|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-devel] Re: Qestion about the Xen network?
2010/10/22 Samuel Thibault <samuel.thibault@xxxxxxxxxxxx> Bei Guan, le Fri 22 Oct 2010 22:25:02 +0800, a écrit : Hi Samuel, With the libvrit, my PV can access to the outside network now. But it is something like NAT network, outside host can not access to the PV. Now I try to using the Xen bridge to configure my PV's network. As you say, the bridge here is "eth0", not "xenbr0". So in the PV configuration file, the net interface is vif = ['bridge=eth0'] After the PV (ubuntu) rebooting, I set its ip as 192.168.1.186. I can "ping" other host that are the in the same ethernet with the PV (192.168) successfully from Ubuntu. However, I can not access to my Ubuntu from host in ethernet "192.168". And my Ubuntu also can not "ping" the outside networ such as " 61.135.169.105". I think maybe some configuration is not correct, but i can not find it. The following data maybe useful to find the reason. Ping the outside internet from PV Ubuntu(192.168.1.186). root@ubuntu:~# ping 61.135.169.105 connect: Network is unreachable Ping the PV Ubuntu(192.168.1.186) from host(192.168.1.215) in the same ethernet. My Dom0’s ip is 192.168.1.129. [root@localhost ~]# ping 192.168.1.186 PING 192.168.1.186 (192.168.1.186) 56(84) bytes of data. >From 192.168.1.129 icmp_seq=1 Destination Host Prohibited >From 192.168.1.129 icmp_seq=2 Destination Host Prohibited >From 192.168.1.129 icmp_seq=3 Destination Host Prohibited >From 192.168.1.129 icmp_seq=4 Destination Host Prohibited >From 192.168.1.129 icmp_seq=5 Destination Host Prohibited >From 192.168.1.129 icmp_seq=6 Destination Host Prohibited >From 192.168.1.129 icmp_seq=7 Destination Host Prohibited --- 192.168.1.186 ping statistics --- 7 packets transmitted, 0 received, +7 errors, 100% packet loss, time 5995ms The data tcpdump caught as following. [root@localhost ~]# tcpdump -i eth0 -nn host 192.168.1.186 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes 21:03:46.478403 arp who-has 192.168.1.186 tell 192.168.1.215 21:03:46.478452 arp reply 192.168.1.186 is-at 00:21:9b:67:fb:b5 21:03:46.479022 IP 192.168.1.215 > 192.168.1.186: ICMP echo request, id 20242, seq 1, length 64 21:03:47.471539 IP 192.168.1.215 > 192.168.1.186: ICMP echo request, id 20242, seq 2, length 64 21:03:48.470562 IP 192.168.1.215 > 192.168.1.186: ICMP echo request, id 20242, seq 3, length 64 21:03:49.469642 IP 192.168.1.215 > 192.168.1.186: ICMP echo request, id 20242, seq 4, length 64 21:03:50.468594 IP 192.168.1.215 > 192.168.1.186: ICMP echo request, id 20242, seq 5, length 64 21:03:51.468415 IP 192.168.1.215 > 192.168.1.186: ICMP echo request, id 20242, seq 6, length 64 21:03:52.468643 IP 192.168.1.215 > 192.168.1.186: ICMP echo request, id 20242, seq 7, length 64 My dom0 iptables: [root@localhost test1]# iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination ACCEPT udp -- anywhere anywhere udp dpt:domain ACCEPT tcp -- anywhere anywhere tcp dpt:domain ACCEPT udp -- anywhere anywhere udp dpt:bootps ACCEPT tcp -- anywhere anywhere tcp dpt:bootps RH-Firewall-1-INPUT all -- anywhere anywhere Chain FORWARD (policy ACCEPT) target prot opt source destination ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED PHYSDEV match --physdev-out vif7.1 ACCEPT udp -- anywhere anywhere PHYSDEV match --physdev-in vif7.1 udp spt:bootpc dpt:bootps ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED PHYSDEV match --physdev-out vif7.1 ACCEPT all -- localhost anywhere PHYSDEV match --physdev-in vif7.1 ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED PHYSDEV match --physdev-out vif7.0 ACCEPT all -- anywhere anywhere PHYSDEV match --physdev-in vif7.0 ACCEPT all -- anywhere localhost/24 state RELATED,ESTABLISHED ACCEPT all -- localhost/24 anywhere ACCEPT all -- anywhere anywhere REJECT all -- anywhere anywhere reject-with icmp-port-unreachable REJECT all -- anywhere anywhere reject-with icmp-port-unreachable REJECT all -- anywhere anywhere reject-with icmp-host-prohibited Chain OUTPUT (policy ACCEPT) target prot opt source destination Chain RH-Firewall-1-INPUT (1 references) target prot opt source destination ACCEPT all -- anywhere anywhere ACCEPT icmp -- anywhere anywhere icmp any ACCEPT esp -- anywhere anywhere ACCEPT ah -- anywhere anywhere ACCEPT udp -- anywhere 224.0.0.251 udp dpt:mdns ACCEPT udp -- anywhere anywhere udp dpt:ipp ACCEPT tcp -- anywhere anywhere tcp dpt:ipp ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ftp ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:nfs ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:telnet ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:http ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:https ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:smtp My bridge info: [root@localhost test1]# brctl show bridge name bridge id STP enabled interfaces eth0 8000.0024e839fa54 no peth0 vif7.0 vif7.1 virbr0 8000.000000000000 no My network interface: [root@localhost test1]# ifconfig eth0 Link encap:Ethernet HWaddr 00:24:E8:39:FA:54 inet addr:192.168.1.129 Bcast:192.168.1.255 Mask:255.255.255.0 inet6 addr: fe80::224:e8ff:fe39:fa54/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:138634 errors:0 dropped:0 overruns:0 frame:0 TX packets:31385 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:29362891 (28.0 MiB) TX bytes:5957728 (5.6 MiB) lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:1915 errors:0 dropped:0 overruns:0 frame:0 TX packets:1915 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:3136132 (2.9 MiB) TX bytes:3136132 (2.9 MiB) peth0 Link encap:Ethernet HWaddr 00:24:E8:39:FA:54 inet6 addr: fe80::224:e8ff:fe39:fa54/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:144620 errors:0 dropped:0 overruns:0 frame:0 TX packets:31686 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:100 RX bytes:31634537 (30.1 MiB) TX bytes:6025862 (5.7 MiB) Memory:fe6e0000-fe700000 vif7.0 Link encap:Ethernet HWaddr FE:FF:FF:FF:FF:FF inet6 addr: fe80::fcff:ffff:feff:ffff/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:64 errors:0 dropped:0 overruns:0 frame:0 TX packets:17333 errors:0 dropped:28 overruns:0 carrier:0 collisions:0 txqueuelen:32 RX bytes:16284 (15.9 KiB) TX bytes:1075564 (1.0 MiB) vif7.1 Link encap:Ethernet HWaddr FE:FF:FF:FF:FF:FF inet6 addr: fe80::fcff:ffff:feff:ffff/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:43 errors:0 dropped:17360 overruns:0 carrier:0 collisions:0 txqueuelen:32 RX bytes:0 (0.0 b) TX bytes:8116 (7.9 KiB) virbr0 Link encap:Ethernet HWaddr 00:00:00:00:00:00 inet addr:192.168.122.1 Bcast:192.168.122.255 Mask:255.255.255.0 inet6 addr: fe80::200:ff:fe00:0/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:37 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:0 (0.0 b) TX bytes:5621 (5.4 KiB) Any advice from you is appreciated. Thank you very much! Bei Guan Samuel _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |