[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [Xen-users] strange networking issue in xen DomU

I would guess from your logs that your DomU simply misses a default route, so it can only send out packets to the 143.215.129.0 network.

 

Try adding a default route in your DomU, e.g. by calling “ip route add default via $gateway_ip_address dev eth0”. $gateway_ip_address should be your routing box that connects to outside networks.

 

From: xen-users-bounces@xxxxxxxxxxxxxxxxxxx [mailto:xen-users-bounces@xxxxxxxxxxxxxxxxxxx] On Behalf Of Sarika Ray
Sent: 03 December 2008 06:19
To: xen-users@xxxxxxxxxxxxxxxxxxx
Subject: [Xen-users] strange networking issue in xen DomU

 

I have a xen 3.2.0 setup with 2.6.18. XenoLinux kernel and FC8 Dom0 file system. I have used xen-tools to create a Debian-Etch DomU.

With the default setup I was not able to  ping to any other host except Dom0. I guess that was due to forward chaining issue with my Dom0. But then I modified my iptables configuration in Dom0 to comment out the  forwarding rule that was rejecting everything. So now I am being able to ping to all the hosts in the same L3 subnet as my DomU but not not anything other than that.

So could any please tell me what I am doing wrong? I am including some details below. Let me know if I am missing to provide some necessary information.

**********
my  DomU  config file is as  follows:
#
# Configuration file for the Xen instance dmvirt1.xxx, created
# by xen-tools 3.9 on Tue Dec  2 17:51:45 2008.
#

#
#  Kernel + memory size
#
kernel      = '/boot/vmlinuz-2.6.18.8-xen'
ramdisk     = '/boot/initrd-2.6.18.8-xen.img'
memory      = '128'

#
#  Disk device(s).
#
root        = '/dev/sda2 ro'
disk        = [
                  'phy:/dev/DomUVols/dmvirt1.xxx-swap,sda1,w',
                  'phy:/dev/DomUVols/dmvirt1.xxx-disk,sda2,w',
              ]


#
#  Hostname
#
name        = 'dmvirt1.xxxx'

#
#  Networking
#
vif         = [ 'ip=143.215.129.1xx,mac=00:16:3E:88:22:AA' ]

vfb = ['type=vnc']
#
#  Behaviour
#

on_reboot   = 'restart'
on_crash    = 'restart'

extra = "xencons=xvc console=xvc console=tty"
*******************

*****************
Some other DomU Details

dmvirt1:~# ifconfig
eth0      Link encap:Ethernet  HWaddr 00:16:3E:88:22:AA 
          inet addr:143.215.129.157  Bcast:143.215.129.255  Mask:255.255.255.0
          inet6 addr: fe80::216:3eff:fe88:22aa/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:1206 errors:0 dropped:0 overruns:0 frame:0
          TX packets:68 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:114259 (111.5 KiB)  TX bytes:10024 (9.7 KiB)

lo        Link encap:Local Loopback 
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)


dmvirt1:~# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
143.215.129.0   0.0.0.0         255.255.255.0   U     0      0        0 eth0


dmvirt1:/etc# cat /etc/network/interfaces
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface
auto eth0
iface eth0 inet static
 address 143.215.129.1xx
 gateway 143.215.129.1
 netmask 255.255.255.0
  broadcast ${broadcast}
 
 # post-up  ethtool -K eth0 tx off

#
# The commented out line above will disable TCP checksumming which
# might resolve problems for some users.  It is disabled by default
#





dmvirt1:~# ping www.yahoo.com
ping: unknown host www.yahoo.com
dmvirt1:~# ping 69.147.76.15
connect: Network is unreachable



*******************
Dom0 Details

[root@kahn dev]# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination        
RH-Firewall-1-INPUT  all  --  anywhere             anywhere           

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination        
ACCEPT     all  --  dmvirt1              anywhere            PHYSDEV match --physdev-in vif17.0
ACCEPT     udp  --  anywhere             anywhere            PHYSDEV match --physdev-in vif17.0 udp spt:bootpc dpt:bootps

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination        

Chain RH-Firewall-1-INPUT (1 references)
target     prot opt source               destination        
ACCEPT     all  --  anywhere             anywhere           
ACCEPT     icmp --  anywhere             anywhere            icmp any
ACCEPT     esp  --  anywhere             anywhere           
ACCEPT     ah   --  anywhere             anywhere           
ACCEPT     udp  --  anywhere             224.0.0.251         udp dpt:mdns
ACCEPT     udp  --  anywhere             anywhere            udp dpt:ipp
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:ipp
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:ssh
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:http
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:nfs
ACCEPT     udp  --  anywhere             anywhere            state NEW udp dpt:nfs
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:https
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:domain
ACCEPT     udp  --  anywhere             anywhere            state NEW udp dpt:domain
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:sunrpc
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:telnet
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:cvspserver
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpts:terabase:pxc-splr-ft
ACCEPT     udp  --  anywhere             anywhere            state NEW udp dpts:terabase:pxc-splr-ft
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:teradataordbms
REJECT     all  --  anywhere             anywhere            reject-with icmp-host-prohibited


[root@kahn dev]# ifconfig
eth0      Link encap:Ethernet  HWaddr 00:1A:A0:1B:88:E1 
          inet addr:143.215.129.2xx  Bcast:143.215.129.255  Mask:255.255.255.0
          inet6 addr: fe80::21a:a0ff:fe1b:88e1/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:506521 errors:0 dropped:0 overruns:0 frame:0
          TX packets:165558 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:423458331 (403.8 MiB)  TX bytes:11964484 (11.4 MiB)

lo        Link encap:Local Loopback 
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:235929 errors:0 dropped:0 overruns:0 frame:0
          TX packets:235929 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:36772495 (35.0 MiB)  TX bytes:36772495 (35.0 MiB)

peth0     Link encap:Ethernet  HWaddr 00:1A:A0:1B:88:E1 
          inet6 addr: fe80::21a:a0ff:fe1b:88e1/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:553720 errors:0 dropped:0 overruns:0 frame:0
          TX packets:162980 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:434130358 (414.0 MiB)  TX bytes:13050967 (12.4 MiB)
          Interrupt:20

vif17.0   Link encap:Ethernet  HWaddr FE:FF:FF:FF:FF:FF 
          inet6 addr: fe80::fcff:ffff:feff:ffff/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:361 errors:0 dropped:0 overruns:0 frame:0
          TX packets:4092 errors:0 dropped:5 overruns:0 carrier:0
          collisions:0 txqueuelen:32
          RX bytes:43052 (42.0 KiB)  TX bytes:393229 (384.0 KiB)


[root@kahn dev]# brctl show
bridge name     bridge id               STP enabled     interfaces
eth0            8000.001aa01b88e1       no              peth0
                                                        vif17.0



******************
 

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.