Xen users - Sep 2007 - Dom0 cannot see network when bridge is enabled

I''ve seen a lot of threads w/ similar problems, but none have posted a
resolution.

I am using Debian 4.0r1 (Etch). I was using the xen packages from
stable, but have tried w/ testing as well and the problem persists.

  http://pastie.caboo.se/95144

Host is 10.0.0.20 on network 10.0.0.0/24.

Dom0 is thus 10.0.0.20

DomU is 10.0.0.30

When the bridge is enabled, DomU can ping everything. Everything can
ping DomU.

Dom0 can only ping DomU and itself. It can''t see the 10.0.0.0/24
network
or anything beyond.

tcpdumps have not shown any ICMP traffic on any of the interfaces I can
see from within the Dom0, and machines in 10.0.0.0/24 being pinged from
the Dom0 see nothing either.

I''m trying to work out how it''s supposed to work. It looks
like the
bridge works by binding all the interfaces together via a common mac
address, is this correct?

How then, do peth0 and eth0 see each other''s traffic?

--Ian

_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users

> I''ve seen a lot of threads w/ similar problems, but none have 
> posted a resolution.
> 
> I am using Debian 4.0r1 (Etch). I was using the xen packages 
> from stable, but have tried w/ testing as well and the 
> problem persists.
> 
>   http://pastie.caboo.se/95144
> 
> Host is 10.0.0.20 on network 10.0.0.0/24.
> 
> Dom0 is thus 10.0.0.20
> 
> DomU is 10.0.0.30
> 
> When the bridge is enabled, DomU can ping everything. 
> Everything can ping DomU.
> 
> Dom0 can only ping DomU and itself. It can''t see the 
> 10.0.0.0/24 network or anything beyond.
> 
> tcpdumps have not shown any ICMP traffic on any of the 
> interfaces I can see from within the Dom0, and machines in 
> 10.0.0.0/24 being pinged from the Dom0 see nothing either.
> 
> I''m trying to work out how it''s supposed to work. It
looks
> like the bridge works by binding all the interfaces together 
> via a common mac address, is this correct?
> 
> How then, do peth0 and eth0 see each other''s traffic?
I assume you have already checked this, but did you look at your
iptables configuration to make sure that packet filtering is not
blocking any traffic?

_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users

Fischer, Anna wrote:
> I assume you have already checked this, but did you look at your
> iptables configuration to make sure that packet filtering is not
> blocking any traffic?
Yes, the default policies are ACCEPT, with some extra forwarding rules
in there:

bunsen:~# iptables -nL
Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
ACCEPT     0    --  10.0.0.30            0.0.0.0/0           PHYSDEV
match --physdev-in vif1.0
ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0           PHYSDEV
match --physdev-in vif1.0 udp spt:68 dpt:67

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination



Should there be more?

--Ian

_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users