[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-users] Problem start iptables - udp broken

  • To: "PAINCHAUD Christophe" <cpainchaud@xxxxxxxxxxx>, tlehmann@xxxxxxxxxxxxx
  • From: "Abel Martín" <abel.martin.ruiz@xxxxxxxxx>
  • Date: Tue, 28 Nov 2006 10:22:53 +0100
  • Cc: xen-users@xxxxxxxxxxxxxxxxxxx
  • Delivery-date: Tue, 28 Nov 2006 01:23:03 -0800
  • Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=OpGnmcf6RtUTtvc9lKC9sc0+Q3CtpZlLRQiBWVjPuwwOqRZSdatbaHLzpo5b41diG+f/A0HR4Ir6U4xEtbkg6JZWFW4Fn7nQITFNN8hi5u+yITFdlkAN1g3i+QuokGXE2jgaj0MrVeF3/H6zrQV1KQlWurC6Q808x2qoDKYIwvQ=
  • List-id: Xen user discussion <xen-users.lists.xensource.com>
On 11/28/06, PAINCHAUD Christophe <cpainchaud@xxxxxxxxxxx> wrote:




Hello,

        Did you run 'ethtool -K ethX tx off' on all your domU interfaces ?

Yes, he did. Read above...

Christophe Painchaud



On 11/27/06, Torsten Lehmann <tlehmann@xxxxxxxxxxxxx> wrote:
> l1:~# tcpdump -vv -n -i eth0  host NFSserver and udp
> 17:15:04.814142 IP (tos 0x0, ttl  64, id 65529, offset 0, flags [+],
> length: 1500) 193.123.123.86.2879998019 > 193.123.123.85.2049: 1472 write
> [|nfs]
> 17:15:04.814203 IP (tos 0x0, ttl  64, id 65529, offset 1480, flags [none],
> length: 720) 193.123.123.86 > 193.123.123.85: udp
> 17:15:05.266099 IP (tos 0x0, ttl  64, id 65530, offset 0, flags [+],
> length: 1500) 193.123.123.86.2896775235 > 193.123.123.85.2049: 1472 write
> [|nfs]
> 17:15:05.266176 IP (tos 0x0, ttl  64, id 65530, offset 1480, flags [none],
> length: 720) 193.123.123.86 > 193.123.123.85: udp
> 17:15:05.714048 IP (tos 0x0, ttl  64, id 65531, offset 0, flags [+],
> length: 1500) 193.123.123.86.2913552451 > 193.123.123.85.2049: 1472 write
> [|nfs]
> 17:15:05.714122 IP (tos 0x0, ttl  64, id 65531, offset 1480, flags [none],
> length: 720) 193.123.123.86 > 193.123.123.85: udp
>
This is telling you that domU's eth0 interface is not getting any
response from NFS server. The problem might reside on domU's network
configuration or dom0 network (don't think it's on NFS server
networking, althoug you could check to find out more info).
>
> ## - dump on xen0
> l0:~# tcpdump -vv -n -i eth0  host NFSserver and udp
> ## ... nothing...
>
> - xen0:eth0 seen to be blind...
If you're using Xen bridged networking you should try to run tcpdump
on the bridge interface in dom0.
>
> Any solutions?
Might be related to bridged networking when applying iptables rules to
a bridged interface (eth0, in your case). If you aren't using bridged
networking I have no idea of what could be happening... In any case
your workaround is interesting. Are your sure that this solves the
problem or does it go away after waiting for some time? Does your
netfilter script play with the interfaces? Could you post its content?
>
>
> regards Torsten
> Launoc
>

lists.xensource.com/xen-users

I forgot to ask you. Are you trying to filter traffic for domU in
dom0? If you are trying to do this with iptables and Xen bridged
networking it has no sense, since a bridged device is a link layer
device and iptables works above at network and trasport layer. If you
are using Xen routed networking I have no experience with such
configuration.

Or maybe you are trying to run iptables on domU... Please, provide this info.

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.