[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-users] iptables and state matches (established, related)

To: xen-users@xxxxxxxxxxxxxxxxxxx
From: Geert Janssens <info@xxxxxxxxxxxx>
Date: Mon, 30 Apr 2007 16:29:50 +0200
Delivery-date: Mon, 30 Apr 2007 07:28:32 -0700
List-id: Xen user discussion <xen-users.lists.xensource.com>

Hi,

I'm just about to setup xen together with iptables, so this statement slightly 
worries me.

Do you have more details (or a link to them) about this problem ? What are the 
exact symptoms and in which circumstances do the occur ?

For example, is this a problem when using iptables in dom0 or in domU or in 
both ?

Or does it only happen when trying to apply connection tracking on the bridge 
level ?

Geert

On Saturday 28 April 2007 14:49, John Hannfield wrote:
> This is a known problem with Xen 3.0.x  and iptables connection tracking.
> Connection tracking and state filtering only works as long as xen is
> not running.
> Try doing this:
>
> echo "0" >/proc/sys/net/bridge/bridge-nf-call-iptables
>
> That fixed it for me.

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users

References:
- [Xen-users] iptables and state matches (established, related)
  - From: Andrey Oreshnikov
- Re: [Xen-users] iptables and state matches (established, related)
  - From: Tomas Lund
- Re: [Xen-users] iptables and state matches (established, related)
  - From: John Hannfield

Prev by Date: Re: [Xen-users] error creating domain in xen 3.0.5
Next by Date: [Xen-devel] RE: [Xen-users] error creating domain in xen 3.0.5
Previous by thread: Re: [Xen-users] iptables and state matches (established, related)
Next by thread: [Xen-users] Help with a transfer
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.