[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-users] Problem start iptables - udp broken

To: xen-users@xxxxxxxxxxxxxxxxxxx
From: Torsten Lehmann <tlehmann@xxxxxxxxxxxxx>
Date: Sun, 26 Nov 2006 12:38:26 +0100 (CET)
Delivery-date: Mon, 27 Nov 2006 02:11:58 -0800
List-id: Xen user discussion <xen-users.lists.xensource.com>

Hallo xen-users!

I have a problem with configuration iptables.
Whats going wrong?

regards Torsten
Launoc

---------------------------------------------------------------------
061123.prob.xen.ipt-ml

Problem:
- after starting firewall (iptables) on eth0,
  all udp-connections (NFS) broken.
- no problem with tcp
- after stop firewall, udp already broken.
- when i removed any modules, udp going up.


Details:

              -----------------
   192.168.1.2|       -| xenU |193.123.123.86
  ------------X  xen0  |------|
          eth0|       -| xenU |
              -----------------


l0:~# ./060302.xm_sh_ver
Linux l0.rz.example.de 2.6.16-xen0 #2 SMP Mon Jul 17 17:09:35 CEST 2006 i6
86 GNU/Linux
 Xen version 3.0.2-2 (root@xxxxxxxxxxxxx) (gcc version 3.3.5 (Debian
1:3.3.5-13)
) Mon Jul 17 16:03:20 CEST 2006
 Latest ChangeSet: Thu Apr 27 14:14:26 2006 +0100 9657:b5d43db15746

l0:~# /etc/init.d/netfilter start
Applying iptables firewall rules:

## - udp broken
##   but not udp-rules defined:

l0:~# iptables -L -n
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           state
RELATED,ESTAB
LISHED
LOG        tcp  --  0.0.0.0/0            0.0.0.0/0           multiport
dports 23
 LOG flags 0 level 7 prefix `INP test: '
DROP       tcp  --  0.0.0.0/0            0.0.0.0/0           multiport
dports 23

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           state
RELATED,ESTAB
LISHED
LOG        tcp  --  0.0.0.0/0            193.123.123.86       multiport
dports 2
3 LOG flags 0 level 7 prefix `fwd test: '
DROP       tcp  --  0.0.0.0/0            193.123.123.86       multiport
dports 2
3

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Chain bad_tcp_packets (0 references)
target     prot opt source               destination
LOG        tcp  --  0.0.0.0/0            0.0.0.0/0           tcp
flags:!0x16/0x0
2 state NEW LOG flags 0 level 7 prefix `bad_tcp New not syn: '
l0:~#

l0:~# /etc/init.d/netfilter stop

## - udp already broken

l0:~# lsmod
Module                  Size  Used by
ipt_multiport           2464  4
ipt_LOG                 6688  3
xt_state                1952  3
ip_conntrack           43608  1 xt_state
xt_tcpudp               3648  1
iptable_filter          2528  1
ip_tables              12276  1 iptable_filter
x_tables               10436  5
ipt_multiport,ipt_LOG,xt_state,xt_tcpudp,ip_tabl
es
bridge                 50996  0
sg                     28892  0
sworks_agp              7936  0
agpgart                30504  1 sworks_agp
e100                   34308  0
mii                     5088  1 e100
sr_mod                 13988  0
cdrom                  39072  1 sr_mod

l0:~# /etc/init.d/netfilter stop
l0:~# rmmod xt_state ip_conntrack

## - udp running!
##   ...workaround...
##   -> Modul ip_conntrack blocked udp


---------------------------------------------------------------------


_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users

Follow-Ups:
- Re: [Xen-users] Problem start iptables - udp broken
  - From: Abel Martín

Prev by Date: Re: [Xen-users] NetBSD DomU in Debian Dom0 fails to find boot/root/devices
Next by Date: RE: [Xen-users] Why the unmodified guest os can run on xen while hardware supports VT?
Previous by thread: [Xen-users] Problem with Saving a VM state
Next by thread: Re: [Xen-users] Problem start iptables - udp broken
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.