Hi,
I ''ve got a CentOS 5.2 server running xen 3.0 with 2 DomUs also running
CentOS 5.2.
All my boxes are up-to date.
I''m experiencing trouble with networking.
Dom0 can reach the outside world when no DomU are started. It can also
reach the outside world when only one DomU is running.
The troubles begin when I start the second DomU. At first, this new
DomU, called DomU2, can''t get outside. (at the time Dom0 and DomU1 are
still reachable from outside).
Once I get connected to DomU2 (console mode, xm console DomU2) and try
to get outside, I''ll get through after a small amout of time.
Nevertheless, this causes Dom0 to stop being reachable from the outside.
Therefore when my two DomUs are running, there are running fine and I
can reach them with SSH but Dom0 becomes unreachable. After sometimes it
changes Dom0 becomes reachable again and one of the 2 DomUs becomes
unreachable from the outside. It is completely random but there''s still
one of the Doms which is unreachable. It depends on the one I''m
connected to !
BUT being connected to the console on the server, I can reach each DomU
(DomU1 and DomU2) from Dom0 or reach Dom0 from each DomUs (DomU1 and DomU2)
I help myself with some tutorials but can''t get through my
difficulties.
http://wiki.xensource.com/xenwiki/XenNetworking
http://doc.fedora-fr.org/wiki/Xen_et_le_réseau
http://www.shorewall.net/XenMyWay.html => Xen and the Art of Consolidation
Nevertheless, I can''t get through my troubles.
Here''s the result of the ifconfig command when everything is started :
DomUs + Dom0
eth0 Link encap:Ethernet HWaddr 00:21:85:32:CA:8E
inet adr:172.20.25.2 Bcast:172.20.25.255 Masque:255.255.255.0
adr inet6: fe80::221:85ff:fe32:ca8e/64 Scope:Lien
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:88446 errors:0 dropped:0 overruns:0 frame:0
TX packets:2906 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 lg file transmission:0
RX bytes:6888620 (6.5 MiB) TX bytes:189520 (185.0 KiB)
lo Link encap:Boucle locale
inet adr:127.0.0.1 Masque:255.0.0.0
adr inet6: ::1/128 Scope:Hôte
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:34 errors:0 dropped:0 overruns:0 frame:0
TX packets:34 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 lg file transmission:0
RX bytes:7010 (6.8 KiB) TX bytes:7010 (6.8 KiB)
peth0 Link encap:Ethernet HWaddr FE:FF:FF:FF:FF:FF
adr inet6: fe80::fcff:ffff:feff:ffff/64 Scope:Lien
UP BROADCAST RUNNING NOARP MTU:1500 Metric:1
RX packets:25871448 errors:0 dropped:0 overruns:0 frame:0
TX packets:5396663 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 lg file transmission:100
RX bytes:31027675382 (28.8 GiB) TX bytes:434789497 (414.6 MiB)
Mémoire:de340000-de360000
vif0.0 Link encap:Ethernet HWaddr FE:FF:FF:FF:FF:FF
adr inet6: fe80::fcff:ffff:feff:ffff/64 Scope:Lien
UP BROADCAST RUNNING NOARP MTU:1500 Metric:1
RX packets:2906 errors:0 dropped:0 overruns:0 frame:0
TX packets:88446 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 lg file transmission:0
RX bytes:189520 (185.0 KiB) TX bytes:6888620 (6.5 MiB)
vif1.0 Link encap:Ethernet HWaddr FE:FF:FF:FF:FF:FF
adr inet6: fe80::fcff:ffff:feff:ffff/64 Scope:Lien
UP BROADCAST RUNNING NOARP MTU:1500 Metric:1
RX packets:1886 errors:0 dropped:0 overruns:0 frame:0
TX packets:86964 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 lg file transmission:32
RX bytes:127848 (124.8 KiB) TX bytes:6453003 (6.1 MiB)
vif2.0 Link encap:Ethernet HWaddr FE:FF:FF:FF:FF:FF
adr inet6: fe80::fcff:ffff:feff:ffff/64 Scope:Lien
UP BROADCAST RUNNING NOARP MTU:1500 Metric:1
RX packets:5389130 errors:0 dropped:0 overruns:0 frame:0
TX packets:10150353 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 lg file transmission:32
RX bytes:358810111 (342.1 MiB) TX bytes:15229333872 (14.1 GiB)
virbr0 Link encap:Ethernet HWaddr 00:00:00:00:00:00
inet adr:192.168.122.1 Bcast:192.168.122.255
Masque:255.255.255.0
adr inet6: fe80::200:ff:fe00:0/64 Scope:Lien
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:44 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 lg file transmission:0
RX bytes:0 (0.0 b) TX bytes:8758 (8.5 KiB)
xenbr0 Link encap:Ethernet HWaddr FE:FF:FF:FF:FF:FF
UP BROADCAST RUNNING NOARP MTU:1500 Metric:1
RX packets:84790 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 lg file transmission:0
RX bytes:4982000 (4.7 MiB) TX bytes:0 (0.0 b)
I can''t understand why the MAC addresses of peth0 is different from the
one of eth0. vibr0 seems to be useless. These should be the same,
shouldn''t they ?
peth0''s MAC address and xenbr0''s MAC address are the same
which seems
logical to me. Am I wrong ?
Can anyone help ?
Any suggestions will be greatly appreciated.
Kind regards,
--
Stéphane Cesbron
Responsable Régional Informatique,
INSERM ADR Grand-Ouest,
BRETAGNE, PAYS DE LA LOIRE et CENTRE
63, quai Magellan
3ème étage - Hall B
B.P. 32116
44021 Nantes cedex 1
Email : stephane.cesbron@inserm.fr
Tél : 02.40.20.92.28
Portable : 06.78.68.76.39
-----------------------------------------------------------------
Ce message et toutes les pieces jointes sont etablis a l''intention
exclusive de ses destinataires et peuvent etre confidentiels ou proteges.
L''internet ne permettant pas d''assurer l''integrite de
ce message, l''INSERM decline toute responsabilite au titre de ce
message, dans l''hypothese ou il aurait ete modifie. Toute utilisation
de ce message non conforme a sa destination, toute diffusion ou toute
publication, totale ou partielle, est interdite, sauf autorisation expresse. Si
vous recevez ce message par erreur, merci de le detruire et d''en
avertir immediatement l''expediteur. Merci.
The information transmitted is intended exclusively for the person or entity to
which it is addressed and may contain confidential and/or privileged material.
Any disclosure, copying, distribution or other action based upon the
information by persons or entities other than the intended recipient is
prohibited. If you receive this information in error, please contact the sender
and delete the material from any and all computers.
_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users
On Fri, Aug 1, 2008 at 4:32 AM, Stéphane Cesbron <Stephane.Cesbron@inserm.fr> wrote:> Hi, > > I ''ve got a CentOS 5.2 server running xen 3.0 with 2 DomUs also running > CentOS 5.2. > All my boxes are up-to date. > > I''m experiencing trouble with networking. > Dom0 can reach the outside world when no DomU are started. It can also reach > the outside world when only one DomU is running. > The troubles begin when I start the second DomU. At first, this new DomU, > called DomU2, can''t get outside. (at the time Dom0 and DomU1 are still > reachable from outside). > Once I get connected to DomU2 (console mode, xm console DomU2) and try to > get outside, I''ll get through after a small amout of time. Nevertheless, > this causes Dom0 to stop being reachable from the outside. > Therefore when my two DomUs are running, there are running fine and I can > reach them with SSH but Dom0 becomes unreachable. After sometimes it changes > Dom0 becomes reachable again and one of the 2 DomUs becomes unreachable from > the outside. It is completely random but there''s still one of the Doms which > is unreachable. It depends on the one I''m connected to ! > BUT being connected to the console on the server, I can reach each DomU > (DomU1 and DomU2) from Dom0 or reach Dom0 from each DomUs (DomU1 and DomU2) > I help myself with some tutorials but can''t get through my difficulties. > http://wiki.xensource.com/xenwiki/XenNetworking > http://doc.fedora-fr.org/wiki/Xen_et_le_réseau > http://www.shorewall.net/XenMyWay.html => Xen and the Art of Consolidation > > Nevertheless, I can''t get through my troubles. > > Here''s the result of the ifconfig command when everything is started : DomUs > + Dom0 > eth0 Link encap:Ethernet HWaddr 00:21:85:32:CA:8E inet > adr:172.20.25.2 Bcast:172.20.25.255 Masque:255.255.255.0 > adr inet6: fe80::221:85ff:fe32:ca8e/64 Scope:Lien > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > RX packets:88446 errors:0 dropped:0 overruns:0 frame:0 > TX packets:2906 errors:0 dropped:0 overruns:0 carrier:0 > collisions:0 lg file transmission:0 > RX bytes:6888620 (6.5 MiB) TX bytes:189520 (185.0 KiB) > > lo Link encap:Boucle locale inet adr:127.0.0.1 > Masque:255.0.0.0 > adr inet6: ::1/128 Scope:Hôte > UP LOOPBACK RUNNING MTU:16436 Metric:1 > RX packets:34 errors:0 dropped:0 overruns:0 frame:0 > TX packets:34 errors:0 dropped:0 overruns:0 carrier:0 > collisions:0 lg file transmission:0 > RX bytes:7010 (6.8 KiB) TX bytes:7010 (6.8 KiB) > > peth0 Link encap:Ethernet HWaddr FE:FF:FF:FF:FF:FF adr inet6: > fe80::fcff:ffff:feff:ffff/64 Scope:Lien > UP BROADCAST RUNNING NOARP MTU:1500 Metric:1 > RX packets:25871448 errors:0 dropped:0 overruns:0 frame:0 > TX packets:5396663 errors:0 dropped:0 overruns:0 carrier:0 > collisions:0 lg file transmission:100 > RX bytes:31027675382 (28.8 GiB) TX bytes:434789497 (414.6 MiB) > MÃ(c)moire:de340000-de360000 > > vif0.0 Link encap:Ethernet HWaddr FE:FF:FF:FF:FF:FF adr inet6: > fe80::fcff:ffff:feff:ffff/64 Scope:Lien > UP BROADCAST RUNNING NOARP MTU:1500 Metric:1 > RX packets:2906 errors:0 dropped:0 overruns:0 frame:0 > TX packets:88446 errors:0 dropped:0 overruns:0 carrier:0 > collisions:0 lg file transmission:0 > RX bytes:189520 (185.0 KiB) TX bytes:6888620 (6.5 MiB) > > vif1.0 Link encap:Ethernet HWaddr FE:FF:FF:FF:FF:FF adr inet6: > fe80::fcff:ffff:feff:ffff/64 Scope:Lien > UP BROADCAST RUNNING NOARP MTU:1500 Metric:1 > RX packets:1886 errors:0 dropped:0 overruns:0 frame:0 > TX packets:86964 errors:0 dropped:0 overruns:0 carrier:0 > collisions:0 lg file transmission:32 > RX bytes:127848 (124.8 KiB) TX bytes:6453003 (6.1 MiB) > > vif2.0 Link encap:Ethernet HWaddr FE:FF:FF:FF:FF:FF adr inet6: > fe80::fcff:ffff:feff:ffff/64 Scope:Lien > UP BROADCAST RUNNING NOARP MTU:1500 Metric:1 > RX packets:5389130 errors:0 dropped:0 overruns:0 frame:0 > TX packets:10150353 errors:0 dropped:0 overruns:0 carrier:0 > collisions:0 lg file transmission:32 > RX bytes:358810111 (342.1 MiB) TX bytes:15229333872 (14.1 GiB) > > virbr0 Link encap:Ethernet HWaddr 00:00:00:00:00:00 inet > adr:192.168.122.1 Bcast:192.168.122.255 Masque:255.255.255.0 > adr inet6: fe80::200:ff:fe00:0/64 Scope:Lien > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > RX packets:0 errors:0 dropped:0 overruns:0 frame:0 > TX packets:44 errors:0 dropped:0 overruns:0 carrier:0 > collisions:0 lg file transmission:0 > RX bytes:0 (0.0 b) TX bytes:8758 (8.5 KiB) > > xenbr0 