Andrew Eross
2011-Oct-06 18:20 UTC
[Xen-users] XPC ip address on dom0 xenbr0 inaccessible from other local hosts
Hi guys,
I have a hopefully simple question that I can''t quite figure out.
I want to run a network service on my XCP dom0.
This is fine, I''ve setup the service and it''s accessible from
dom0 itself.
However, if I try to connect to the service from another host on the same
physical local network, I always get "unable to route to host".
In this case below, vh01 is the host with the service, and vh02 is another
XCP host on the same physical switch and subnet.
[root@vh01 ~]# ifconfig
eth0 Link encap:Ethernet HWaddr 00:13:72:1A:5F:D4
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:12639 errors:0 dropped:0 overruns:0 frame:0
TX packets:10968 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:2452496 (2.3 MiB) TX bytes:7793328 (7.4 MiB)
Interrupt:17
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:9986 errors:0 dropped:0 overruns:0 frame:0
TX packets:9986 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:4963416 (4.7 MiB) TX bytes:4963416 (4.7 MiB)
vif3.0 Link encap:Ethernet HWaddr FE:FF:FF:FF:FF:FF
UP BROADCAST RUNNING NOARP MTU:1500 Metric:1
RX packets:2538 errors:0 dropped:0 overruns:0 frame:0
TX packets:3366 errors:0 dropped:64 overruns:0 carrier:0
collisions:0 txqueuelen:32
RX bytes:2583572 (2.4 MiB) TX bytes:1504727 (1.4 MiB)
xenbr0 Link encap:Ethernet HWaddr 00:13:72:1A:5F:D4
inet addr:192.168.41.21 Bcast:192.168.41.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:8693 errors:0 dropped:0 overruns:0 frame:0
TX packets:5177 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:883646 (862.9 KiB) TX bytes:4931726 (4.7 MiB)
[root@vh01 ~]# telnet 192.168.41.21 3493
Trying 192.168.41.21...
Connected to 192.168.41.21.
Escape character is ''^]''.
NOW trying from another host...
[root@vh02 ~]# telnet 192.168.41.21 3493
Trying 192.168.41.21...
telnet: connect to address 192.168.41.21: No route to host
Is there something basic I''m doing wrong here to be able to access my
41.21
address from another host?
Thank you,
Andrew
Andrew Eross
CTO
Locatrix Communications
eross@locatrix.com
_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users
Steve Allison
2011-Oct-06 19:04 UTC
Re: [Xen-users] XPC ip address on dom0 xenbr0 inaccessible from other local hosts
On 06/10/2011 19:20, Andrew Eross wrote:> Hi guys, > > I have a hopefully simple question that I can''t quite figure out. > > I want to run a network service on my XCP dom0. > > This is fine, I''ve setup the service and it''s accessible from dom0 > itself. > > However, if I try to connect to the service from another host on the > same physical local network, I always get "unable to route to host". > > In this case below, vh01 is the host with the service, and vh02 is > another XCP host on the same physical switch and subnet. > > [root@vh01 ~]# ifconfig > eth0 Link encap:Ethernet HWaddr 00:13:72:1A:5F:D4 > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > RX packets:12639 errors:0 dropped:0 overruns:0 frame:0 > TX packets:10968 errors:0 dropped:0 overruns:0 carrier:0 > collisions:0 txqueuelen:1000 > RX bytes:2452496 (2.3 MiB) TX bytes:7793328 (7.4 MiB) > Interrupt:17 > > lo Link encap:Local Loopback > inet addr:127.0.0.1 Mask:255.0.0.0 > UP LOOPBACK RUNNING MTU:16436 Metric:1 > RX packets:9986 errors:0 dropped:0 overruns:0 frame:0 > TX packets:9986 errors:0 dropped:0 overruns:0 carrier:0 > collisions:0 txqueuelen:0 > RX bytes:4963416 (4.7 MiB) TX bytes:4963416 (4.7 MiB) > > vif3.0 Link encap:Ethernet HWaddr FE:FF:FF:FF:FF:FF > UP BROADCAST RUNNING NOARP MTU:1500 Metric:1 > RX packets:2538 errors:0 dropped:0 overruns:0 frame:0 > TX packets:3366 errors:0 dropped:64 overruns:0 carrier:0 > collisions:0 txqueuelen:32 > RX bytes:2583572 (2.4 MiB) TX bytes:1504727 (1.4 