|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-users] errors when xend starts
As for the physdev part: It appears to me that at least starting 4.0.1-rc6, some part of Xen tries its best to set up FORWARD chain firewall rules per VM to support scenarios where the default FORWARD chain policy is not ACCEPT. The rules allow DHCP in particular, as well as other traffic. These rules do not suit my needs too good, but then again, not everyone who sets up Xen wants to learn how to use IPTABLES -- and you'll see a LOT of garbage traffic once your NIC is in promiscous mode. You need additional Dom0 FORWARD rules if your VMs use a virtual IP address, and you also want to restrict the traffic which the Xen-made bridge allows. Both aspects are not a problem; you can allow more traffic in Dom0's FORWARD chain (which is used for the bridge), and you can restrict traffic in the DomU's IPTABLES firewall. Hence, I decided to silently live with this default setup (e.g. why allow DHCP packets for a VM with a static IP address?). I trust the maintainers will switch to different bidge rules soon. As I said, I don't need them but they won't do much harm. As for the ACCT warning: As far as I see, it's only a warning, and I presume it originates from one IPTABLES module using another. Will certainly be addressed in the future. Happy Xenning! -------- Original-Nachricht -------- > Datum: Tue, 31 Aug 2010 08:54:51 -0700 > Von: ShaunR <mailinglists@xxxxxxxxxxxxxxxx> > An: xen-users@xxxxxxxxxxxxxxxxxxx > Betreff: [Xen-users] errors when xend starts > When starting xend i see the following errors on the console. I'm > running CentOS 5 as the operating system with kernel 2.6.32.18 from > 4.0.1's `make prep-kernels` > > > Below is a log, the things i'm concerned with is the XENBUS errors and > the deprecated iptables stuff. Any ideas whats going on here? > > ---------------------------------------------------- > Bridge firewalling registered > ADDRCONF(NETDEV_UP): peth0: link is not ready > igb: peth0 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: RX > ADDRCONF(NETDEV_CHANGE): peth0: link becomes ready > device peth0 entered promiscuous mode > eth0: port 1(peth0) entering forwarding state > XENBUS: Unable to read cpu state > XENBUS: Unable to read cpu state > XENBUS: Unable to read cpu state > XENBUS: Unable to read cpu state > XENBUS: Unable to read cpu state > XENBUS: Unable to read cpu state > XENBUS: Unable to read cpu state > XENBUS: Unable to read cpu state > XENBUS: Unable to read cpu state > XENBUS: Unable to read cpu state > XENBUS: Unable to read cpu state > XENBUS: Unable to read cpu state > XENBUS: Unable to read cpu state > XENBUS: Unable to read cpu state > XENBUS: Unable to read cpu state > XENBUS: Unable to read cpu state > peth0: no IPv6 routers present > eth0: no IPv6 routers present > device vif1.0 entered promiscuous mode > eth0: port 2(vif1.0) entering forwarding state > ip_tables: (C) 2000-2006 Netfilter Core Team > nf_conntrack version 0.5.0 (8024 buckets, 32096 max) > CONFIG_NF_CT_ACCT is deprecated and will be removed soon. Please use > nf_conntrack.acct=1 kernel parameter, acct=1 nf_conntrack module option or > sysctl net.netfilter.nf_conntrack_acct=1 to enable it. > physdev match: using --physdev-out in the OUTPUT, FORWARD and > POSTROUTING chains for non-bridged traffic is not supported anymore. > ---------------------------------------------------- > > > ~ShaunR > > > _______________________________________________ > Xen-users mailing list > Xen-users@xxxxxxxxxxxxxxxxxxx > http://lists.xensource.com/xen-users -- GMX DSL SOMMER-SPECIAL: Surf & Phone Flat 16.000 fÃr nur 19,99 €/mtl.!* http://portal.gmx.net/de/go/dsl _______________________________________________ Xen-users mailing list Xen-users@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-users
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |