Displaying 20 results from an estimated 60000 matches similar to: "iptables -P FORWARD DROP on dom0 stops all traffic"
2006 Nov 25
0
dom0 iptables FORWARD default DROP?
Hello,
What is the best policy for the FORWARD chain in dom0 iptables?
Can I use a default DROP policy?
I notice when domains are created it adds the extra rules to the
FORWARD chain, to
allow traffic to the guests. However, if iptables is restarted, all
these rules are lost.
Do I need a rule per VPS, or can I use a single catch all to handle all of them?
2008 Feb 07
1
Filtering traffic to Xen guest machines
Hello.
I''ve just started using Xen. My configuration is plain simple: I''ve got a
Centos 5 Host with Xen and a single virtual machine which also uses Centos 5.
Both of them have real IPs of the same real network.
Now, I have to delegate the server administration to an external company which
I don''t trust, so I''d want to filter any connection started by the
2008 Sep 03
6
eth0 on dom0 not working on a bridged conf
Hi,
I''ve installed xen 3.0.3 from packages (xen-linux-system) on a debian
etch, and i''ve configured it with network-bridge script in the default
way (netdev=eth0, bridge=xenbr0, etc...) which is ok for me.
the problem I have:
I cannot ping any outer machine from dom0 (nor any outer machine can
ping me). It gives me a "Destination Host Unreachable" message that
2007 Feb 04
2
Traffic Shaping: Ingress qdisc not working in Dom0 (3.0.4-1)
Hello,
i noticed that the ingress qdisc is not working properly anymore in
3.0.4-1 (back in 3.0.2 the ingress qdisc was working for me):
Install the ingress qdisc to peth0:
# tc add qdisc dev peth0 ingress
... generate some traffic ...
# tc -s qdisc show dev peth0
qdisc pfifo_fast 0: bands 3 priomap 1 2 2 2 1 2 0 0 1 1 1 1 1 1 1 1
Sent 324884 bytes 1749 pkt (dropped 0, overlimits 0 requeues
2010 Jul 20
0
Xen bridge + iptables FORWARD
Hi all,
I have Xen 3.2 newly installed on Lenny with network bridging configured.
When I built my first VM, I found it couldn''t connect to the Internet. This
turned out to be because my dom0''s iptables was configured to DROP all
packets on the FORWARD chain (when I removed that, it started working).
The "Xen Networking" page on the wiki describes this exact situation
2006 May 24
3
Problems booting a 32bit domU kernel on a Debian sarge amd64 x86_64 dom0 host.
I installed Debian sarge amd64 on a Intel em64t processor machines and have
been using the Xen 3.0 packages in backports.org.
I can boot a 32 bit guest OS fine if I use the
vmlinuz-2.6.16-1-xen-em64t-p4kernel, but when trying to use the stock
vmlinuz-2.6.16-xen from their binary tarball, or building it from the source
package I get the following error:
xentest:/var/log# xm create debian0.cfg -c
2012 Apr 27
1
iptables drop on virtual host
Does this work?
adding DROP to iptables on the virtual host's iptables, before the phys
bridge....will it prevent those ips from getting to the bridged part of
iptables? Or would a different syntax be used?
-A INPUT -s 66.77.65.128/26 -j DROP
-I FORWARD -m physdev --physdev-is-bridged -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with
2009 May 04
1
dom0 iptables
Ok, I am setting up a new dom0 at a colo provider and usually the colo
facility acts as my gateway, but at this new one, the provider is
recommending that I use the server as its own gateway. That unfortunately
doesnt work to well when it comes to iptables and my domU''s. IPtables do not
support virtual interfaces, so I can''t just white list them unfortunately. I
have tried many
2007 Feb 16
1
Sucessful IPtables config on Dom0 anyone?
Hi,
we are trying to secure our Xen boxes with IPtables on Dom0 but we always seem to get cut off and
can only cure it be rebooting the box.
Has anyone got a sucessful config they can share that secures the server with one nic?
We are using Xen 3.0.4
thanks
Ian
_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
2006 Aug 26
0
FC5 -- Xen 3.0.2 -- iptables with dom0 and domU
Situation:
Running a simple UDP client/server program where the client on one domU on
one computer sends echo packets to another domU on another computer,
server sends echoes back. They do this on a specified port (will use any
port between 5000-6000). This program works on non-Xen machines in
various environments, Linux and Solaris. Program just hangs on the domUs.
I believe I need help with
2006 Dec 04
1
dom0 uses 98% of the CPU''s with o without any domU''s
Hi all,
Using xentop you can see dom0 uses 98% of the CPU''s with o without any
domU''s running.
