thr3ads.net - Xen users - [Xen-users] Xen and routing [May 2005]

If this information is useful, please help other people find it:
Share via:

Eric E

2005-May-17 22:08 UTC

[Xen-users] Xen and routing

Hi all,
	I''m just getting started with Xen, and having some problems with
networking.  I installed Xen 2.0.5 from the Suse 9.2 binaries, and have 
been able to boot a domain fine.  I''m hoping to make two domains and 
give them static IP addresses (e.g. 192.168.1.25 and 192.168.1.26) - 
nothing fancy.

When I start the xend service, however, xen''s network script deletes
all
routes associated with eth0, and associates them with xen-br0.
Thereafter I cannot ping or ssh to the machine from any external
machines.  My attempts to delete and recreate routes:

  	route del -net 192.168.1.0 netmask 255.255.255.0
	route add -net 192.168.1.0 netmask 255.255.255.0 eth0
	route del default gw 192.168.1.1
	route add default gw 192.168.1.1 eth0

have been ineffective so far.  When I run the xen network script:
network stop bridge=xen-br0 netdev=eth0
I get connectivity back.

Does anyone have any recommendations for quickly setting up my
routing/bridging to make my two virtual domains available form my network?

Thanks,

Eric


_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users

James Bulpin

2005-May-18 09:15 UTC

head link

Re: [Xen-users] Xen and routing

Eric,

Use yast, or your favourite firewall configurator, to add a custom named
interface of "xen-br0" to the same security zone as eth0. 

If that doesn''t do the trick, please post the output of the following
command in dom0:

iptables -v -L
iptables -v -L -t nat

James

On Tue, 2005-05-17 at 23:08, Eric E wrote:> Hi all,
> 	I''m just getting started with Xen, and having some problems with
> networking.  I installed Xen 2.0.5 from the Suse 9.2 binaries, and have 
> been able to boot a domain fine.  I''m hoping to make two domains
and
> give them static IP addresses (e.g. 192.168.1.25 and 192.168.1.26) - 
> nothing fancy.
> 
> When I start the xend service, however, xen''s network script
deletes all
> routes associated with eth0, and associates them with xen-br0.
> Thereafter I cannot ping or ssh to the machine from any external
> machines.  My attempts to delete and recreate routes:
> 
>   	route del -net 192.168.1.0 netmask 255.255.255.0
> 	route add -net 192.168.1.0 netmask 255.255.255.0 eth0
> 	route del default gw 192.168.1.1
> 	route add default gw 192.168.1.1 eth0
> 
> have been ineffective so far.  When I run the xen network script:
> network stop bridge=xen-br0 netdev=eth0
> I get connectivity back.
> 
> Does anyone have any recommendations for quickly setting up my
> routing/bridging to make my two virtual domains available form my network?
> 
> Thanks,
> 
> Eric
> 
> 
> _______________________________________________
> Xen-users mailing list
> Xen-users@lists.xensource.com
> http://lists.xensource.com/xen-users

_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users

Eric E

2005-May-18 19:52 UTC

head link

Re: [Xen-users] Xen and routing

Hi James,
    Sorry - for some reason I missed this message until now...  I''ve 
reconfigured eth0 in dom1 without specifying a hardware module.  It 
comes up, but still no access into or out of the network...

TIA,

Eric

Dom0:

dom0:/# iptables -n -v -L
Chain INPUT (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               
destination
14613 1342K ACCEPT     all  --  lo     *       0.0.0.0/0            
0.0.0.0/0
 5344  352K ACCEPT     all  --  *      *       0.0.0.0/0            
0.0.0.0/0           state RELATED,ESTABLISHED
    0     0 input_ext  all  --  eth0   *       0.0.0.0/0            
0.0.0.0/0
  588  119K input_ext  all  --  xen-br0 *       0.0.0.0/0            
0.0.0.0/0
    0     0 LOG        all  --  *      *       0.0.0.0/0            
0.0.0.0/0           limit: avg 3/min burst 5 LOG flags 6 level 4 prefix 
`SFW2-IN-ILL-TARGET ''
    0     0 DROP       all  --  *      *       0.0.0.0/0            
0.0.0.0/0

Chain FORWARD (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               
destination
    0     0 TCPMSS     tcp  --  *      *       0.0.0.0/0            
0.0.0.0/0           tcp flags:0x06/0x02 TCPMSS clamp to PMTU
    0     0 TCPMSS     tcp  --  *      *       0.0.0.0/0            
0.0.0.0/0           tcp flags:0x06/0x02 TCPMSS clamp to PMTU
    0     0 forward_ext  all  --  eth0   *       0.0.0.0/0            
0.0.0.0/0
  596  115K forward_ext  all  --  xen-br0 *       0.0.0.0/0            
0.0.0.0/0
    0     0 LOG        all  --  *      *       0.0.0.0/0            
0.0.0.0/0           limit: avg 3/min burst 5 LOG flags 6 level 4 prefix 
`SFW2-FWD-ILL-ROUTING ''
    0     0 DROP       all  --  *      *       0.0.0.0/0            
0.0.0.0/0

