similar to: so close! an iptables rule away.....

Hi, I''ve been making leaps and strides with Xen on FC4. It has been easy to get installed and to start our first virtual host. I''ve got one outstanding issue with iptables that is preventing me progressing further. This is a colo''d server. It has s single NIC with public IPs. The bridge is set to come up binding vif* <> xen-br0 <> eth1. I can start a

Hi. I have three Ubuntu Server 14.04 trusty with KVM. Two of them are HP servers and one is Dell. Both brands run fine the KVM virtual servers, and I can do live migration between the HPs. But I get I/O errors in the vda when I migrate to or from the Dell server. I have shared storage with NFS, mounted the same way in all of them: nfs.sever:/kvm /var/lib/libvirt/images nfs auto,vers=3 I

Howdy, I had this working with lots of help for a developer before (Charles Lepple), but after upgrading to a somewhat more current version of FreeBSD the patched-up version stopped working. Seeing as this was more than a few years ago, I thought I'd give a new libusb and NUT a try to see if it might work out of the box. So far, no luck. Some info: FreeBSD 6.3 libusb 0.1.12 NUT 2.4.1

On Mon, 15 Dec 2003, jw schultz <jw@pegasys.ws> wrote: > OK, first pass on TODO complete. .... > PERFORMANCE ---------------------------------------------------------- .... > Traverse just one directory at a time > > Traverse just one directory at a time. Tridge says it's possible. > > At the moment rsync reads the whole file list into memory at the >

This patch adds an ACM hook into the network scripts (/etc/xen/scripts). It adds iptables rules that enforce mandatory access control on network packets exchanged between virtual interfaces. If ACM is active, this patch sets the default FORWARD policy in Dom0 to DROP and adds iptables ACCEPT rules between vifs that belong to domains that are permitted to share (determined by using the

Happy New Year. Finally got my fw and tc rules down pat for the bridge, now interested in introducing a third nic to have nat on the box as well. Does anyone have a idea of a good place to start reading up on the subject, mainly interested in how to setup the flow direction to start with as to get a overall understanding of the flow, found that help best. Internet --- eth0 --- eth1 ---

Dear all, I have running a DOM-0 on debian squeeze with the most recent kernel: Linux 2.6.32-5-xen-amd64 #1 SMP On 30% of all reboots the system hangs and only a reset helps. acpi=off as an additional kernel parameter solves this problem, but the usb keyboard of the installed ip-kvm is not found then. with acpi=off Ican find a lot stuff like: [ 7.098747] uhci_hcd 0000:00:1d.2: UHCI Host

Hi Having a problem trying to figure out how to shape local services running on the debian box (asterisk, squid etc) as currently the voice only seems to be getting shaped one way when making external calls. For example I have the rules below (these are the matching rules only not the actual policy rules): #Create Chain for local traffic (outbound) /sbin/iptables -t mangle -A match-all -m

Hello, I have this problem: when my mail server on the DMZ starts a connection to the internet it''s ip (213.58.230.26) is "masqueraded" with the firewall ip (213.58.230.50). I wouldn''t mind but there is a one customer who rejects the connection because it makes reverse dns and finds no dns entry for the firewall ip. How can i correct this? Thanks, MSantos shorewall

Hi, I'm not sure but I think I suffer under the same problem with a bit different setup with squeeze testing and xen 4.0rc5. In fact I'm using bridges in the dom0 and the connections to the domU get lost sporadically. In don't see where's a solution to the problem... Is it now a bug? When it's an iptables bug, where's the corresponding bug in the iptables bugtracker

(if this post gets line-feed-mangled please read http://www.dl.reneschmidt.de/shorewallxenpost.txt - that''s an unmangled version, thank you) Hello, first I would like to thank the Mr. Eastep and contributors for this great piece of software and superb documentation. I have a SOHO server (Debian testing) that I''m using for several purposes so I''ve set up a Xen

A note to confirm that "-m physdev --physdev-is-bridged" in the iptables command does enable iptables to work in a bridged environment. I was fighting the same problem and this indeed solved it. Below is my test script running on a two NIC Debian 3.1 266MHz bridge. Before adding the physdev flag, only the "tc filter" commands worked but now the iptables commands also

Problem still not solved, or any idea whats wrong. here are some msgs: device vif1.0 entered promiscuous mode alloc irq_desc for 1246 on node 0 alloc kstat_irqs on node 0 brI: port 2(vif1.0) entering learning state device vif1.1 entered promiscuous mode brE: port 2(vif1.1) entering learning state physdev match: using --physdev-out in the OUTPUT, FORWARD and POSTROUTING chains for

Package: xen-utils-common Version: 4.8.3+comet2+shim4.10.0+comet3-1+deb9u5 Severity: important Tags: patch security -- System Information: Debian Release: 9.4 APT prefers stable APT policy: (990, 'stable'), (500, 'stable-updates') Architecture: amd64 (x86_64) Kernel: Linux 4.9.0-6-amd64 (SMP w/4 CPU cores) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8),

I recently encountered this in the logs of a new Debian Xen Dom0, and having now spent the better part of a day researching and testing, I've come to the conclusion that this is not a bug in xen-utils-common or even iptables; it's merely the consequence of structural changes to the core netfilter code starting in the 2.6.20 kernel. This is rather long, but the issue is complicated. Please

https://bugzilla.netfilter.org/show_bug.cgi?id=1143 Bug ID: 1143 Summary: physdev extension not working Product: iptables Version: 1.4.x Hardware: x86_64 OS: Debian GNU/Linux Status: NEW Severity: normal Priority: P5 Component: iptables Assignee: netfilter-buglog at

Hi all, I have Xen 3.2 newly installed on Lenny with network bridging configured. When I built my first VM, I found it couldn''t connect to the Internet. This turned out to be because my dom0''s iptables was configured to DROP all packets on the FORWARD chain (when I removed that, it started working). The "Xen Networking" page on the wiki describes this exact situation

Hi, I contact you as i have difficulties to use nwfilter with KVM host. I want to implemente flow filtering between my Linux guests. I created the following filter : cat admin-dmz-internet.xml <filter name='admin-dmz-internet'> <!-- this zone is an SSH ingoing only zone --> <!-- but SSH can go to an other SSH proxy --> <filterref

Hello list, I''m using xen2.6 with a 2.6.11 kernel my config: kernel = "/boot/vmlinuz-2.6.11-xenU" memory = 1280 name = "s51" nics=1 vif = [ ''ip=82.149.232.51,mac=00:E0:81:29:71:3D'' ] disk = [ ''file:/home/xen/51/diskimage,sda1,w'', ''file:/home/xen/51/swapimage,sda2,w'',

Hi, Over the past few days I've been trying to get a prototype working of a stateful firewall for a Virtual Machine using Libvirt's network filters. My goal is to replace the current custom Python/Java code in the Apache CloudStack [0] project by Network Filters of Libvirt. Both IPv4 and IPv6 should work, but I started off with IPv4 and I have issues with accepting back