Link encap:Ethernet HWaddr FE:FF:FF:FF:FF:FF UP BROADCAST > RUNNING NOARP MTU:1500 Metric:1 > RX packets:84790 errors:0 dropped:0 overruns:0 frame:0 > TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 > collisions:0 lg file transmission:0 > RX bytes:4982000 (4.7 MiB) TX bytes:0 (0.0 b) > > I can''t understand why the MAC addresses of peth0 is different from the one > of eth0. vibr0 seems to be useless. These should be the same, shouldn''t they > ? > peth0''s MAC address and xenbr0''s MAC address are the same which seems > logical to me. Am I wrong ? > > Can anyone help ? > Any suggestions will be greatly appreciated. >What is the output of: brctl show ip route list with 0, 1 and 2 domUs running? The networking parts of xend-config.sxp and the vif lines in your domUs might be useful. Cheers. Todd> Kind regards, > > -- > > Stéphane Cesbron > Responsable Régional Informatique, > INSERM ADR Grand-Ouest, > BRETAGNE, PAYS DE LA LOIRE et CENTRE > > 63, quai Magellan > 3ème étage - Hall B > B.P. 32116 > 44021 Nantes cedex 1 > > Email : stephane.cesbron@inserm.fr > Tél : 02.40.20.92.28 > Portable : 06.78.68.76.39 > ----------------------------------------------------------------- > Ce message et toutes les pieces jointes sont etablis a l''intention exclusive > de ses destinataires et peuvent etre confidentiels ou proteges. L''internet > ne permettant pas d''assurer l''integrite de ce message, l''INSERM decline > toute responsabilite au titre de ce message, dans l''hypothese ou il aurait > ete modifie. Toute utilisation de ce message non conforme a sa destination, > toute diffusion ou toute publication, totale ou partielle, est interdite, > sauf autorisation expresse. Si vous recevez ce message par erreur, merci de > le detruire et d''en avertir immediatement l''expediteur. Merci. > > The information transmitted is intended exclusively for the person or entity > to which it is addressed and may contain confidential and/or privileged > material. Any disclosure, copying, distribution or other action based upon > the information by persons or entities other than the intended recipient is > prohibited. If you receive this information in error, please contact the > sender and delete the material from any and all computers. > > > > _______________________________________________ > Xen-users mailing list > Xen-users@lists.xensource.com > http://lists.xensource.com/xen-users >-- Todd Deshane http://todddeshane.net check out our book: http://runningxen.com _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
Hi Todd,
Thanks for your reply.
You''ll find right down all informations about my settings (including
iptables running on the Dom0)
DomU1 = fwb
uuid = "f990d210-2a76-6fa9-5130-b80a207baa89"
vif = [ "mac=00:16:3e:1c:0f:0b,bridge=xenbr0" ]
DomU2= virt-geko
uuid = "bd4497d9-6613-f595-fae1-4bf8bc4aea33"
vif = [ "mac=00:16:3e:16:ee:d4,bridge=xenbr0" ]
results of the ifconfig command. I can''t undrestand why HWaddr eth0 is
different from HWaddr peth0. Do you understand why ?
eth0 Link encap:Ethernet HWaddr 00:21:85:32:CA:8E
inet adr:172.20.25.2 Bcast:172.20.25.255 Masque:255.255.255.0
adr inet6: fe80::221:85ff:fe32:ca8e/64 Scope:Lien
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:6164 errors:0 dropped:0 overruns:0 frame:0
TX packets:1491 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 lg file transmission:0
RX bytes:512499 (500.4 KiB) TX bytes:204595 (199.7 KiB)
lo Link encap:Boucle locale
inet adr:127.0.0.1 Masque:255.0.0.0
adr inet6: ::1/128 Scope:Hôte
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:8 errors:0 dropped:0 overruns:0 frame:0
TX packets:8 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 lg file transmission:0
RX bytes:560 (560.0 b) TX bytes:560 (560.0 b)
peth0 Link encap:Ethernet HWaddr FE:FF:FF:FF:FF:FF
adr inet6: fe80::fcff:ffff:feff:ffff/64 Scope:Lien
UP BROADCAST RUNNING NOARP MTU:1500 Metric:1
RX packets:11222 errors:0 dropped:0 overruns:0 frame:0
TX packets:1738 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 lg file transmission:100
RX bytes:1115603 (1.0 MiB) TX bytes:237120 (231.5 KiB)
Mémoire:de340000-de360000
vif0.0 Link encap:Ethernet HWaddr FE:FF:FF:FF:FF:FF
adr inet6: fe80::fcff:ffff:feff:ffff/64 Scope:Lien
UP BROADCAST RUNNING NOARP MTU:1500 Metric:1
RX packets:1497 errors:0 dropped:0 overruns:0 frame:0
TX packets:6167 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 lg file transmission:0
RX bytes:206963 (202.1 KiB) TX bytes:512679 (500.6 KiB)
vif1.0 Link encap:Ethernet HWaddr FE:FF:FF:FF:FF:FF
adr inet6: fe80::fcff:ffff:feff:ffff/64 Scope:Lien
UP BROADCAST RUNNING NOARP MTU:1500 Metric:1
RX packets:3 errors:0 dropped:0 overruns:0 frame:0
TX packets:4314 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 lg file transmission:32
RX bytes:84 (84.0 b) TX bytes:338534 (330.5 KiB)
vif2.0 Link encap:Ethernet HWaddr FE:FF:FF:FF:FF:FF
adr inet6: fe80::fcff:ffff:feff:ffff/64 Scope:Lien
UP BROADCAST RUNNING NOARP MTU:1500 Metric:1
RX packets:202 errors:0 dropped:0 overruns:0 frame:0
TX packets:4442 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 lg file transmission:32
RX bytes:20039 (19.5 KiB) TX bytes:358895 (350.4 KiB)
virbr0 Link encap:Ethernet HWaddr 00:00:00:00:00:00
inet adr:192.168.122.1 Bcast:192.168.122.255
Masque:255.255.255.0
adr inet6: fe80::200:ff:fe00:0/64 Scope:Lien
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:31 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 lg file transmission:0
RX bytes:0 (0.0 b) TX bytes:6837 (6.6 KiB)
xenbr0 Link encap:Ethernet HWaddr FE:FF:FF:FF:FF:FF
UP BROADCAST RUNNING NOARP MTU:1500 Metric:1
RX packets:4317 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 lg file transmission:0
RX bytes:286208 (279.5 KiB) TX bytes:0 (0.0 b)
[root@virts xen]# brctl show xenbr0
bridge name bridge id STP enabled interfaces
virbr0 8000.000000000000 yes
xenbr0 8000.feffffffffff no vif2.0
vif1.0
peth0
vif0.0
[root@virts xen]# brctl showmacs xenbr0
port no mac addr is local? ageing timer
2 00:00:85:83:0d:1f no 187.77
2 00:14:38:dd:b6:6c no 246.89
2 00:14:38:df:a9:25 no 7.46
2 00:15:17:11:d0:60 no 11.49
