Matthew Donovan
2008-Jun-27 13:53 UTC
[Xen-devel] Compiling from source and networking problem - SOLVED ?
Because I had recompiled Xen a few times and even tried installing it from packages, I wasn''t sure about the state of the machine, so I just blew it out, and reinstalled (FC 8) from scratch. I compiled Xen (3.2 - testing) and installed a Fedora VM, still no networking. I checked my iptables rules and saw that the first rule in the FORWARD chain rejected everything. I deleted that rule and the VM''s networking came right up. I''m not an iptables expert but looking at the FORWARD chain I originally sent out, it looks like that may have been the original problem as well. ORIGINAL FORWARD CHAIN: Chain FORWARD (policy ACCEPT) target prot opt source destination ACCEPT all -- anywhere 192.168.122.0/24 state RELATED,ESTABLISHED ACCEPT all -- 192.168.122.0/24 anywhere ACCEPT all -- anywhere anywhere REJECT all -- anywhere anywhere reject-with icmp-port-unreachable REJECT all -- anywhere anywhere reject-with icmp-port-unreachable ACCEPT all -- anywhere 192.168.122.0/24 state RELATED,ESTABLISHED ACCEPT all -- 192.168.122.0/24 anywhere ACCEPT all -- anywhere anywhere REJECT all -- anywhere anywhere reject-with icmp-port-unreachable REJECT all -- anywhere anywhere reject-with icmp-port-unreachable ACCEPT all -- anywhere 192.168.122.0/24 state RELATED,ESTABLISHED ACCEPT all -- 192.168.122.0/24 anywhere ACCEPT all -- anywhere anywhere REJECT all -- anywhere anywhere reject-with icmp-port-unreachable REJECT all -- anywhere anywhere reject-with icmp-port-unreachable REJECT all -- anywhere anywhere reject-with icmp-host-prohibited ACCEPT all -- anywhere anywhere PHYSDEV match --physdev-in vif2.0 There are a lot of REJECT rules before the rule that accepts to/from vif2.0. So I''m guessing that the ACCEPT from anywhere to anywhere rules don''t include traffice to/from the virtual interface? -matthew> -----Original Message----- > From: Matthew Donovan [mailto:matthew@atc-nycorp.com] > Sent: Tuesday, June 24, 2008 11:02 AM > To: Keir Fraser; xen-devel > Subject: RE: [Xen-devel] Compiling from source and networking problem > > Networking for an HVM linux guest (FC 8) also does not work. > One thing I''m > seeing on the linux guest (and I don''t know if it matters) is > that every > time I boot it, the ethernet interface number increases: > eth0, eth1, eth2, > eth3. > > -matthew > > > > -----Original Message----- > > From: Keir Fraser [mailto:keir.fraser@eu.citrix.com] > > Sent: Friday, June 13, 2008 3:32 PM > > To: Matthew Donovan; xen-devel > > Subject: Re: [Xen-devel] Compiling from source and > networking problem > > > > Networking for Windows guests should work straightforwardly > > ''out of the > > box''. Have you been able to get networking going with any > > other type of > > guest: e.g., Linux, WinXP? > > > > -- Keir > > > > On 13/6/08 18:50, "Matthew Donovan" <matthew@atc-nycorp.com> wrote: > > > > > Hey, > > > > > > I was originally asking questions on xen-users but no one > > seems to have any > > > idea about this so I figured I''d try this list. > > > > > > I compiled Xen from source (3.2 testing) on an Intel > > machine running Fedora > > > Core 8 and have discovered that my guest (Windows Vista) > > does not have a > > > network connection. > > > > > > Looking at various online documentation and a machine that > > does work, I > > > guessed that I needed dnsmasq and libvirtd installed. I > > did that (and I > > > think it''s configured correctly i.e. it runs when the > > machine boots and has > > > the same flags as the machine that works) and still nothing > > (i.e. domU does > > > not have a network connection). I installed libvirt from > > source and got the > > > Fedora package for dnsmasq. > > > > > > Most of the documentation I''ve found for networking is old > > and doesn''t seem > > > to reflect what Xen is doing. Most sources refer to xenbr0 > > while only a > > > couple places mention that eth0 becomes the bridge and > > peth0 is now the > > > interface that dom0 uses. > > > > > > It''s possible that I have remnants of my attempt to get Xen > > working from > > > rpm''s on this system. I don''t know if that would screw > > anything up or not. > > > > > > Is there an up-to-date reference for how Xen networking is > > done? I''ve read > > > the XenNetworking Wiki page through repeatedly and can''t glean the > > > appropriate trouble-shooting information from it. > > > > > > In the VM I''ve tried configuring it for DHCP and giving it > > a static IP. > > > Neither do anything. > > > > > > Should I just format the computer and start from scratch? > > > > > > I''m at my wit''s end here. > > > Any help is appreciated. > > > -matthew > > > > > > Some other details: > > > My _current_ guest config specifies networking as: > > > > > > dhcp="dhcp" > > > vif=[ ''type=ioemu, bridge=xenbr0'' ] > > > > > > > > > /etc/xen/xend-config.sxp says: > > > (network-script network-bridge) > > > (vif-script vif-bridge) > > > > > > My guest is currently running and "brctl show" output: > > > [root@moosen ~]# brctl show > > > bridge name bridge id STP enabled interfaces > > > eth0 8000.0019b932c635 no peth0 > > > tap0 > > > vif2.0 > > > virbr0 8000.000000000000 yes > > > > > > > > > Iptables output: > > > > > > [root@moosen ~]# iptables -L > > > Chain INPUT (policy ACCEPT) > > > target prot opt source destination > > > ACCEPT udp -- anywhere anywhere > > udp dpt:domain > > > ACCEPT tcp -- anywhere anywhere > > tcp dpt:domain > > > ACCEPT udp -- anywhere anywhere > > udp dpt:bootps > > > ACCEPT tcp -- anywhere anywhere > > tcp dpt:bootps > > > ACCEPT udp -- anywhere anywhere > > udp dpt:domain > > > ACCEPT tcp -- anywhere anywhere > > tcp dpt:domain > > > ACCEPT udp -- anywhere anywhere > > udp dpt:bootps > > > ACCEPT tcp -- anywhere anywhere > > tcp dpt:bootps > > > ACCEPT udp -- anywhere anywhere > > udp dpt:domain > > > ACCEPT tcp -- anywhere anywhere > > tcp dpt:domain > > > ACCEPT udp -- anywhere anywhere > > udp dpt:bootps > > > ACCEPT tcp -- anywhere anywhere > > tcp dpt:bootps > > > RH-Firewall-1-INPUT all -- anywhere anywhere > > > > > > Chain FORWARD (policy ACCEPT) > > > target prot opt source destination > > > ACCEPT all -- anywhere 192.168.122.0/24 state > > > RELATED,ESTABLISHED > > > ACCEPT all -- 192.168.122.0/24 anywhere > > > ACCEPT all -- anywhere anywhere > > > REJECT all -- anywhere anywhere > > reject-with > > > icmp-port-unreachable > > > REJECT all -- anywhere anywhere > > reject-with > > > icmp-port-unreachable > > > ACCEPT all -- anywhere 192.168.122.0/24 state > > > RELATED,ESTABLISHED > > > ACCEPT all -- 192.168.122.0/24 anywhere > > > ACCEPT all -- anywhere anywhere > > > REJECT all -- anywhere anywhere > > reject-with > > > icmp-port-unreachable > > > REJECT all -- anywhere anywhere > > reject-with > > > icmp-port-unreachable > > > ACCEPT all -- anywhere 192.168.122.0/24 state > > > RELATED,ESTABLISHED > > > ACCEPT all -- 192.168.122.0/24 anywhere > > > ACCEPT all -- anywhere anywhere > > > REJECT all -- anywhere anywhere > > reject-with > > > icmp-port-unreachable > > > REJECT all -- anywhere anywhere > > reject-with > > > icmp-port-unreachable > > > REJECT all -- anywhere anywhere > > reject-with > > > icmp-host-prohibited > > > ACCEPT all -- anywhere anywhere > > PHYSDEV match > > > --physdev-in vif2.0 > > > > > > Chain OUTPUT (policy ACCEPT) > > > target prot opt source destination > > > > > > Chain RH-Firewall-1-INPUT (1 references) > > > target prot opt source destination > > > ACCEPT all -- anywhere anywhere > > > ACCEPT icmp -- anywhere anywhere > > icmp any > > > ACCEPT esp -- anywhere anywhere > > > ACCEPT ah -- anywhere anywhere > > > ACCEPT udp -- anywhere 224.0.0.251 > > udp dpt:mdns > > > ACCEPT udp -- anywhere anywhere > > udp dpt:ipp > > > ACCEPT tcp -- anywhere anywhere > > tcp dpt:ipp > > > ACCEPT all -- anywhere anywhere state > > > RELATED,ESTABLISHED > > > ACCEPT tcp -- anywhere anywhere > > state NEW tcp > > > dpt:ssh > > > REJECT all -- anywhere anywhere > > reject-with > > > icmp-host-prohibited > > > > > > > > > _______________________________________________ > > > Xen-devel mailing list > > > Xen-devel@lists.xensource.com > > > http://lists.xensource.com/xen-devel > > > > > > _______________________________________________ > Xen-devel mailing list > Xen-devel@lists.xensource.com > http://lists.xensource.com/xen-devel >_______________________________________________ Xen-devel mailing list Xen-devel@lists.xensource.com http://lists.xensource.com/xen-devel