Chain OUTPUT (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               
destination
14613 1342K ACCEPT     all  --  *      lo      0.0.0.0/0            
0.0.0.0/0
    0     0 LOG        icmp --  *      *       0.0.0.0/0            
0.0.0.0/0           limit: avg 3/min burst 5 icmp type 11 LOG flags 6 
level 4 prefix `SFW2-OUT-TRACERT-ATTEMPT ''
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            
0.0.0.0/0           icmp type 11
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            
0.0.0.0/0           icmp type 3 code 3
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            
0.0.0.0/0           icmp type 3 code 4
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            
0.0.0.0/0           icmp type 3 code 9
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            
0.0.0.0/0           icmp type 3 code 10
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            
0.0.0.0/0           icmp type 3 code 13
    0     0 DROP       icmp --  *      *       0.0.0.0/0            
0.0.0.0/0           icmp type 3
 6973 1382K ACCEPT     all  --  *      *       0.0.0.0/0            
0.0.0.0/0           state NEW,RELATED,ESTABLISHED
    0     0 LOG        all  --  *      *       0.0.0.0/0            
0.0.0.0/0           limit: avg 3/min burst 5 LOG flags 6 level 4 prefix 
`SFW2-OUT-ERROR ''

Chain forward_dmz (0 references)
 pkts bytes target     prot opt in     out     source               
destination
    0     0 LOG        all  --  *      *       0.0.0.0/0            
0.0.0.0/0           limit: avg 3/min burst 5 state INVALID LOG flags 6 
level 4 prefix `SFW2-FWDdmz-DROP-DEFLT-INV ''
    0     0 DROP       all  --  *      *       0.0.0.0/0            
0.0.0.0/0           state INVALID
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            
0.0.0.0/0           state RELATED icmp type 3
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            
0.0.0.0/0           state RELATED,ESTABLISHED icmp type 0
    0     0 ACCEPT     all  --  *      eth0    0.0.0.0/0            
0.0.0.0/0           state NEW,RELATED,ESTABLISHED
    0     0 ACCEPT     all  --  eth0   *       0.0.0.0/0            
0.0.0.0/0           state RELATED,ESTABLISHED
    0     0 ACCEPT     all  --  *      xen-br0  0.0.0.0/0            
0.0.0.0/0           state NEW,RELATED,ESTABLISHED
    0     0 ACCEPT     all  --  xen-br0 *       0.0.0.0/0            
0.0.0.0/0           state RELATED,ESTABLISHED
    0     0 LOG        tcp  --  *      *       0.0.0.0/0            
0.0.0.0/0           limit: avg 3/min burst 5 tcp flags:0x16/0x02 LOG 
flags 6 level 4 prefix `SFW2-FWDdmz-DROP-DEFLT ''
    0     0 LOG        icmp --  *      *       0.0.0.0/0            
0.0.0.0/0           limit: avg 3/min burst 5 icmp type 4 LOG flags 6 
level 4 prefix `SFW2-FWDdmz-DROP-ICMP-CRIT ''
    0     0 LOG        icmp --  *      *       0.0.0.0/0            
0.0.0.0/0           limit: avg 3/min burst 5 icmp type 5 LOG flags 6 
level 4 prefix `SFW2-FWDdmz-DROP-ICMP-CRIT ''
    0     0 LOG        icmp --  *      *       0.0.0.0/0            
0.0.0.0/0           limit: avg 3/min burst 5 icmp type 8 LOG flags 6 
level 4 prefix `SFW2-FWDdmz-DROP-ICMP-CRIT ''
    0     0 LOG        icmp --  *      *       0.0.0.0/0            
0.0.0.0/0           limit: avg 3/min burst 5 icmp type 13 LOG flags 6 
level 4 prefix `SFW2-FWDdmz-DROP-ICMP-CRIT ''
    0     0 LOG        icmp --  *      *       0.0.0.0/0            
0.0.0.0/0           limit: avg 3/min burst 5 icmp type 17 LOG flags 6 
level 4 prefix `SFW2-FWDdmz-DROP-ICMP-CRIT ''
    0     0 LOG        icmp --  *      *       0.0.0.0/0            
0.0.0.0/0           limit: avg 3/min burst 5 icmp type 2 LOG flags 6 
level 4 prefix `SFW2-FWDdmz-DROP-ICMP-CRIT ''
    0     0 LOG        udp  --  *      *       0.0.0.0/0            
0.0.0.0/0           limit: avg 3/min burst 5 LOG flags 6 level 4 prefix 
`SFW2-FWDdmz-DROP-DEFLT ''
    0     0 DROP       all  --  *      *       0.0.0.0/0            
0.0.0.0/0

