similar to: network traffic can''t be seen by iptables when no bridge presents

This patch adds an ACM hook into the network scripts (/etc/xen/scripts). It adds iptables rules that enforce mandatory access control on network packets exchanged between virtual interfaces. If ACM is active, this patch sets the default FORWARD policy in Dom0 to DROP and adds iptables ACCEPT rules between vifs that belong to domains that are permitted to share (determined by using the

Hi, I''ve bit the bullet and gone with Xen, but I get some odd networking. Basically, this was the original idea. eth0 external eth1 internal create bridge br0 for eth0 create bridge br1 for eth1 Strip IP addresses for eth0 and eth1 and assign to br0 and br1 respectively. Worked great in a non-xen kernel under Fedora 8 in KVM/Qemu. Booting into Xen, my eth1 becomes eth2, I also get

Hi list, i''ve been migrating our RAID1 system onto bigger drives. Therefor I''ve setup a new dom0 with a 2.6.32-5-xen-amd64 kernel and Xen in version 4.0, because there was a 2.6.19 kernel and xen 3.0.1 causing problems time by time. My main problem is, that the domU running our intranet services (webserver, mail, databases etc) is not responding or rejecting each attempt to

Package: xcp-xapi Version: 1.3.2-14 Severity: important I chose the Open vSwitch (ovs) networking mode when I installed XCP # cat /etc/xcp/network.conf openvswitch Whenever I boot a VM, I notice that the vif interface is created (e.g. vif1.0) on dom0, and the vif is added to the ovs bridge (I can see it in the output of ovs-vsctl show) However, there is no connectivity, I can't ping the

Problem still not solved, or any idea whats wrong. here are some msgs: device vif1.0 entered promiscuous mode alloc irq_desc for 1246 on node 0 alloc kstat_irqs on node 0 brI: port 2(vif1.0) entering learning state device vif1.1 entered promiscuous mode brE: port 2(vif1.1) entering learning state physdev match: using --physdev-out in the OUTPUT, FORWARD and POSTROUTING chains for

Hi, I would like to know if somebody can point me out how to configure several DomUs in a private LAN (for example 192.168.100.0/24) and one DomU with two interfaces (one - 192.168.100.0/24 and two - internet). So far I have enabled in xend-config.sxp: (network-script network-route) (vif-script vif-route) My config files have: /mnt/VM/1.cfg:vif = [''ip=192.168.1.3'']

Here is the situation. I have a xen system with 2 drives setup in a RAID1. I pulled one drive and put it into an identical server. Now, when I boot up the new server, peth1 is not created. [root@dom0 ~]# ifconfig | grep Link eth1 Link encap:Ethernet HWaddr 00:14:38:A7:55:C2 inet6 addr: fe80::214:38ff:fea7:55c2/64 Scope:Link lo Link encap:Local Loopback vif1.0 Link

My domains dont see any traffic until you try to connect out from within the domain. Tried this several times and it was consistent. I have no firewall either. running each domain on different cpu probably doesn''t help, although Im no network expert. Here is some info. ================ [root@a root]# xm info system : Linux host : a.b.com release

Hi , this probably was asked many times before , but here it goes.. Until now i was using dsl_qos_queue - http://www.sonicspike.net/software/ Which limits outbound traffic and does packet priorites with iptables using MARKed packets.. works very well , I run a ftpserver + webserver so it''s usefull to set these 2 with lowest priority and my multiplayer gaming running on certain UDP ports

Hi folks, I read quite some posts about "Destination host unreachable" problems before, but none could help me to solve my issue. So here we go: This is what I am using: SUSE Linux Enterprise Desktop 10 SP1 - Current with all updates Network configuration of my dom0: foobar:~ # ip a 1: lo: <LOOPBACK,UP> mtu 16436 qdisc noqueue link/loopback 00:00:00:00:00:00 brd

Hello everybody, I have an odd problem with iptables using a Xen bridge setup. I don''t know if it would be better to post to netfilter Mailing-List. But I hope someone here know how to solve it. If it''s OT here, please let me know. I''ll try to do a little bit ASCII-Graphics to explain the topo better: _________ ________

Hi, I am trying to shape traffic to two VMs hosted in Xen. There seems to be very little information regarding this. I found this web page http://www.ioncannon.net/system-administration/57/limiting-bandwidth-usa ge-on-xen-linux-setup/ and followed the instructions. But, the real bandwidth experienced from clients always seems to exceed the set rate. Part of the problem may be because of the way

Hi, I thought I'd query this here before opening a bug I installed XCP wheezy and imported a couple of my domU instances I chose to use Open vSwitch (ovs) networking mode I notice that each vif is created (e.g. vif1.0, vif2.0) when the domU boots. However, they are not bridged. As a hack, I just do brctl addif xenbr0 vif1.0 and then my domU is reachable. But I realise I should not

Pardon me for a long detailed post but this looks pretty serious. The bottom line is that, when I attempt to shut down or reboot my simple xen-2.0.7 server running FC3 with two domUs, shutting down xendomains appears to send python into an infinite loop. This may be due to a serious misconfiguration on my part but it is certainly a big problem. If we shutdown the domUs manually first, the

Hi, this is propably bridge related and not really a xen problem, but it might help someone: Some of our domUs are not able to arp. Arp -n show (incomplete), and doing a tcpdump shows, that on the dom0''s eth0 the arp request goes out, the response comes in, but on the vifX.0 interface the arp response is gone. dom0# tcpdump -ni eth0 arp who-has 10.32.2.51 tell 10.32.7.70 arp reply

Hello, I have problems with installation of my second DomU. I cannot ping it from the outside world and I cannot access outside world from this domain. I see it from Dom0 and my first DomU, same as my second DomU can ping Dom0 and my first DomU. I use xen 3.0.3 on ubuntu 6 LTS. DomU is running on debian. I also network-bridge script in the xend config.

I seem to be stumped on this one. I have TCP packets destined to my external interface from 127.0.0.1 (Ack+Reset zero data) with source MAC of my default gateway and I can't seem to block this traffic. Snort picked up the traffic and I have confirmed with tcpdump. So I decided I needed to examine my anti-spoof rules. I already had this one deny ip from any to 127.0.0.0/8 in recv

Usually I use a dedicated NIC for dom0 management, with another NIC using vlans for domU, and bridges created using Redhat''s /etc/sysconfig/network-scripts/ifcfg-*. All works great. Now I''m testing a new machine with Xen 3.4, using only one NIC for both dom0 and domU traffic, bridged networking, IPv6 disabled. The result was not so good: I kept on getting "eth0: received

Hello, I''ve recently changed my xen network setup and now, almost expectedly, my configuration has broken access to the Domus from the network, and now I need a little help. Previously, I had four interfaces, only one of which was configured to be used by both dom0 and domu. I have since created a bond between eth2 and eth3, expecting that eth0 would be automatically assigned for use

Hello there, I''ve got a problem regarding my XEN network setup. First of all, I''ll just tell you what doesn''t work: the access to a forwarded (natted) port (e.g. port 80 http) of a dom (no matter if dom0 or domU) to the servers external ip address (from "inside") does not work (connection refused). Here''s the layout of my xen virtual network: