similar to: so close! just an iptables rule away.....?

Hi, I''ve been making leaps and strides with Xen on FC4. It has been easy to get installed and to start our first virtual host. I''ve got one outstanding issue with iptables that is preventing me progressing further. This is a colo''d server. It has s single NIC with public IPs. The bridge is set to come up binding vif* <> xen-br0 <> eth1. I can start a

Hi, I'm not sure but I think I suffer under the same problem with a bit different setup with squeeze testing and xen 4.0rc5. In fact I'm using bridges in the dom0 and the connections to the domU get lost sporadically. In don't see where's a solution to the problem... Is it now a bug? When it's an iptables bug, where's the corresponding bug in the iptables bugtracker

Hi, i have problems with the network between pv-domains and the real network. I done an upgrade with apt-get in debian an now i have xen4.1 with kernel 3.2.9 first i must chance the vif-bridge script from http://nopaste.php-q.net/194087 to http://nopaste.php-q.net/194084 now i have a connection from pv to dom0 and the windows hvm, but no connection between physical network an the pv

Package: xen-utils-common Version: 3.0.3-0-2 Severity: normal I cannot find a use the network-nat and vif-nat provided in the general case, where I'd like to NAT between vifx.0 and ethx interfaces. I have setup the following in /etc/xen/xend-config.sxp : ## Use the following if network traffic is routed with NAT, as an alternative # to the settings for bridged networking given above.

Hi, I have taken the long and winding road and indeed it lead me to your door. I need your help, please. My Xen includes 2 guests. Xen itself (10.2.0.52) gets free access to the outside world and to its guests. Both guests however (10.2.0.54/10.2.0.55) see each other but stay under house arrest! Not a single ping manages to go past the bridge (xenbr0) and get an answer from the default gateway

Hello All, I am trying to implement OpenVPN on Fedora core Linux 3 with the latest pathces installed. This server is used only as firewall/internet gateway/proxy/VPN server, with kernel 2.6.1-1.27.FC3 and kernel 2.6.1-1.27.FC3 SMP It has two NIC''s eth0 (10.0.0.150) connected to ADSL, eth1 (192.168.3.12) connected to the local network. I use shorewall 2.4 on this machine. I like to test

Hi, I would like to know if somebody can point me out how to configure several DomUs in a private LAN (for example 192.168.100.0/24) and one DomU with two interfaces (one - 192.168.100.0/24 and two - internet). So far I have enabled in xend-config.sxp: (network-script network-route) (vif-script vif-route) My config files have: /mnt/VM/1.cfg:vif = [''ip=192.168.1.3'']

Hi, I'm trying to configure nwfilter for KVM, but so far I haven't managed to figure out a working configuration. Network setup: The dom0 (Debian 7.1, kernel 3.2.46-1, libvirt 0.9.12) is connected via eth0, part of the external subnet 192.168.17.0/24, and has an additional subnet 192.168.128.160/28 routed to its main address 192.168.17.125. The host's subnet is configured as bridge

Hi, I have a Centos5 machine running xen 3.0.3-41 with two NICs each on its own subnet: 192.168.1.x and 192.168.0.x. All DomUs can talk to each other OK through two xen bridges. There are 3 DomUs: Dom0, Dom1 and Dom2 The scenario: I''m trying to capture packets on Dom2 on 192.168.0.x from external devices that are sending SIP stuff to Dom1, but fail to capture any packets. I

CentOS 5.5 Xen "standard" Xen Installation. I have two nics. I just put the second one to DHCP and modified the ifcfg-et01 and so far I am holding, but I am not confident. Prior they were sequential IP Addrs on same subnet. arpwatch has indicated flip flips. I can find no rhyme or reason to predict them. I know I missed I must have missed a step somewhere. I want to keep the

Hi all! After upgrading to Squeeze, I am watching a Xen VMHost that after a while it hangs. This did not happen when I was using Xen with Debian Lenny (in this case as with Squeeze, the Xen components are from Debian repositories). In each case I connected a keyboard and monitor to the computer and the screen remained black without answering any key. This problem seems to also affect domUs,

Hello, I''ve installed on a debian squeeze server, xen 4 with one VM which run in route mode configuration with an IP failover. I wanted to create another VM which turn in nat mode, so I make that : - I let my xend-config.sxp with : (network-script ''network-route netdev=eth0'') (vif-script vif-route) because my first VM is the most important.... For the second, I

Hi, I contact you as i have difficulties to use nwfilter with KVM host. I want to implemente flow filtering between my Linux guests. I created the following filter : cat admin-dmz-internet.xml <filter name='admin-dmz-internet'> <!-- this zone is an SSH ingoing only zone --> <!-- but SSH can go to an other SSH proxy --> <filterref

Hello list, I''m using xen2.6 with a 2.6.11 kernel my config: kernel = "/boot/vmlinuz-2.6.11-xenU" memory = 1280 name = "s51" nics=1 vif = [ ''ip=82.149.232.51,mac=00:E0:81:29:71:3D'' ] disk = [ ''file:/home/xen/51/diskimage,sda1,w'', ''file:/home/xen/51/swapimage,sda2,w'',

(if this post gets line-feed-mangled please read http://www.dl.reneschmidt.de/shorewallxenpost.txt - that''s an unmangled version, thank you) Hello, first I would like to thank the Mr. Eastep and contributors for this great piece of software and superb documentation. I have a SOHO server (Debian testing) that I''m using for several purposes so I''ve set up a Xen

This patch adds an ACM hook into the network scripts (/etc/xen/scripts). It adds iptables rules that enforce mandatory access control on network packets exchanged between virtual interfaces. If ACM is active, this patch sets the default FORWARD policy in Dom0 to DROP and adds iptables ACCEPT rules between vifs that belong to domains that are permitted to share (determined by using the

Package: xen-utils-common Version: 4.8.3+comet2+shim4.10.0+comet3-1+deb9u5 Severity: important Tags: patch security -- System Information: Debian Release: 9.4 APT prefers stable APT policy: (990, 'stable'), (500, 'stable-updates') Architecture: amd64 (x86_64) Kernel: Linux 4.9.0-6-amd64 (SMP w/4 CPU cores) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8),

Hi, I have a suspicious problem with multiple uplinks configuration. First of all my configuration: 1) kernel 2.6.20.3 2) iptables 1.3.7 3) last iproute (for masked marks) All wan interfaces are bridged (stp disabled) in only one interface (wan0), all lan interfaces are bridged (stp enabled) in only one interface (zlan0). The wan0 bridge is to allow UPnP works. To allow related

Trying to use the policy drop rule with the bridged firewall, when I removed the first line the transparent proxy works great? It seems a bit strange as from reading several articles on it I thought the following occurs. 1st line - if it doest match it gets dropped on the local filter input. 2nd line - redirects the traffic off the link layer into the network layer ready for line 3. 3rd line -

Hi, I have a new xen hosting platform. I have given the bridge a static IP which I can ping/ssh to etc, when I create a new vm all works well apart from the networking. If I give DomU a static IP I can''t ping out from the box, Dom0 can''t ping the vm. I''m suspecting it just isn''t seeing the bridge but am unsure where to start looking. This is a very standard