Re: [Xen-users] Question regarding xen networking (bonding, xen-bridging)

["Simon Hobson" <linux@xxxxxxxxxxxxxxxx>]

Jonas Meurer wrote:

>  On the dom0 LAN connection works as expected. Gateway responds, 
>connection to the internet works. Dom0 and domU see each other.
>
>But from domU, everything beyond the dom0 is unreachable, e.g. the 
>gateway doesn't respond. MAC address from the domU is propagated to 
>switches and gateway, I can see it in the arp table. In other words, the 
>packets from domU find their way out, but the responding packets don't 
>find their way back. A quick look at the iptables rules on dom0 give me 
>the impression, that dom0 doesn't know how to handle packets for domU:
>
># iptables -L FORWARD
>Chain FORWARD (policy ACCEPT)
>target   prot opt source     destination
>ACCEPT   all  --  anywhere   anywhere   PHYSDEV match --physdev-out 
>vif1.0 --physdev-is-bridged
>ACCEPT   udp  --  anywhere   anywhere   PHYSDEV match --physdev-in 
>vif1.0 --physdev-is-bridged udp spt:bootpc dpt:bootps
>ACCEPT   all  --  anywhere   anywhere   PHYSDEV match --physdev-out 
>vif1.0 --physdev-is-bridged
>ACCEPT   all  --  <DOMU-IP>  anywhere   PHYSDEV match --physdev-in 
>vif1.0 --physdev-is-bridged
>
>
>The last rule seems to accept packets with domU-IP as source, but I 
>cannot find a rule which handles incoming packets for domU. In other 
>words, the dom0 doesn't know what to do with packets for the domU. Is my 
>assumption correct? If yes, why is this the case? Is it related to 
>interface bonding?

I think you've answered your own question there. For testing purposes, clear 
iptables and see if everything starts working.

There is something in the standard scripts that is supposed to manipulate 
iptables rules when guest domains are started/stopped (there is the option of 
specifying "ip-a.b.c.d" in the VIF declaration), but I've never looked into it.

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxx
http://lists.xen.org/xen-users