similar to: routing in xen 3.0 domU: icmp gets routed, but tcp/ip only partially

Hello folks, I have this really strange routing problem that no amount of googling and experimenting has been able to solve. Then again, I''m new to Xen and "advanced" networking, so I could be missing something very basic. Summary: an unprivileged domU with PCI frontend for a NIC is used as a router; icmp gets routed, but tcp/ip only partially. I''m using a

Hi, I have a setup that consist of 2 firewalls connected over dialup and PPP. Each side of the ppp are protected by shorewall. One side of the PPP masquerades everything not addressed to the local network to its eth0 (the net). fw1 <---- ppp (dialup) -----> fw0 <----- NET When making an http request to a site on the Internet from the machine not directly connected to the net (fw1), the

I want to create a network like this: Internet -- physical router -- host (network 192.168.178.x) -- virtual machine dmz -- eth0 (connected to pyshical router) -- eth1 (connect to isolated network 10.0.0.x) -- virtual machine www - eth0 (connect to isolated network 10.0.0.x) [image: network design]

I am not quite sure if this issue relates to iptables, routing or Xen virtual machines. Too many variables for my simple mind, so I'm asking some advice :) This is my network setup: Internet --- eth2 + CentOS dom0 / firewall / router + eth1 (xenbr1) --- LAN with private IPs --- separate file server and workstations + eth0 (xenbr0)

hello there, im running a 3interface inet, dmz, loc. i have some public ip addresses. one public address is the router of the provider, the second one is the linux box running shorewall. all other public interfaces are on the dmz nic with proxy-arp. now whenever i do a traceroute (the dmz boxes are windows, icmp traceroute) the very first hop gets timeout/stars, then the router of the provider

Can someone help me with this problem: My host on the DMZ is inaccessible from the WAN on port 25. I tried to telnet but getting: $ telnet 66.58.99.84 25 Trying 66.58.99.84... telnet: Unable to connect to remote host: No route to host My shorewall/proxyarp is: #address interface external haveroute 66.58.99.82 eth1 eth0 No 66.58.99.84 eth1

The system is Mandrake-9.1 Linux wih gcc-3.2.2. I am trying to compile xenolinux-2.4.24 (with vanilla sources from ftp.kernel.org for linux-2.4.24). The steps of mkbuildtree ARCH=xeno make menuconfig ARCH=xeno make dep produce no errors, but ARCH=xeno make bzImage results in following error messages. Any pointers will be appreciated. -ishwar --- gcc -D__KERNEL__

At some point the Cirrus VGA driver was commented out. Probably for debugging. The patch below adds it back in. It works just fine. Signed-Off-By: Leendert van Doorn <leendert@watson.ibm.com> diff -ru xeno-unstable.orig/tools/ioemu/hw/pc.c xeno-unstable.mine/tools/ioemu/hw/pc.c --- xeno-unstable.orig/tools/ioemu/hw/pc.c 2005-05-25 07:48:57.000000000 -0400 +++

I''ve just finished Xeno-HOWTO which contains a detailed list of instructions on how to setting up Xen and XenoLinux, from downloading Bitkeeper, compilation of Xen, XenoLinux, tools to configuration, start and stop of new domains. A complete version has just been pushed in xeno.bk and xeno-1.1.bk in our Laboratory. A partital version is already available in

Hey Tom, This is my T-1 slash 27 network btw. How does this look??? for---- net eth0 66.224.62.120 ----dmz eth1 66.224.62.120 This box is for practice Dmz we talked about. with the pratice Dmz server''s Ip 66.224.62.121 routing and interface''s below [root@66-224-62-120 root]# ifconfig eth0 Link encap:Ethernet HWaddr

I''m getting 2 or three of these a day...Any ideas ? The 192.168.250.zz is a eth0:3 on a box that currently only has eth0:1 active Dec 1 15:47:40 machine-name kernel: Shorewall:all2all:REJECT:IN= OUT=eth0 SRC=my.real.ip.addr DST=66.228.216.22 LEN=68 TOS=0x00 PREC=0xC0 TTL=255 ID=12031 PROTO=ICMP TYPE=3 CODE=1 [SRC=66.228.216.22 DST=192.168.250.zz LEN=40 TOS=0x00 PREC=0x00 TTL=46

Hello all I have a somewhat annoying problem with OpenSSH. Now, granted, it's certainly not a bug. I'm just wondering what the best course of action is. At work, we have multiple customers with machines named "fw0", "fs0", etc. This is all good, since it conforms to a standard naming scheme, so it's easier to administrate. However, when we go to our

Hello, I''m trying to write a module to play with hypercall. So I wrote the following module: -------------------------xvifgetinfo.c---------------- /* * xvifgetinfo.c * * The routines in this file are used to get information about virtual * network interface provide by Xen. * */ #include <linux/module.h> #include <linux/init.h> #include <linux/kernel.h>

My sincere apologies to all on this list. After looking for returning packets with tcpdump and not finding ANY I called our provider to confirm our IP assignment. The IP range that I was given by my boss was incorrect. After adjusting the ip assignments, everything is working perfectly. Thank you all for your time in troubleshooting this, and I hope to be able to return the favor at some

Anyone, willing to take a lead on this one, since Tom is taking a rest: " I am hosting all servers by myself. I have five static IP addreses with a DSL line. My DSL router from the ISP provider is configured as bridge, so no traffic is filtered. I checked the logs and getting: Jan 5 23:05:12 gw1 kernel: Shorewall:all2all:REJECT:IN= OUT=eth0 SRC=66.58.99.86 DST=216.35.73.164 LEN=68

Hi all, I have set up a working OpenVPN2 connection between my Server and my gateway at home. Now I want all traffic to be routed through this VPN connection. Currently everything is going through eth1 to the internet (to the gateway of the University which forwards it to the internet :-). We must use a prox-server and because of this I am not abel to watch the real-Media streams on

http://bugzilla.netfilter.org/show_bug.cgi?id=711 Summary: iptables -m iprange causes unknown error Product: netfilter/iptables Version: linux-2.6.x Platform: All OS/Version: All Status: NEW Severity: normal Priority: P5 Component: ip_tables (kernel) AssignedTo: netfilter-buglog at

Hello all, I''ve read the shorewall guides and browsed through the mailing lists, but I haven''t been able to find out if the following is possible or not using shorewall. Our provider has given us 16 IPs + 4 in a separate range for our uplink. I would like to replace that router with a Linux box running shorewall with three interfaces. I want the DMZ to be a standard, routed

Hey Tom, I have successfully set up to servers on a Dmz practice network woohoo :). If I take out the proxyarp option in /etc/shorewall/interfaces Then Dmz can ping outside ip''s on the net but not and of my servers on network 66.224.62.96/27 (Other than its own gateway server 66.224.62.120) The reason I ask is to learn. I thought I would not need the proxyarp option for this to

BTW, the xenlinux-2.6.11.bk''s version is: ChangeSet@1.2085, 2005-05-12 11:10:24-06:00, djm@kirby.fc.hp.com More work on hyperprivops Signed-off-by: Dan Magenheimer <dan.magenheimer@hp.com> Thanks, Kevin >-----Original Message----- >From: xen-devel-bounces@lists.xensource.com >[mailto:xen-devel-bounces@lists.xensource.com] On Behalf Of Tian, Kevin >Sent: Friday,