gone
awry...but I am EXTREMELY weak on IPTABLES...

If I were to flush all dom0 iptables to start from scratch, what is a
bare minimum to allow for the following basic network architecture?

Gateway - 10.0.0.1
XenServer - 10.0.0.12
Virtual Server - 10.0.0.13

Anyone else on my network - 10.0.0.x

The main thing that affects traffic to and from domU in dom0 is the 
FORWARD chain in the filter table: if you flush this (iptables -F 
FORWARD) then the usual default policy is ACCEPT which means that 
traffic can be forwarded.  The default rule that permits traffic from 
some source vifX.0 phydev is only needed when the table's policy is not 
ACCEPT or when there is some other rule in the FORWARD chain that 
rejects traffic.

You might find "iptables -I FORWARD 1 -j LOG" useful, although, be 
warned, this can generate a _lot_ of messages that will wind up in 
/var/log/messages, but you will be able to see what traffic iptables is 
seeing on that chain.

It's also possible that you have rules in some other table that are 
causing you trouble; running iptables-save will show you all the rules 
in all the chains in all the tables.  You may have something odd in the 
nat table that is giving you grief.

jch

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users
















[More with this subject...]










<Prev in Thread]
Current Thread
[Next in Thread>



















Previous by Date: 
[Xen-users] conntrack_ftp problem domU not responding, Markus Hardiyanto




Next by Date: 
Re: [Xen-users] dd trough scp with tar, John Haxby




Previous by Thread: 
RE: [Xen-users] UPATED xenbr0 doesn't have an IP (should it?!), Stuart Rench




Next by Thread: 
[Xen-users] Release: InetBoot (GRUB + BuildRoot + HTTP-FUSE), Kuniyasu Suzaki




Indexes: 
[Date]
[Thread]
[Top]
[All Lists]











   
  

  

     
   
  









  
Copyright
       2005-2025, Citrix Systems Inc. All rights reserved. 
   Legal and Privacy