Hi! I''m using the following setup on my host: The eth0 interface has a public ip and is not part of the xen-br0 which has a private ip in the range that all domU''s use and funktions as their gateway. I route between eth0 and xen-br0, use masquerading on eth0 so that the domU''s can connect to the internet and use prerouting to redirect ports of the public ip to the domU''s. With xen-2.0.7 all works fine, with xen-testing the packets don''t get masqueraded when the leave eth0. They are reaching the domU''s, which reply, but then the packets are leaving eth0 (not masqueraded) with the private address.>From inside a domU I can ping/ssh other hosts on the internet, so thenmasquerading works. What can this be? Is this xen related or maybe (because of another kernelversion (2.6.11.12 vs. 2.6.12)) kernel-related? I tried the binary-version of both (2.0.7 and testing) and compiled testing myself with the same configuration of the running 2.0.7. It does not work. Thanks Patrick _______________________________________________ Xen-devel mailing list Xen-devel@lists.xensource.com http://lists.xensource.com/xen-devel
I''m seeing a similar issue with testing in a bridging setup. Outgoing ssh connection fail from dom0 to function unless iptables is turned off. The same ssh connections and settup from domU seem to work. [nic@stateless:~] sudo iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination ACCEPT all -- anywhere stateless state RELATED,ESTABLISHED ACCEPT icmp -- anywhere stateless state NEW ACCEPT tcp -- anywhere stateless state NEW tcp dpt:ssh I''m also seeing some connection issues with incoming http connections in domU. Nothing persistent, and I haven''t had time to track down the problem yet by reverting to 2.0.7. (version: 3518:9d3927f57bb2, kernel 2.6.12) -- Nicholas Lee http://stateless.geek.nz gpg 8072 4F86 EDCD 4FC1 18EF 5BDD 07B0 9597 6D58 D70C _______________________________________________ Xen-devel mailing list Xen-devel@lists.xensource.com http://lists.xensource.com/xen-devel
On 9/7/05, Nicholas Lee <emptysands@gmail.com> wrote:> I''m seeing a similar issue with testing in a bridging setup.I discovered that a configuration error was probably causing this. I''d specified ..:00:101 and ..:00:01 as vif MAC addresses for two separate domains. There both reduced to 00:01. I also reverted to 2.0.7, so once I get a chance I''ll try it again with 2.0.8-testing. -- Nicholas Lee http://stateless.geek.nz gpg 8072 4F86 EDCD 4FC1 18EF 5BDD 07B0 9597 6D58 D70C _______________________________________________ Xen-devel mailing list Xen-devel@lists.xensource.com http://lists.xensource.com/xen-devel