MiB) > > xenbr0 Link encap:Ethernet HWaddr 00:13:72:1A:5F:D4 > inet addr:192.168.41.21 Bcast:192.168.41.255 > Mask:255.255.255.0 > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > RX packets:8693 errors:0 dropped:0 overruns:0 frame:0 > TX packets:5177 errors:0 dropped:0 overruns:0 carrier:0 > collisions:0 txqueuelen:0 > RX bytes:883646 (862.9 KiB) TX bytes:4931726 (4.7 MiB) > > [root@vh01 ~]# telnet 192.168.41.21 3493 > Trying 192.168.41.21... > Connected to 192.168.41.21. > Escape character is ''^]''. > > NOW trying from another host... > > [root@vh02 ~]# telnet 192.168.41.21 3493 > Trying 192.168.41.21... > telnet: connect to address 192.168.41.21 <http://192.168.41.21>: No > route to host > > Is there something basic I''m doing wrong here to be able to access my > 41.21 address from another host? > > Thank you, > Andrew > > Andrew Eross > CTO > Locatrix Communications > eross@locatrix.com <mailto:eross@locatrix.com> > > > > _______________________________________________ > Xen-users mailing list > Xen-users@lists.xensource.com > http://lists.xensource.com/xen-usersOn the host show us the output for "brctl show" On the guest with connectivity issues, show us "ip route" or "route" output -- May the ping be with you .. _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
Andrew Eross
2011-Oct-06 19:11 UTC
Re: [Xen-users] XPC ip address on dom0 xenbr0 inaccessible from other local hosts
Hi Steve,
I''m actually trying to connect to a network service running on the dom0
itself.. not the domU, so no guests involved.
However, "brctl" on dom0 shows:
dom0:
[root@vh01 nagios]# brctl show
bridge name bridge id STP enabled interfaces
xenbr0 0000.0013721a5fd4 no eth0
vif4.0
Cheers,
Andrew
Andrew Eross
CTO
Locatrix Communications
Office: +61 7 3123 1469
Mobile: +55 11 8654 7834
eross@locatrix.com
On Thu, Oct 6, 2011 at 4:04 PM, Steve Allison
<xen-users@stalks.nooblet.org>wrote:
> On 06/10/2011 19:20, Andrew Eross wrote:
>
> Hi guys,
>
> I have a hopefully simple question that I can''t quite figure out.
>
> I want to run a network service on my XCP dom0.
>
> This is fine, I''ve setup the service and it''s accessible
from dom0
> itself.
>
> However, if I try to connect to the service from another host on the same
> physical local network, I always get "unable to route to host".
>
> In this case below, vh01 is the host with the service, and vh02 is
> another XCP host on the same physical switch and subnet.
>
> [root@vh01 ~]# ifconfig
> eth0 Link encap:Ethernet HWaddr 00:13:72:1A:5F:D4
> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
> RX packets:12639 errors:0 dropped:0 overruns:0 frame:0
> TX packets:10968 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:1000
> RX bytes:2452496 (2.3 MiB) TX bytes:7793328 (7.4 MiB)
> Interrupt:17
>
> lo Link encap:Local Loopback
> inet addr:127.0.0.1 Mask:255.0.0.0
> UP LOOPBACK RUNNING MTU:16436 Metric:1
> RX packets:9986 errors:0 dropped:0 overruns:0 frame:0
> TX packets:9986 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:0
> RX bytes:4963416 (4.7 MiB) TX bytes:4963416 (4.7 MiB)
>
> vif3.0 Link encap:Ethernet HWaddr FE:FF:FF:FF:FF:FF
> UP BROADCAST RUNNING NOARP MTU:1500 Metric:1
> RX packets:2538 errors:0 dropped:0 overruns:0 frame:0
> TX packets:3366 errors:0 dropped:64 overruns:0 carrier:0
> collisions:0 txqueuelen:32
> RX bytes:2583572 (2.4 MiB) TX bytes:1504727 (1.4 MiB)
>
> xenbr0 Link encap:Ethernet HWaddr 00:13:72:1A:5F:D4
> inet addr:192.168.41.21 Bcast:192.168.41.255 Mask:255.255.255.0
> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
> RX packets:8693 errors:0 dropped:0 overruns:0 frame:0
> TX packets:5177 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:0
> RX bytes:883646 (862.9 KiB) TX bytes:4931726 (4.7 MiB)
>
> [root@vh01 ~]# telnet 192.168.41.21 3493
> Trying 192.168.41.21...
> Connected to 192.168.41.21.
> Escape character is ''^]''.
>
> NOW trying from another host...
>
> [root@vh02 ~]# telnet 192.168.41.21 3493
> Trying 192.168.41.21...
> telnet: connect to address 192.168.41.21: No route to host
>
> Is there something basic I''m doing wrong here to be able to
access my
> 41.21 address from another host?
>
> Thank you,
> Andrew
>
> Andrew Eross
> CTO
> Locatrix Communications
> eross@locatrix.com
>
>
>
> _______________________________________________
> Xen-users mailing
listXen-users@lists.xensource.comhttp://lists.xensource.com/xen-users
>
>
>
> On the host show us the output for "brctl show"
>
> On the guest with connectivity issues, show us "ip route" or
"route" output
>
> --
> May the ping be with you ..
>
>
> _______________________________________________
> Xen-users mailing list
> Xen-users@lists.xensource.com
> http://lists.xensource.com/xen-users
>
_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users
Steve Allison
2011-Oct-06 19:16 UTC
Re: [Xen-users] XPC ip address on dom0 xenbr0 inaccessible from other local hosts
On 06/10/2011 20:11, Andrew Eross wrote:> Hi Steve, > > I''m actually trying to connect to a network service running on the > dom0 itself.. not the domU, so no guests involved. > >Show us "ip route" and "ipconfig" on the other machine that can''t connect. -- May the ping be with you .. _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
Steve Allison
2011-Oct-06 19:16 UTC
Re: [Xen-users] XPC ip address on dom0 xenbr0 inaccessible from other local hosts
> > Show us "ip route" and "ipconfig" on the other machine that can''t > connect. >ifconfig* -- May the ping be with you .. _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
Andrew Eross
2011-Oct-06 19:19 UTC
Re: [Xen-users] XPC ip address on dom0 xenbr0 inaccessible from other local hosts
[root@vh02 ~]# ip route
192.168.41.0/24 dev xenbr0 proto kernel scope link src 192.168.41.114
169.254.0.0/16 dev xenbr0 scope link
default via 192.168.41.254 dev xenbr0
[root@vh02 ~]# ifconfig
eth0 Link encap:Ethernet HWaddr 00:13:72:99:EA:A7
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:79287250 errors:0 dropped:24 overruns:0 frame:0
TX packets:58493941 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:1275175262 (1.1 GiB) TX bytes:1098962471 (1.0 GiB)
Interrupt:16
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:22431836 errors:0 dropped:0 overruns:0 frame:0
TX packets:22431836 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:1169929418 (1.0 GiB) TX bytes:1169929418 (1.0 GiB)
vif4.0 Link encap:Ethernet HWaddr FE:FF:FF:FF:FF:FF
UP BROADCAST RUNNING NOARP MTU:1500 Metric:1
RX packets:1724388 errors:0 dropped:0 overruns:0 frame:0
TX packets:2062490 errors:0 dropped:1199 overruns:0 carrier:0
collisions:0 txqueuelen:32
RX bytes:389050097 (371.0 MiB) TX bytes:576753284 (550.0 MiB)
xenbr0 Link encap:Ethernet HWaddr 00:13:72:99:EA:A7
inet addr:192.168.41.114 Bcast:192.168.41.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:25497613 errors:0 dropped:0 overruns:0 frame:0
TX packets:12556923 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:2428491486 (2.2 GiB) TX bytes:859773638 (819.9 MiB)
Interestingly, I can ping the other host..
