[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-users] Cannot access domU's network in a network-route and vif-route setup

  • To: xen-users@xxxxxxxxxxxxxxxxxxx
  • From: "Md Mooktakim Ahmed" <mma@xxxxxxxxxxxxx>
  • Date: Fri, 12 May 2006 17:00:36 +0100 (BST)
  • Delivery-date: Fri, 12 May 2006 09:01:14 -0700
  • List-id: Xen user discussion <xen-users.lists.xensource.com>
I need something like the ALL command but in reverse. eg:
ACCEPT     all  --  anywhere  MY_DOMU_HOSTNAME     PHYSDEV match --physdev-in 
vif1.0

Does anyone know how to do this? What should i add to vif-common.sh to 
permanent this?
I use shorewall for this exact reason.

On Fri, May 12, 2006 12:42 pm, Md Mooktakim Ahmed wrote:
>

> Hello,
>
>
> I have setup my domU's with route. Everything is working with my domU's. I 
> set the
> default route to be eth0, which allowed them to access the outside world. I 
> can install
> firewall on the domU, but i haven't been able to install one on dom0 (it 
> stops the
> domU's network working). But anyway this email is about dom0 not being able 
> to talk to
> domU's.
>
> See its a strange thing. I hadn't noticed this before becuase i usually ping 
> things to
> test it. Ping works just fine. I can ping the domU's and they will respond. 
> However if i
> try anything like ssh, no response. So i have a look at iptables -L :
>
>
> ACCEPT     all  --  MY_DOMU_HOSTNAME  anywhere            PHYSDEV match 
> --physdev-in
> vif1.0 ACCEPT     udp  --  anywhere             anywhere            PHYSDEV 
> match
> --physdev-in
> vif1.0 udp spt:bootpc dpt:bootps
>
> It seems only UDP's are getting through. I can't connect to the domU's using 
> any TCP
> transport. Has anyone had this problem before?
> I haven't changed anything special to the vif and network -route files. I'm 
> using the
> latest stable xen, installed on Centos 4.3 (without rpm).
>
> Also in an ideal world i would like to install Shorewall on my dom0 and still 
> have the
> independent network on the domU's (install their own firewall's if needed).
>
> Thanks for the help.
>
>
>
> _______________________________________________
> Xen-users mailing list
> Xen-users@xxxxxxxxxxxxxxxxxxx
> http://lists.xensource.com/xen-users
>
>
>


-- 
Website: http://www.mooktakim.com
email: mma@xxxxxxxxxxxxx


_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.