similar to: DOMU loses outside connection

Package: xen-utils-common Version: 4.8.3+comet2+shim4.10.0+comet3-1+deb9u5 Severity: important Tags: patch security -- System Information: Debian Release: 9.4 APT prefers stable APT policy: (990, 'stable'), (500, 'stable-updates') Architecture: amd64 (x86_64) Kernel: Linux 4.9.0-6-amd64 (SMP w/4 CPU cores) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8),

errors from /var/log/xcp-xapi.log: 652Z|debug||1227 UNIX /var/lib/xcp/xapi|VM.start R:0b98978366e4|xapi] creating device emulator 652Z|debug||1227 UNIX /var/lib/xcp/xapi|VM.start R:0b98978366e4|xenops] Device.Dm.start domid=10 661Z|debug||1227 UNIX /var/lib/xcp/xapi|VM.start R:0b98978366e4|xenops] qemu-dm: should be running in the background (stdout redirected to syslog) 661Z|debug||1227 UNIX

Hello, I am having some routing troubles with my Xen setup. I have two domUs, one running as a firewall and another running as a dmz: The dom0 has the following: - eth0 bridge (10.0.0.3/24) The domU-firewall has the following: - Direct passthrough PCI NIC (Public Internet) - Virtual NIC connected to the eth0 bridge on dom0 (10.0.0.1/24) - Bridge called brdmz for the dmz zone (10.0.2.1/24)

Hello with XEN 3.4.x antispoof=yes works on a bridge setup. I am using this line in xend-config.sxp (network-script ''network-bridge antispoof=yes'') It creates this under IPTABLES FORWARD chain: ACCEPT all -- anywhere anywhere PHYSDEV match --physdev-in peth0 Under XEN 4.0.1 it is not working, it does not create a IPTABLES rule. Customers can

Hi folks, I am trying to get antispoofing running on xen3 (based on Debian Sarge). This is what I have done to enable it: 1. I have compiled a dom0 kernel with CONFIG_NETFILTER_XT_MATCH_PHYSDEV=m 2. I made sure this module is loaded: lsmod gives xt_physdev (among others). 3a. I have changed the line "(network-script network-bridge)" to "(network-script network-bridge

Hi folks, I started testing the antispoof feature of xen stable (2.0.7). I am stuck with it. I have setup a standard bridged environment. I understood it like this: in domU config I set up the virtual NIC like vif = [ ''mac=ae:00:00:78:78:78, ip=192.168.0.100'' ] Then I configure /etc/network/interface of this domU to show the same IP address for eth0. After restarting

http://bugzilla.netfilter.org/show_bug.cgi?id=814 Summary: rpfilter blocks broadcast packets Product: netfilter/iptables Version: unspecified Platform: x86_64 OS/Version: Gentoo Status: NEW Severity: normal Priority: P5 Component: ip_tables (kernel) AssignedTo: netfilter-buglog at

https://bugzilla.netfilter.org/show_bug.cgi?id=814 Florian Westphal <fw at strlen.de> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |fw at strlen.de --- Comment #1 from Florian Westphal <fw at strlen.de> 2013-04-12 10:24:14 CEST --- (In reply

Hello: I just gave 3 tries at compiling a xen kernel. I managed to get the networking in the host to work ok on the third try, unfortuately xend gives me the following errors in my xend.log and will not start. Any ideas? It fails to start with the following error ---------------------------------------------------- /usr/sbin/xend [root@localhost ~]# /usr/sbin/xend start Traceback (most recent

Hi! Maybe, I found a bug of xen. My system: - domain0 - gentoo - xen-devel-3.0, kernel 2.6.12.5-r1 - domain1 - debian - kernel 2.6.12.5-r1 (2 interface: vif1.1 = eth0 (0.0.0.0), vif1.2 = eth1 (10.0.1.1 + gw 10.0.1.2)) Bridge: xen-br0 (config as 10.0.1.2) include (vif1.2, vif0.0) xen-br1 (config as 0.0.0.0) include (vif1.1, peth0) On server domain1 I use a pppoe server. If a send a pppoe request

Hello all, I would like to use two network interfaces. It is working but I notice that both bridges hace the same id. #brctl show bridge name bridge id STP enabled interfaces xenbr0 8000.feffffffffff no peth0 vif0.0 vif10.0 xenbr1

Hello, I''m still having problems with my ''upgrade'' to the FC4 xen packages. I have a domain with two virtual network interfaces, in two different subnets. For a domain with a single interface, the new networkd setup script works fine, but it does work (for me) with two interfaces. It used to work fine, and I used to set it up with simply by more or less blindly doing

Processing commands for control at bugs.debian.org: > forcemerge 613540 698841 Bug #613540 [xen-utils-common] xen-utils-common: iptables rules missing for qemu tap interfaces Bug #698841 [xen-utils-common] xen-utils-common: HVM networking for ioemu devices is blocked when antispoof is on Severity set to 'normal' from 'important' Marked as fixed in versions xen/4.2.1-1. Marked

When start a domU through xl create. The domU associated ip in the configuration file is not recorded in the xenstore. For this reason vif-common.sh antispoof scripts fails. *xl create * /usr/bin/xenstore-ls /local/domain/0/backend/vif/5/0 frontend = "/local/domain/5/device/vif/0" frontend-id = "5" online = "1" state = "4" script =

Package: xen-utils-common Version: 4.1.3-8 Severity: important When antispoof is set to 'on', the vif-common script does not create an ALLOW firewall rule for the emulated vif devices. This means that HVM nodes, unless a Xen PV driver is installed and running, cannot access the external network. The vif-common script creates an ACCEPT entry for the normal vif device (e.g. vif4.0) but not

I'm just one of those weirdos, who wanna make a powerfull queues shaper (not QoS but near) with ipfw2 on their freebsd 4.x-stable. My server is using frequently used configuration with NAT+FW ADSL router with one external ip on external network interface (we're using ADSL modem in bringe mode). I've configured single pipe, configured queues to use that pipe, add queues with different

Hi, how would I make it so that a particular virtual network interface of dom0 is attached to a particular bridge created for a particular VM? When I start the VM with 'virsh start <domU>', I get interfaces vif1.0, vif1.1 and vif1.2. After shutting down domU with 'virsh shutdown <domU>' and starting it again as before, the virtual network interfaces are vif2.0,

Hello, When start a domU through xl create. The domU associated ip in the configuration file is not recorded in the xenstore. For this reason vif-common.sh antispoof scripts fails. *xl create * /usr/bin/xenstore-ls /local/domain/0/backend/vif/5/0 frontend = "/local/domain/5/device/vif/0" frontend-id = "5" online = "1" state = "4" script =

Hi ! What is the best way to use eth1 of my dom0 in my domU ? i tried that in Dom0 but bridge don''t want comes up : ./xen-network-common.sh "network-bridge net-dev=eth1 bridge=brint virtnum=1" Thanks Michael _______________________________________________ Xen-devel mailing list Xen-devel@lists.xensource.com http://lists.xensource.com/xen-devel

This patch adds an ACM hook into the network scripts (/etc/xen/scripts). It adds iptables rules that enforce mandatory access control on network packets exchanged between virtual interfaces. If ACM is active, this patch sets the default FORWARD policy in Dom0 to DROP and adds iptables ACCEPT rules between vifs that belong to domains that are permitted to share (determined by using the