Chain forward_ext (2 references)
 pkts bytes target     prot opt in     out     source               
destination
    0     0 LOG        all  --  *      *       0.0.0.0/0            
0.0.0.0/0           limit: avg 3/min burst 5 state INVALID LOG flags 6 
level 4 prefix `SFW2-FWDext-DROP-DEFLT-INV ''
    0     0 DROP       all  --  *      *       0.0.0.0/0            
0.0.0.0/0           state INVALID
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            
0.0.0.0/0           state RELATED icmp type 3
    4   336 ACCEPT     icmp --  *      *       0.0.0.0/0            
0.0.0.0/0           state RELATED,ESTABLISHED icmp type 0
    0     0 ACCEPT     all  --  *      eth0    0.0.0.0/0            
0.0.0.0/0           state NEW,RELATED,ESTABLISHED
    0     0 ACCEPT     all  --  eth0   *       0.0.0.0/0            
0.0.0.0/0           state RELATED,ESTABLISHED
  592  115K ACCEPT     all  --  *      xen-br0  0.0.0.0/0            
0.0.0.0/0           state NEW,RELATED,ESTABLISHED
    0     0 ACCEPT     all  --  xen-br0 *       0.0.0.0/0            
0.0.0.0/0           state RELATED,ESTABLISHED
    0     0 LOG        tcp  --  *      *       0.0.0.0/0            
0.0.0.0/0           limit: avg 3/min burst 5 tcp flags:0x16/0x02 LOG 
flags 6 level 4 prefix `SFW2-FWDext-DROP-DEFLT ''
    0     0 LOG        icmp --  *      *       0.0.0.0/0            
0.0.0.0/0           limit: avg 3/min burst 5 icmp type 4 LOG flags 6 
level 4 prefix `SFW2-FWDext-DROP-ICMP-CRIT ''
    0     0 LOG        icmp --  *      *       0.0.0.0/0            
0.0.0.0/0           limit: avg 3/min burst 5 icmp type 5 LOG flags 6 
level 4 prefix `SFW2-FWDext-DROP-ICMP-CRIT ''
    0     0 LOG        icmp --  *      *       0.0.0.0/0            
0.0.0.0/0           limit: avg 3/min burst 5 icmp type 8 LOG flags 6 
level 4 prefix `SFW2-FWDext-DROP-ICMP-CRIT ''
    0     0 LOG        icmp --  *      *       0.0.0.0/0            
0.0.0.0/0           limit: avg 3/min burst 5 icmp type 13 LOG flags 6 
level 4 prefix `SFW2-FWDext-DROP-ICMP-CRIT ''
    0     0 LOG        icmp --  *      *       0.0.0.0/0            
0.0.0.0/0           limit: avg 3/min burst 5 icmp type 17 LOG flags 6 
level 4 prefix `SFW2-FWDext-DROP-ICMP-CRIT ''
    0     0 LOG        icmp --  *      *       0.0.0.0/0            
0.0.0.0/0           limit: avg 3/min burst 5 icmp type 2 LOG flags 6 
level 4 prefix `SFW2-FWDext-DROP-ICMP-CRIT ''
    0     0 LOG        udp  --  *      *       0.0.0.0/0            
0.0.0.0/0           limit: avg 3/min burst 5 LOG flags 6 level 4 prefix 
`SFW2-FWDext-DROP-DEFLT ''
    0     0 DROP       all  --  *      *       0.0.0.0/0            
0.0.0.0/0

Chain forward_int (0 references)
 pkts bytes target     prot opt in     out     source               
destination
    0     0 LOG        all  --  *      *       0.0.0.0/0            
0.0.0.0/0           limit: avg 3/min burst 5 state INVALID LOG flags 6 
level 4 prefix `SFW2-FWDint-DROP-DEFLT-INV ''
    0     0 DROP       all  --  *      *       0.0.0.0/0            
0.0.0.0/0           state INVALID
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            
0.0.0.0/0           state RELATED icmp type 3
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            
0.0.0.0/0           state RELATED,ESTABLISHED icmp type 0
    0     0 ACCEPT     all  --  *      eth0    0.0.0.0/0            
0.0.0.0/0           state NEW,RELATED,ESTABLISHED
    0     0 ACCEPT     all  --  eth0   *       0.0.0.0/0            
0.0.0.0/0           state RELATED,ESTABLISHED
    0     0 ACCEPT     all  --  *      xen-br0  0.0.0.0/0            
0.0.0.0/0           state NEW,RELATED,ESTABLISHED
    0     0 ACCEPT     all  --  xen-br0 *       0.0.0.0/0            
0.0.0.0/0           state RELATED,ESTABLISHED
    0     0 LOG        tcp  --  *      *       0.0.0.0/0            
0.0.0.0/0           limit: avg 3/min burst 5 tcp flags:0x16/0x02 LOG 
flags 6 level 4 prefix `SFW2-FWDint-DROP-DEFLT ''
    0     0 LOG        icmp --  *      *       0.0.0.0/0            
0.0.0.0/0           limit: avg 3/min burst 5 icmp type 4 LOG flags 6 
level 4 prefix `SFW2-FWDint-DROP-ICMP-CRIT ''
    0     0 LOG        icmp --  *      *       0.0.0.0/0            
0.0.0.0/0           limit: avg 3/min burst 5 icmp type 5 LOG flags 6 
level 4 prefix `SFW2-FWDint-DROP-ICMP-CRIT ''
    0     0 LOG        icmp --  *      *       0.0.0.0/0            
0.0.0.0/0           limit: avg 3/min burst 5 icmp type 8 LOG flags 6 
level 4 prefix `SFW2-FWDint-DROP-ICMP-CRIT ''
    0     0 LOG        icmp --  *      *       0.0.0.0/0            
0.0.0.0/0           limit: avg 3/min burst 5 icmp type 13 LOG flags 6 
level 4 prefix `SFW2-FWDint-DROP-ICMP-CRIT ''
    0     0 LOG        icmp --  *      *       0.0.0.0/0            
0.0.0.0/0           limit: avg 3/min burst 5 icmp type 17 LOG flags 6 
level 4 prefix `SFW2-FWDint-DROP-ICMP-CRIT ''
    0     0 LOG        icmp --  *      *       0.0.0.0/0            
0.0.0.0/0           limit: avg 3/min burst 5 icmp type 2 LOG flags 6 
level 4 prefix `SFW2-FWDint-DROP-ICMP-CRIT ''
    0     0 LOG        udp  --  *      *       0.0.0.0/0            
0.0.0.0/0           limit: avg 3/min burst 5 LOG flags 6 level 4 prefix 
`SFW2-FWDint-DROP-DEFLT ''
    0     0 DROP       all  --  *      *       0.0.0.0/0            
0.0.0.0/0

Chain input_dmz (0 references)
 pkts bytes target     prot opt in     out     source               
destination
    0     0 DROP       all  --  *      *       0.0.0.0/0            
0.0.0.0/0           PKTTYPE = broadcast
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            
0.0.0.0/0           icmp type 4
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            
0.0.0.0/0           icmp type 8
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            
0.0.0.0/0           state RELATED,ESTABLISHED icmp type 0
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            
0.0.0.0/0           state RELATED,ESTABLISHED icmp type 3
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            
0.0.0.0/0           state RELATED,ESTABLISHED icmp type 11
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            
0.0.0.0/0           state RELATED,ESTABLISHED icmp type 12
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            
0.0.0.0/0           state RELATED,ESTABLISHED icmp type 14
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            
0.0.0.0/0           state RELATED,ESTABLISHED icmp type 18
    0     0 LOG        all  --  *      *       0.0.0.0/0            
0.0.0.0/0           limit: avg 3/min burst 5 state INVALID LOG flags 6 
level 4 prefix `SFW2-INdmz-DROP-DEFLT-INV ''
    0     0 DROP       all  --  *      *       0.0.0.0/0            
0.0.0.0/0           state INVALID
    0     0 LOG        tcp  --  *      *       0.0.0.0/0            
0.0.0.0/0           limit: avg 3/min burst 5 tcp flags:0x16/0x02 LOG 
flags 6 level 4 prefix `SFW2-INdmz-DROP-DEFLT ''
    0     0 LOG        icmp --  *      *       0.0.0.0/0            
0.0.0.0/0           limit: avg 3/min burst 5 icmp type 4 LOG flags 6 
level 4 prefix `SFW2-INdmz-DROP-ICMP-CRIT ''
    0     0 LOG        icmp --  *      *       0.0.0.0/0            
0.0.0.0/0           limit: avg 3/min burst 5 icmp type 5 LOG flags 6 
level 4 prefix `SFW2-INdmz-DROP-ICMP-CRIT ''
    0     0 LOG        icmp --  *      *       0.0.0.0/0            
0.0.0.0/0           limit: avg 3/min burst 5 icmp type 8 LOG flags 6 
level 4 prefix `SFW2-INdmz-DROP-ICMP-CRIT ''
    0     0 LOG        icmp --  *      *       0.0.0.0/0            
0.0.0.0/0           limit: avg 3/min burst 5 icmp type 13 LOG flags 6 
level 4 prefix `SFW2-INdmz-DROP-ICMP-CRIT ''
    0     0 LOG        icmp --  *      *       0.0.0.0/0            
0.0.0.0/0           limit: avg 3/min burst 5 icmp type 17 LOG flags 6 
level 4 prefix `SFW2-INdmz-DROP-ICMP-CRIT ''
    0     0 LOG        icmp --  *      *       0.0.0.0/0            
0.0.0.0/0           limit: avg 3/min burst 5 icmp type 2 LOG flags 6 
level 4 prefix `SFW2-INdmz-DROP-ICMP-CRIT ''
    0     0 LOG        udp  --  *      *       0.0.0.0/0            
0.0.0.0/0           limit: avg 3/min burst 5 LOG flags 6 level 4 prefix 
`SFW2-INdmz-DROP-DEFLT ''
    0     0 DROP       all  --  *      *       0.0.0.0/0            
0.0.0.0/0

Chain input_ext (2 references)
 pkts bytes target     prot opt in     out     source               
destination
  587  119K DROP       all  --  *      *       0.0.0.0/0            
0.0.0.0/0           PKTTYPE = broadcast
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            
0.0.0.0/0           icmp type 4
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            
0.0.0.0/0           icmp type 8
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            
0.0.0.0/0           state RELATED,ESTABLISHED icmp type 0
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            
0.0.0.0/0           state RELATED,ESTABLISHED icmp type 3
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            
0.0.0.0/0           state RELATED,ESTABLISHED icmp type 11
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            
0.0.0.0/0           state RELATED,ESTABLISHED icmp type 12
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            
0.0.0.0/0           state RELATED,ESTABLISHED icmp type 14
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            
0.0.0.0/0           state RELATED,ESTABLISHED icmp type 18
    0     0 LOG        all  --  *      *       0.0.0.0/0            
0.0.0.0/0           limit: avg 3/min burst 5 state INVALID LOG flags 6 
level 4 prefix `SFW2-INext-DROP-DEFLT-INV ''
    0     0 DROP       all  --  *      *       0.0.0.0/0            
0.0.0.0/0           state INVALID
    1    48 LOG        tcp  --  *      *       0.0.0.0/0            
0.0.0.0/0           limit: avg 3/min burst 5 tcp dpt:22 flags:0x16/0x02 
LOG flags 6 level 4 prefix `SFW2-INext-ACC-TCP ''
    1    48 ACCEPT     tcp  --  *      *       0.0.0.0/0            
0.0.0.0/0           tcp dpt:22
    0     0 reject_func  tcp  --  *      *       0.0.0.0/0            
0.0.0.0/0           tcp dpt:113 state NEW
    0     0 LOG        tcp  --  *      *       0.0.0.0/0            
0.0.0.0/0           limit: avg 3/min burst 5 tcp flags:0x16/0x02 LOG 
flags 6 level 4 prefix `SFW2-INext-DROP-DEFLT ''
    0     0 LOG        icmp --  *      *       0.0.0.0/0            
0.0.0.0/0           limit: avg 3/min burst 5 icmp type 4 LOG flags 6 
level 4 prefix `SFW2-INext-DROP-ICMP-CRIT ''
    0     0 LOG        icmp --  *      *       0.0.0.0/0            
0.0.0.0/0           limit: avg 3/min burst 5 icmp type 5 LOG flags 6 
level 4 prefix `SFW2-INext-DROP-ICMP-CRIT ''
    0     0 LOG        icmp --  *      *       0.0.0.0/0            
0.0.0.0/0           limit: avg 3/min burst 5 icmp type 8 LOG flags 6 
level 4 prefix `SFW2-INext-DROP-ICMP-CRIT ''
    0     0 LOG        icmp --  *      *       0.0.0.0/0            
0.0.0.0/0           limit: avg 3/min burst 5 icmp type 13 LOG flags 6 
level 4 prefix `SFW2-INext-DROP-ICMP-CRIT ''
    0     0 LOG        icmp --  *      *       0.0.0.0/0            
0.0.0.0/0           limit: avg 3/min burst 5 icmp type 17 LOG flags 6 
level 4 prefix `SFW2-INext-DROP-ICMP-CRIT ''
    0     0 LOG        icmp --  *      *       0.0.0.0/0            
0.0.0.0/0           limit: avg 3/min burst 5 icmp type 2 LOG flags 6 
level 4 prefix `SFW2-INext-DROP-ICMP-CRIT ''
    0     0 LOG        udp  --  *      *       0.0.0.0/0            
0.0.0.0/0           limit: avg 3/min burst 5 LOG flags 6 level 4 prefix 
`SFW2-INext-DROP-DEFLT ''
    0     0 DROP       all  --  *      *       0.0.0.0/0            
0.0.0.0/0

Chain input_int (0 references)
 pkts bytes target     prot opt in     out     source               
destination
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            
0.0.0.0/0
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            
0.0.0.0/0           icmp type 4
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            
0.0.0.0/0           icmp type 8
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            
0.0.0.0/0           state RELATED,ESTABLISHED icmp type 0
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            
0.0.0.0/0           state RELATED,ESTABLISHED icmp type 3
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            
0.0.0.0/0           state RELATED,ESTABLISHED icmp type 11
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            
0.0.0.0/0           state RELATED,ESTABLISHED icmp type 12
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            
0.0.0.0/0           state RELATED,ESTABLISHED icmp type 14
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            
0.0.0.0/0           state RELATED,ESTABLISHED icmp type 18
    0     0 LOG        all  --  *      *       0.0.0.0/0            
0.0.0.0/0           limit: avg 3/min burst 5 state INVALID LOG flags 6 
level 4 prefix `SFW2-INint-DROP-DEFLT-INV ''
    0     0 DROP       all  --  *      *       0.0.0.0/0            
0.0.0.0/0           state INVALID
    0     0 LOG        tcp  --  *      *       0.0.0.0/0            
0.0.0.0/0           limit: avg 3/min burst 5 tcp flags:0x16/0x02 LOG 
flags 6 level 4 prefix `SFW2-INint-DROP-DEFLT ''
    0     0 LOG        icmp --  *      *       0.0.0.0/0            
0.0.0.0/0           limit: avg 3/min burst 5 icmp type 4 LOG flags 6 
level 4 prefix `SFW2-INint-DROP-ICMP-CRIT ''
    0     0 LOG        icmp --  *      *       0.0.0.0/0            
0.0.0.0/0           limit: avg 3/min burst 5 icmp type 5 LOG flags 6 
level 4 prefix `SFW2-INint-DROP-ICMP-CRIT ''
    0     0 LOG        icmp --  *      *       0.0.0.0/0            
0.0.0.0/0           limit: avg 3/min burst 5 icmp type 8 LOG flags 6 
level 4 prefix `SFW2-INint-DROP-ICMP-CRIT ''
    0     0 LOG        icmp --  *      *       0.0.0.0/0            
0.0.0.0/0           limit: avg 3/min burst 5 icmp type 13 LOG flags 6 
level 4 prefix `SFW2-INint-DROP-ICMP-CRIT ''
    0     0 LOG        icmp --  *      *       0.0.0.0/0            
0.0.0.0/0           limit: avg 3/min burst 5 icmp type 17 LOG flags 6 
level 4 prefix `SFW2-INint-DROP-ICMP-CRIT ''
    0     0 LOG        icmp --  *      *       0.0.0.0/0            
0.0.0.0/0           limit: avg 3/min burst 5 icmp type 2 LOG flags 6 
level 4 prefix `SFW2-INint-DROP-ICMP-CRIT ''
    0     0 LOG        udp  --  *      *       0.0.0.0/0            
0.0.0.0/0           limit: avg 3/min burst 5 LOG flags 6 level 4 prefix 
`SFW2-INint-DROP-DEFLT ''
    0     0 DROP       all  --  *      *       0.0.0.0/0            
0.0.0.0/0

Chain reject_func (1 references)
 pkts bytes target     prot opt in     out     source               
destination
    0     0 REJECT     tcp  --  *      *       0.0.0.0/0            
0.0.0.0/0           reject-with tcp-reset
    0     0 REJECT     udp  --  *      *       0.0.0.0/0            
0.0.0.0/0           reject-with icmp-port-unreachable
    0     0 REJECT     all  --  *      *       0.0.0.0/0            
0.0.0.0/0           reject-with icmp-proto-unreachable

-------------------------------------------------------------------------------------------------------------------------------
dom0:/ # ifconfig
eth0      Link encap:Ethernet  HWaddr 00:11:85:F4:87:76
          inet addr:192.168.1.22  Bcast:192.168.1.255  Mask:255.255.255.0
          inet6 addr: fe80::211:85ff:fef4:8776/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:7554 errors:0 dropped:0 overruns:0 frame:0
          TX packets:6522 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:717401 (700.5 Kb)  TX bytes:1512430 (1.4 Mb)
          Interrupt:20

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:14725 errors:0 dropped:0 overruns:0 frame:0
          TX packets:14725 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:1351344 (1.2 Mb)  TX bytes:1351344 (1.2 Mb)

vif7.0    Link encap:Ethernet  HWaddr FE:FF:FF:FF:FF:FF
          inet6 addr: fe80::fcff:ffff:feff:ffff/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:13 errors:0 dropped:0 overruns:0 frame:0
          TX packets:88 errors:0 dropped:411 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:754 (754.0 b)  TX bytes:10175 (9.9 Kb)

xen-br0   Link encap:Ethernet  HWaddr 00:11:85:F4:87:76
          inet addr:192.168.1.22  Bcast:192.168.1.255  Mask:255.255.255.255
          inet6 addr: fe80::200:ff:fe00:0/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:7471 errors:0 dropped:0 overruns:0 frame:0
          TX packets:6303 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:550732 (537.8 Kb)  TX bytes:1459651 (1.3 Mb)

--------------------------------------------------------------------------------------------------------------------------------
dom0:/ # route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use 
Iface
192.168.1.0   0.0.0.0         255.255.255.0   U     0      0        0 
xen-br0
169.254.0.0     0.0.0.0         255.255.0.0     U     0      0        0 
xen-br0
127.0.0.0       0.0.0.0         255.0.0.0       U     0      0        0 lo
0.0.0.0         192.168.1.2   0.0.0.0         UG    0      0        0 
xen-br0

--------------------------------------------------------------------------------------------------------------------------------
dom0:/# brctl show
bridge name     bridge id               STP enabled     interfaces
xen-br0         8000.001185f48776       no              eth0
                                                        vif7.0
--------------------------------------------------------------------------------------------------------------------------------
dom0:/# brctl showmacs xen-br0
port no mac addr                is local?       ageing timer
  1     00:08:02:96:ee:f1       no                33.65
  1     00:0d:56:e7:9e:cc       no               235.29
  1     00:11:85:7d:39:af       no                 8.98
  1     00:11:85:7e:51:eb       no               113.87
  1     00:11:85:ee:79:f4       no                 0.00
  1     00:11:85:f2:54:4a       no               290.09
  1     00:11:85:f2:55:be       no                46.89
  1     00:11:85:f4:87:76       yes                0.00
  1     00:c0:9f:46:e4:1b       no               128.81
  1     00:e0:4c:ae:e6:07       no                17.76
  2     fe:ff:ff:ff:ff:ff       yes                0.00

--------------------------------------------------------------------------------------------------------------------------------


In dom1 (I turned the firewall in dom1 off for now):

dom1:/ #  iptables -n -v -L
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               
destination

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               
destination

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               
destination
---------------------------------------------------------------------------------------
dom1:/boot # iptables -n -v -L -t nat
Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               
destination

Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               
destination

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               
destination
----------------------------------------------------------------------------------------

dom1:/ # ifconfig

eth0      Link encap:Ethernet  HWaddr 00:11:85:F4:87:76
          inet addr:192.168.1.25  Bcast:192.168.1.255  Mask:255.255.255.0
          inet6 addr: fe80::211:85ff:fef4:8776/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:55 errors:0 dropped:0 overruns:0 frame:0
          TX packets:13 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:6434 (6.2 Kb)  TX bytes:754 (754.0 b)

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:14 errors:0 dropped:0 overruns:0 frame:0
          TX packets:14 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:1344 (1.3 Kb)  TX bytes:1344 (1.3 Kb)

----------------------------------------------------------------------------------------
dom1:/boot # route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use 
Iface
192.168.1.0   0.0.0.0         255.255.255.0   U     0      0        0 eth0
169.254.0.0     0.0.0.0         255.255.0.0     U     0      0        0 eth0
127.0.0.0       0.0.0.0         255.0.0.0       U     0      0        0 lo
0.0.0.0         192.168.1.2   0.0.0.0         UG    0      0        0 eth0




James Bulpin wrote:
>On Wed, 2005-05-18 at 16:07, Eric E wrote:
>  
>
>>Hi James,
>>    Many thanks for your quick reply, and for the help.  I''m
now able to
>>see the dom0 machine from the network, but I can''t seem to get
into our
>>out of dom1.  In my domain configuation file for dom1, I''ve
tried the
>>following for the vif:
>>1) vif= [''mac=00:xx:xx:xx:xx:xx, bridge=xen-br0'']
>>2) vif = [''bridge=xen-br0'']
>>3) nothing (commented out)
>>
>>Only 1) creates an eth0 interface in dom1, and even then I
can''t see any
>>IP addresses on my network such as 192.168.1.10 from within dom1, nor 
>>can I ping the machine''s address from dom0 or elsewhere on the
network.
>>    
>>
>
>Can you give me the output of the following:
>
>in dom0:
>
>iptables -n -v -L
>iptables -n -v -L -t nat
>ifconfig
>route -n
>brctl show
>brctl showmacs xen-br0
>
>in domU booted using your 1) above:
>
>iptables -n -v -L
>iptables -n -v -L -t nat
>ifconfig
>route -n
>
>Regards,
>
>James
>
>
>  
>


_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users

James Bulpin

2005-May-19 10:56 UTC

head link

Re: [Xen-users] Xen and routing

On Wed, 2005-05-18 at 20:52, Eric E wrote:> Hi James,
>     Sorry - for some reason I missed this message until now... 
I''ve
> reconfigured eth0 in dom1 without specifying a hardware module.  It 
> comes up, but still no access into or out of the network...[...]

Something fishy is going on with your dom1 MAC address:
> dom0:/ # ifconfig
> eth0      Link encap:Ethernet  HWaddr 00:11:85:F4:87:76
> dom1:/ # ifconfig
> 
> eth0      Link encap:Ethernet  HWaddr 00:11:85:F4:87:76
i.e. both dom0 and dom1 have the same MAC address. This doesn''t play
well with the bridge or with ARP. Are you specifying that MAC in your
dom1 config file? If so, use another (just commenting out vif= should be
fine). Domains in a bridged configuration need to have different MAC
addresses in the same way that physical machines would do. 
>
--------------------------------------------------------------------------------------------------------------------------------
> dom0:/# brctl show
> bridge name     bridge id               STP enabled     interfaces
> xen-br0         8000.001185f48776       no              eth0
>                                                         vif7.0
>
--------------------------------------------------------------------------------------------------------------------------------
> dom0:/# brctl showmacs xen-br0
> port no mac addr                is local?       ageing timer
>   1     00:08:02:96:ee:f1       no                33.65
>   1     00:0d:56:e7:9e:cc       no               235.29
>   1     00:11:85:7d:39:af       no                 8.98
>   1     00:11:85:7e:51:eb       no               113.87
>   1     00:11:85:ee:79:f4       no                 0.00
>   1     00:11:85:f2:54:4a       no               290.09
>   1     00:11:85:f2:55:be       no                46.89
>   1     00:11:85:f4:87:76       yes                0.00
>   1     00:c0:9f:46:e4:1b       no               128.81
>   1     00:e0:4c:ae:e6:07       no                17.76
>   2     fe:ff:ff:ff:ff:ff       yes                0.00
Note here that no actual address appears on the bridge port #2. 

James


_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users

James Bulpin

2005-May-20 08:41 UTC

head link

Re: [Xen-users] Xen and routing

For the benefit of others following this threads and the mailing list
archive - Eric reports this fixed the problem.

J.

On Thu, 2005-05-19 at 11:56, James Bulpin wrote:> On Wed, 2005-05-18 at 20:52, Eric E wrote:
> > Hi James,
> >     Sorry - for some reason I missed this message until now... 
I''ve
> > reconfigured eth0 in dom1 without specifying a hardware module.  It 
> > comes up, but still no access into or out of the network...
> [...]
> 
> Something fishy is going on with your dom1 MAC address:
> 
> > dom0:/ # ifconfig
> > eth0      Link encap:Ethernet  HWaddr 00:11:85:F4:87:76
> 
> > dom1:/ # ifconfig
> > 
> > eth0      Link encap:Ethernet  HWaddr 00:11:85:F4:87:76
> 
> i.e. both dom0 and dom1 have the same MAC address. This doesn''t
play
> well with the bridge or with ARP. Are you specifying that MAC in your
> dom1 config file? If so, use another (just commenting out vif= should be
> fine). Domains in a bridged configuration need to have different MAC
> addresses in the same way that physical machines would do. 
> 
> >
--------------------------------------------------------------------------------------------------------------------------------
> > dom0:/# brctl show
> > bridge name     bridge id               STP enabled     interfaces
> > xen-br0         8000.001185f48776       no              eth0
> >                                                         vif7.0
> >
--------------------------------------------------------------------------------------------------------------------------------
> > dom0:/# brctl showmacs xen-br0
> > port no mac addr                is local?       ageing timer
> >   1     00:08:02:96:ee:f1       no                33.65
> >   1     00:0d:56:e7:9e:cc       no               235.29
> >   1     00:11:85:7d:39:af       no                 8.98
> >   1     00:11:85:7e:51:eb       no               113.87
> >   1     00:11:85:ee:79:f4       no                 0.00
> >   1     00:11:85:f2:54:4a       no               290.09
> >   1     00:11:85:f2:55:be       no                46.89
> >   1     00:11:85:f4:87:76       yes                0.00
> >   1     00:c0:9f:46:e4:1b       no               128.81
> >   1     00:e0:4c:ae:e6:07       no                17.76
> >   2     fe:ff:ff:ff:ff:ff       yes                0.00
> 
> Note here that no actual address appears on the bridge port #2. 
> 
> James
> 
> 
> _______________________________________________
> Xen-users mailing list
> Xen-users@lists.xensource.com
> http://lists.xensource.com/xen-users

_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users

Xen users - May 2005 - Xen and routing

[Xen-users] Xen and routing

Re: [Xen-users] Xen and routing

Re: [Xen-users] Xen and routing

Re: [Xen-users] Xen and routing

Re: [Xen-users] Xen and routing