Devraj Mukherjee
2009-Sep-28 09:29 UTC
[CentOS-virt] IP aliases of CentOS Guests not accessible running 2.6.18-164.el5xen
Hi all, First of all I am posting this on two lists for a reason, because the issue being reported by me could be because of a change delivered by a Kernel update or due to Xen. I have recently managed to update all Xen Guest domains running CentOS 5.3 to the latest bunch of updates + Kernel. My Xen host also runs the same CentOS 5.3 updated to all recent packages. The Guest images in concern had IP aliases assigned to them. Everything worked until I ran the updates and restarted. Since I have restarted the aliased IP addresses are no longer accessible from the outside world, they can still be accessed from all machines (guest virtual machines) in the subnet (ping, services like http). I have removed all firewall rules to test if that would have effected it without any change (any the fact that I can access them within the subnet proves its not the firewall). Is there anything special I have to do to enable aliasing? May be this is a Xen issue? I am suspecting the Xen host, but not sure how to go about proving this. Any information would be greatly appreciated. My Guests do run fail2ban (delivered via atrpms) and iptables (allowing only HTTP, HTTPS and SSH) connections. PS for obvious reasons I am not posting IP addresses and routes etc first up, I can make that information available if required. -- "The secret impresses no-one, the trick you use it for is everything" - Alfred Borden (The Prestiege)
Christopher G. Stach II
2009-Sep-28 13:19 UTC
[CentOS-virt] IP aliases of CentOS Guests not accessible running 2.6.18-164.el5xen
----- "Devraj Mukherjee" <devraj at gmail.com> wrote:> Since I have restarted the aliased IP addresses are no longer > accessible from the outside world, they can still be accessed from > all > machines (guest virtual machines) in the subnet (ping, services like > http). > > I have removed all firewall rules to test if that would have effected > it without any change (any the fact that I can access them within the > subnet proves its not the firewall).Assuming you are using bridging, do you see ingress packets at dom0's ethernet interface(s), dom0's bridge(s), and the guests' interfaces? If so, do you see the guests' reply packets where you expect them? -- Christopher G. Stach II
Seemingly Similar Threads
- IP aliases of CentOS Guests not accessible running 2.6.18-164.el5xen
- Domain0 with Kernel 2.6.18-92.1.22.el5xen fails to boot Guests with Kernel 2.6.18-164.el5xen
- Activity logger for Xen Guest Domains using libvirt
- mounting images created using dd that contain two partitions
- Fail2Ban