|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-users] Cannot access domU's network in a network-route and vif-route setup
Nope i'm wrong. I tried every combination i could think of: ACCEPT all -- 82.165.37.189 0.0.0.0/0 PHYSDEV match --physdev-in vif43.0 ACCEPT all -- 0.0.0.0/0 82.165.37.189 PHYSDEV match --physdev-in vif43.0 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 PHYSDEV match --physdev-in vif43.0 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 PHYSDEV match --physdev-out vif43.0 ACCEPT all -- 82.165.27.12 82.165.37.189 PHYSDEV match --physdev-in vif43.0 ACCEPT all -- 82.165.27.12 82.165.37.189 PHYSDEV match --physdev-out vif43.0 ACCEPT all -- 82.165.37.189 82.165.27.12 PHYSDEV match --physdev-in vif43.0 ACCEPT all -- 82.165.37.189 82.165.27.12 PHYSDEV match --physdev-out vif43.0 82.165.27.12 dom0 82.165.37.189 domU I still can't ssh to domU from dom0. I just don't get it. I can ping it. On Fri, May 12, 2006 5:00 pm, Md Mooktakim Ahmed wrote: > I need something like the ALL command but in reverse. eg: > ACCEPT all -- anywhere MY_DOMU_HOSTNAME PHYSDEV match --physdev-in > vif1.0 > > > Does anyone know how to do this? What should i add to vif-common.sh to > permanent this? > I use shorewall for this exact reason. > > > On Fri, May 12, 2006 12:42 pm, Md Mooktakim Ahmed wrote: > >> > >> Hello, >> >> >> >> I have setup my domU's with route. Everything is working with my domU's. I >> set the >> default route to be eth0, which allowed them to access the outside world. I >> can >> install firewall on the domU, but i haven't been able to install one on dom0 >> (it stops >> the domU's network working). But anyway this email is about dom0 not being >> able to >> talk to domU's. >> >> See its a strange thing. I hadn't noticed this before becuase i usually ping >> things >> to test it. Ping works just fine. I can ping the domU's and they will >> respond. However >> if i try anything like ssh, no response. So i have a look at iptables -L : >> >> >> ACCEPT all -- MY_DOMU_HOSTNAME anywhere PHYSDEV match >> --physdev-in >> vif1.0 ACCEPT udp -- anywhere anywhere PHYSDEV >> match >> --physdev-in >> vif1.0 udp spt:bootpc dpt:bootps >> >> It seems only UDP's are getting through. I can't connect to the domU's using >> any TCP >> transport. Has anyone had this problem before? I haven't changed anything >> special to >> the vif and network -route files. I'm using the latest stable xen, installed >> on Centos >> 4.3 (without rpm). >> >> >> Also in an ideal world i would like to install Shorewall on my dom0 and >> still have >> the independent network on the domU's (install their own firewall's if >> needed). >> >> Thanks for the help. >> >> >> >> >> _______________________________________________ >> Xen-users mailing list >> Xen-users@xxxxxxxxxxxxxxxxxxx >> http://lists.xensource.com/xen-users >> >> >> >> > > > -- > Website: http://www.mooktakim.com > email: mma@xxxxxxxxxxxxx > > > > _______________________________________________ > Xen-users mailing list > Xen-users@xxxxxxxxxxxxxxxxxxx > http://lists.xensource.com/xen-users > > > -- Website: http://www.mooktakim.com email: mma@xxxxxxxxxxxxx _______________________________________________ Xen-users mailing list Xen-users@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-users
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |