[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-users] Cannot access domU's network in a network-route and vif-route setup

  • To: xen-users@xxxxxxxxxxxxxxxxxxx
  • From: "Md Mooktakim Ahmed" <mma@xxxxxxxxxxxxx>
  • Date: Mon, 15 May 2006 20:27:16 +0100 (BST)
  • Delivery-date: Mon, 15 May 2006 12:27:50 -0700
  • List-id: Xen user discussion <xen-users.lists.xensource.com>
THIS WORKED!!!

I ran that command from dom0 on the vif interfaces.
To make this run on every vif interface i edited /etc/xen/scripts/vif-common.sh 
and
added a line just before the iptables command on line 76:
  ethtool -K "$vif" tx off
  iptables "$c" FORWARD -m physdev --physdev-in "$vif" "$@" -j ACCEPT \
    2>/dev/null ||
    [ "$c" == "-D" ] ||
    log err \
     "iptables $c FORWARD -m physdev --physdev-in $vif $@ -j ACCEPT failed.
If you are using iptables, this may affect networking for guest domains."


Thats it :D:D

On Fri, May 12, 2006 5:54 pm, list user wrote:
> Md Mooktakim Ahmed wrote:
>
>> Nope i'm wrong. I tried every combination i could think of:
>> ACCEPT     all  --  82.165.37.189        0.0.0.0/0           PHYSDEV match
>> --physdev-in
>> vif43.0 ACCEPT     all  --  0.0.0.0/0            82.165.37.189       PHYSDEV 
>> match
>> --physdev-in
>> vif43.0 ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           PHYSDEV 
>> match
>> --physdev-in
>> vif43.0 ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           PHYSDEV 
>> match
>> --physdev-out
>> vif43.0 ACCEPT     all  --  82.165.27.12         82.165.37.189       PHYSDEV 
>> match
>> --physdev-in
>> vif43.0 ACCEPT     all  --  82.165.27.12         82.165.37.189       PHYSDEV 
>> match
>> --physdev-out
>> vif43.0 ACCEPT     all  --  82.165.37.189        82.165.27.12        PHYSDEV 
>> match
>> --physdev-in
>> vif43.0 ACCEPT     all  --  82.165.37.189        82.165.27.12        PHYSDEV 
>> match
>> --physdev-out
>> vif43.0
>>
>>
>> 82.165.27.12 dom0
>> 82.165.37.189 domU
>>
>>
>> I still can't ssh to domU from dom0.
>> I just don't get it. I can ping it.
>>
>
> Hello,
>
>
> This look like the infamous checksum errors problem.  Bit me, too.
>
>
> Try "ethtool -K eth?? tx off" on your virtual ethernet cards.  That
> _may_ solve the problem.
>
>
> hope that helps
>
>>
>> On Fri, May 12, 2006 5:00 pm, Md Mooktakim Ahmed wrote:
>>
>>
>>> I need something like the ALL command but in reverse. eg:
>>> ACCEPT     all  --  anywhere  MY_DOMU_HOSTNAME     PHYSDEV match 
>>> --physdev-in vif1.0
>>>
>>>
>>>
>>> Does anyone know how to do this? What should i add to vif-common.sh to 
>>> permanent
>>> this? I use shorewall for this exact reason.
>>>
>>>
>>>
>>> On Fri, May 12, 2006 12:42 pm, Md Mooktakim Ahmed wrote:
>>>
>>>
>>>
>>>> Hello,
>>>>
>>>>
>>>>
>>>>
>>>> I have setup my domU's with route. Everything is working with my domU's. I 
>>>> set
>>>> the default route to be eth0, which allowed them to access the outside 
>>>> world. I
>>>> can install firewall on the domU, but i haven't been able to install one 
>>>> on dom0
>>>> (it stops
>>>> the domU's network working). But anyway this email is about dom0 not being 
>>>> able to
>>>>  talk to domU's.
>>>>
>>>> See its a strange thing. I hadn't noticed this before becuase i usually 
>>>> ping
>>>> things to test it. Ping works just fine. I can ping the domU's and they 
>>>> will
>>>> respond. However if i try anything like ssh, no response. So i have a look 
>>>> at
>>>> iptables -L :
>>>>
>>>>
>>>> ACCEPT     all  --  MY_DOMU_HOSTNAME  anywhere            PHYSDEV match
>>>> --physdev-in
>>>> vif1.0 ACCEPT     udp  --  anywhere             anywhere            
>>>> PHYSDEV match
>>>> --physdev-in
>>>> vif1.0 udp spt:bootpc dpt:bootps
>>>>
>>>> It seems only UDP's are getting through. I can't connect to the domU's 
>>>> using any
>>>> TCP
>>>> transport. Has anyone had this problem before? I haven't changed anything 
>>>> special
>>>> to the vif and network -route files. I'm using the latest stable xen, 
>>>> installed on
>>>> Centos
>>>> 4.3 (without rpm).
>>>>
>>>>
>>>>
>>>> Also in an ideal world i would like to install Shorewall on my dom0 and 
>>>> still
>>>> have the independent network on the domU's (install their own firewall's if
>>>> needed).
>>>>
>>>> Thanks for the help.
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> _______________________________________________
>>>> Xen-users mailing list
>>>> Xen-users@xxxxxxxxxxxxxxxxxxx
>>>> http://lists.xensource.com/xen-users
>>>>
>>>>
>>>>
>>>>
>>>>
>>>
>>>
>>> --
>>> Website: http://www.mooktakim.com
>>> email: mma@xxxxxxxxxxxxx
>>>
>>>
>>>
>>>
>>> _______________________________________________
>>> Xen-users mailing list
>>> Xen-users@xxxxxxxxxxxxxxxxxxx
>>> http://lists.xensource.com/xen-users
>>>
>>>
>>>
>>>
>>
>>
>>
>
> _______________________________________________
> Xen-users mailing list
> Xen-users@xxxxxxxxxxxxxxxxxxx
> http://lists.xensource.com/xen-users
>
>
>


-- 
Website: http://www.mooktakim.com
email: mma@xxxxxxxxxxxxx


_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.