WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-users

Re: [Xen-users] UPATED xenbr0 doesn't have an IP (should it?!)

Stuart Rench wrote:
So now I am convinced that something in iptables and nat has gone
awry...but I am EXTREMELY weak on IPTABLES...

If I were to flush all dom0 iptables to start from scratch, what is a
bare minimum to allow for the following basic network architecture?

Gateway - 10.0.0.1
XenServer - 10.0.0.12
Virtual Server - 10.0.0.13

Anyone else on my network - 10.0.0.x
The main thing that affects traffic to and from domU in dom0 is the 
FORWARD chain in the filter table: if you flush this (iptables -F 
FORWARD) then the usual default policy is ACCEPT which means that 
traffic can be forwarded.  The default rule that permits traffic from 
some source vifX.0 phydev is only needed when the table's policy is not 
ACCEPT or when there is some other rule in the FORWARD chain that 
rejects traffic.
You might find "iptables -I FORWARD 1 -j LOG" useful, although, be 
warned, this can generate a _lot_ of messages that will wind up in 
/var/log/messages, but you will be able to see what traffic iptables is 
seeing on that chain.
It's also possible that you have rules in some other table that are 
causing you trouble; running iptables-save will show you all the rules 
in all the chains in all the tables.  You may have something odd in the 
nat table that is giving you grief.
jch

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users