[root@vh02 ~]# ping 192.168.41.21
PING 192.168.41.21 (192.168.41.21) 56(84) bytes of data.
64 bytes from 192.168.41.21: icmp_seq=1 ttl=64 time=0.387 ms
Both hosts are XCP 1.0 and plugged directly into the same physical switch.
Just not route anything to it..
Thanks!
Andrew
Andrew Eross
CTO
Locatrix Communications
Office: +61 7 3123 1469
Mobile: +55 11 8654 7834
eross@locatrix.com
On Thu, Oct 6, 2011 at 4:16 PM, Steve Allison
<xen-users@stalks.nooblet.org>wrote:
>
>
>> Show us "ip route" and "ipconfig" on the other
machine that can''t connect.
>>
>>
> ifconfig*
>
>
> --
> May the ping be with you ..
>
>
> ______________________________**_________________
> Xen-users mailing list
> Xen-users@lists.xensource.com
>
http://lists.xensource.com/**xen-users<http://lists.xensource.com/xen-users>
>
_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users
Steve Allison
2011-Oct-06 19:27 UTC
Re: [Xen-users] XPC ip address on dom0 xenbr0 inaccessible from other local hosts
On 06/10/2011 20:19, Andrew Eross wrote:> > Interestingly, I can ping the other host.. > > [root@vh02 ~]# ping 192.168.41.21 > PING 192.168.41.21 (192.168.41.21) 56(84) bytes of data. > 64 bytes from 192.168.41.21 <http://192.168.41.21>: icmp_seq=1 ttl=64 > time=0.387 ms > > Both hosts are XCP 1.0 and plugged directly into the same physical switch. > > Just not route anything to it.. > >Hmm, interesting! I''d go for the other obvious, and that is iptables. Checking both filter and nat chains. Have tcpdump or tshark running on vh01 and see if the packets are arriving to the machine. It could be an ACL of XCP which denies connectivity with an ICMP "destination unreachable", however I am not familiar with XCP but I''m sure someone else on the list can chime in for you. -- May the ping be with you .. _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
Andrew Eross
2011-Oct-06 19:35 UTC
Re: [Xen-users] XPC ip address on dom0 xenbr0 inaccessible from other local hosts
Good god why didn''t I think about iptables...never occurred to me that XCP might ship with iptables built in.. And guess what, that was it. Default XCP iptables looks like this: target prot opt source destination ACCEPT all -- anywhere anywhere ACCEPT icmp -- anywhere anywhere icmp any ACCEPT esp -- anywhere anywhere ACCEPT ah -- anywhere anywhere ACCEPT udp -- anywhere 224.0.0.251 udp dpt:mdns ACCEPT udp -- anywhere anywhere udp dpt:ipp ACCEPT tcp -- anywhere anywhere tcp dpt:ipp ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT udp -- anywhere anywhere state NEW udp dpt:ha-cluster ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:http ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:https REJECT all -- anywhere anywhere reject-with icmp-host-prohibited Just had to fix that up and poof now I have connectivity to my service. Thanks a heap mate! On Thu, Oct 6, 2011 at 4:27 PM, Steve Allison <xen-users@stalks.nooblet.org>wrote:> On 06/10/2011 20:19, Andrew Eross wrote: > > > Interestingly, I can ping the other host.. > > [root@vh02 ~]# ping 192.168.41.21 > PING 192.168.41.21 (192.168.41.21) 56(84) bytes of data. > 64 bytes from 192.168.41.21: icmp_seq=1 ttl=64 time=0.387 ms > > Both hosts are XCP 1.0 and plugged directly into the same physical > switch. > > Just not route anything to it.. > > > > Hmm, interesting! I''d go for the other obvious, and that is iptables. > Checking both filter and nat chains. > > Have tcpdump or tshark running on vh01 and see if the packets are arriving > to the machine. > > It could be an ACL of XCP which denies connectivity with an ICMP > "destination unreachable", however I am not familiar with XCP but I''m sure > someone else on the list can chime in for you. > > > -- > May the ping be with you .. > > > _______________________________________________ > Xen-users mailing list > Xen-users@lists.xensource.com > http://lists.xensource.com/xen-users >_______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users