Xen users - Mar 2007 - iptables not working on xen 3.0.4 domU

I have a small hosting company, and we have purchased a new server, which
will be divided into several virtual machines. I planned using Xen, because
the performance should be great, and I heard a lot of positive comments. So
I tried setting it up on a test machine.

First, I tried installing it on Slackware, as this is my premier choice.
Probably it''s because of my bad knowledge of Xen at that time, but I
didn''t
succeed. Then I followed some tutorials to install Xen, tried several
distro''s, and finally got it to work on Ubuntu 6.06LTS 64bit.

Great, I thought, because I got Slackware running on my guest domains, and
everything seemed to work ok.

There''s only one problem, which I can not resolve: iptables v1.3.5:
can''t
initialize iptables table `filter'': Bad file descriptor. Perhaps
iptables or
your kernel needs to be upgraded.

I learned this could be caused by an incompatibility between the (64-bit)
kernel and the 32-bit Slackware system. Ok, but what can I do about it? I
could use Ubuntu guests, but don''t like the idea quitting from
slackware. I
tried compiling iptables 1.3.7 from source, to no avail. Tried copying a
64-bit iptables executable to my system, but that''s not a very bright
idea
:) (32-bit libc systems can not run 64-bit executables).
Anyway, is this possible and good practice, running a 64-bit dom0 and a
32-bit domU? I saw a lot of people doing that (don''t they ever run into
problems???), but I just wanted to ask it to you expert people.

I did search this mailing list first, of course. But I don''t seem to
find
anyone with the same problem. All iptables problems I''ve seen are
related to
modules not being found, or with the wrong version. Which was the case for
me, but I have sorted that out. I have the right modules copied to my domU
(with 2.6.16.33-xenU modules), and they are working ok (other modules, I
mean, like smbfs or something). But I can''t get past this problem.

So I''m really stuck here. I really hope someone can help!


_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users

On Thu, 8 Mar 2007, Peter Fastr wrote:
>
> There''s only one problem, which I can not resolve: iptables
v1.3.5: can''t
> initialize iptables table `filter'': Bad file descriptor. Perhaps
iptables or
> your kernel needs to be upgraded.
If you are using the same kernel for the dom0 and the domU, just copy 
/lib/modules from the dom0 to the domU and everything should work fine. 
In xen, you keep the DomU kernel on the Dom0, but the DomU modules need to 
be on the DomU.
_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users

On Wednesday 07 March 2007, Luke S. Crawford wrote:
> On Thu, 8 Mar 2007, Peter Fastré wrote:
> > There''s only one problem, which I can not resolve: iptables
v1.3.5: can''t
> > initialize iptables table `filter'': Bad file descriptor.
Perhaps iptables
> > or your kernel needs to be upgraded.
>
> If you are using the same kernel for the dom0 and the domU, just copy
> /lib/modules from the dom0 to the domU and everything should work fine.
> In xen, you keep the DomU kernel on the Dom0, but the DomU modules need to
> be on the DomU.
i think he already did that... his problem seems to be not the modules, but 
the tools.  it''s all complicated because he''s using a 64bit
kernel (to match
dom0) with a 32bit userspace (his beloved Slackware).

that makes it hard to match kernel-managing userspace tools with the kernel.

without having tested anything similar, i guess the easiest solutions would 
be:
a) add the needed 64-bit libraries so that the same executable could be used 
on both Dom0 and DomU
b) build a statically-linked 64bit toolchest, so that it doesn''t need
any
extra library

.... or switching to a 64-bit distro for DomU''s  ... or using 32-bit
(PAE?)
for Dom0...

-- 
Javier


_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users