Using top on dom0 shows cpu nearly 100% idle
The pc has an intel dual core processor running xen3.0.2
Booting a domU and domU performance is bad.
Any ideas please?
Chris.
_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
2007 Feb 11
2
No /dev/net/tun in dom0
I have a dom0 with Debian Etch, created with Xen-tools, that I want to
use as a OpenVPN-server.
I cannot start the openvpn-deamon, it cannot open the TUN/TAP dev
/dev/net/tun
The dom0 does not have a directory /dev/net and if I create it, it is
away after the next reboot.
Can I get a staying /dev/net/tun in the dom0 ?
--
Morten Christensen
_______________________________________________
2010 Feb 26
1
Bug#571634: xen-utils-common - using --physdev-out in the OUTPUT, FORWARD and POSTROUTING chains for non-bridged traffic
Package: xen-utils-common
Version: 3.4.2-2
Severity: important
The network setup uses not longer supported iptables operations:
| physdev match: using --physdev-out in the OUTPUT, FORWARD and POSTROUTING chains for non-bridged traffic is not supported anymore.
--
Those who hate and fight must stop themselves -- otherwise it is not stopped.
-- Spock, "Day of the Dove", stardate
2012 Dec 07
0
Processed: Traffic forwarding issue between Xen domU/dom0
Processing commands for control at bugs.debian.org:
> retitle 679533 Traffic forwarding issue between Xen domU/dom0
Bug #679533 [xen-hypervisor-4.0-amd64] Traffic forwarding issue between Xen domU/dom0 and ovs
Changed Bug title to 'Traffic forwarding issue between Xen domU/dom0' from 'Traffic forwarding issue between Xen domU/dom0 and ovs'
> thanks
Stopping processing here.
2008 Apr 22
0
slow traffic over bridged interface dom0/domU
Hi,
I am using xen 3.1.3 on a Celeron, a netbsd 4.0 dom0, and netbsd 4.0
and slackware 11 (with 2.6.18.8-xen kernel) domU''s, and a bridge to
communicate between those. I noticed traffic between (both ways)
netbsd dom0/domU is rather slow (4Mb/s max), and traffic from the
linux domU to dom0 is about 18Mb/s, while traffic from dom0 to the
linux domU is rather slow again (4Mb/s max). Any
2012 Dec 07
0
Bug#679533: Traffic forwarding issue between Xen domU/dom0
retitle Traffic forwarding issue between Xen domU/dom0
thanks
This week again this bug occurred again so we are trying to create some
kind of reproduce algorithm.
First we've created two virtual machines named
koekiemonster.bofh.hq.mendix.net and netappsim.bofh.hq.mendix.net. We've
added 29 vifs to koekiemonster.bofh.hq.mendix.net.
During this tests we've always had a ping
2012 Dec 10
0
Bug#679533: Traffic forwarding issue between, Xen domU/dom0
Obviously i meant hyperthreading. Probably need more coffee:)
--
Frank Baalbergen - System / Network Administrator
T +31 (0)10 2760434 | frank.baalbergen at mendix.com | www.mendix.com
2018 Mar 25
8
Bug#894013: xen-utils-common: issue with iptables antispoofing rules in xen4.8 generated by vif-bridge and vif-common.sh
Package: xen-utils-common
Version: 4.8.3+comet2+shim4.10.0+comet3-1+deb9u5
Severity: important
Tags: patch security
-- System Information:
Debian Release: 9.4
APT prefers stable
APT policy: (990, 'stable'), (500, 'stable-updates')
Architecture: amd64 (x86_64)
Kernel: Linux 4.9.0-6-amd64 (SMP w/4 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8),
2008 Nov 03
1
Forward all traffic from public IP A to public IP B?
Need help.
Im trying to forward all traffic to a public server(A) to another public
server(B) except traffic to port 22. Found this on google but cant get
it to work. Could someone help me please.
Server A has one NIC server B has one NIC. Do i need 2 NICS in server A.
#!/bin/sh
iptables -F
iptables -F INPUT
iptables -F OUTPUT
iptables -F FORWARD
iptables -X
iptables -F -t nat
iptables -P
2017 Mar 10
0
[Bug 1129] New: iptables outgoing SNAT works for a while then stops working completely for a while
https://bugzilla.netfilter.org/show_bug.cgi?id=1129
Bug ID: 1129
Summary: iptables outgoing SNAT works for a while then stops
working completely for a while
Product: netfilter/iptables
Version: unspecified
Hardware: x86_64
OS: Debian GNU/Linux
Status: NEW
Severity: enhancement