2 00:15:17:12:11:24 no 22.58
4 00:16:3e:16:ee:d4 no 22.58
2 00:18:8b:08:62:44 no 60.58
2 00:18:8b:08:80:9c no 91.25
2 00:18:8b:08:84:4f no 16.63
2 00:18:8b:08:85:3b no 65.18
2 00:18:8b:08:85:7b no 137.78
2 00:18:8b:08:85:ae no 7.96
2 00:18:8b:08:86:27 no 24.48
2 00:18:8b:08:8c:a9 no 135.02
2 00:18:8b:08:8c:ed no 35.36
2 00:18:8b:25:9e:f8 no 121.48
2 00:18:8b:27:b3:9a no 238.33
2 00:18:8b:27:d5:38 no 97.22
2 00:18:8b:27:e4:1d no 75.80
2 00:18:fe:9e:0a:6c no 7.48
2 00:19:30:6f:ca:8f no 1.18
2 00:19:b9:67:8a:8f no 0.00
2 00:1a:a0:ae:54:25 no 10.45
2 00:1a:e2:ca:5f:00 no 25.44
2 00:1a:e3:4d:1b:0a no 0.26
2 00:1a:e3:4d:1b:43 no 70.06
2 00:1b:2a:20:2b:d1 no 296.46
2 00:1b:2a:20:6b:3c no 179.91
2 00:1b:2a:20:b2:24 no 249.45
2 00:1b:2a:20:b2:2a no 277.33
2 00:1b:2a:89:95:50 no 269.97
2 00:1b:2a:89:95:68 no 27.25
2 00:1b:2a:89:ab:d0 no 297.39
2 00:1b:2a:89:ac:6b no 240.17
2 00:1b:2a:89:e4:f3 no 72.68
2 00:1b:53:39:b3:00 no 26.38
2 00:1c:ee:04:ef:4c no 50.50
2 00:1e:f7:c4:b7:65 no 285.87
1 00:21:85:32:ca:8e no 0.00
2 08:00:1f:82:7d:a3 no 75.80
1 fe:ff:ff:ff:ff:ff yes 0.00
[root@virts xen]# brctl showmacs virbr0
port no mac addr is local? ageing timer
Here are the Dom0''s iptables :
Table filter
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
num pkts bytes target prot opt in out source
destination
1 0 0 ACCEPT udp -- virbr0 * 0.0.0.0/0
0.0.0.0/0 udp dpt:53
2 0 0 ACCEPT tcp -- virbr0 * 0.0.0.0/0
0.0.0.0/0 tcp dpt:53
3 0 0 ACCEPT udp -- virbr0 * 0.0.0.0/0
0.0.0.0/0 udp dpt:67
4 0 0 ACCEPT tcp -- virbr0 * 0.0.0.0/0
0.0.0.0/0 tcp dpt:67
5 0 0 RH-Firewall-1-INPUT all -- * *
0.0.0.0/0 0.0.0.0/0
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
num pkts bytes target prot opt in out source
destination
1 0 0 ACCEPT all -- * virbr0 0.0.0.0/0
192.168.122.0/24 state RELATED,ESTABLISHED
2 0 0 ACCEPT all -- virbr0 * 192.168.122.0/24
0.0.0.0/0
3 0 0 ACCEPT all -- virbr0 virbr0 0.0.0.0/0
0.0.0.0/0
4 0 0 REJECT all -- * virbr0 0.0.0.0/0
0.0.0.0/0 reject-with icmp-port-unreachable
5 0 0 REJECT all -- virbr0 * 0.0.0.0/0
0.0.0.0/0 reject-with icmp-port-unreachable
6 0 0 RH-Firewall-1-INPUT all -- * *
0.0.0.0/0 0.0.0.0/0
7 0 0 ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0 PHYSDEV match --physdev-in vif1.0
8 0 0 ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0 PHYSDEV match --physdev-in vif2.0
Chain OUTPUT (policy ACCEPT 1459 packets, 178K bytes)
num pkts bytes target prot opt in out source
destination
Chain RH-Firewall-1-INPUT (2 references)
num pkts bytes target prot opt in out source
destination
1 0 0 ACCEPT all -- lo * 0.0.0.0/0
0.0.0.0/0
2 0 0 ACCEPT icmp -- * * 0.0.0.0/0
0.0.0.0/0 icmp type 255
3 0 0 ACCEPT esp -- * * 0.0.0.0/0
0.0.0.0/0
4 0 0 ACCEPT ah -- * * 0.0.0.0/0
0.0.0.0/0
5 0 0 ACCEPT udp -- * * 0.0.0.0/0
224.0.0.251 udp dpt:5353
6 0 0 ACCEPT udp -- * * 0.0.0.0/0
0.0.0.0/0 udp dpt:631
7 0 0 ACCEPT tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:631
8 0 0 ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0 state RELATED,ESTABLISHED
9 0 0 ACCEPT tcp -- * * 0.0.0.0/0
0.0.0.0/0 state NEW tcp dpt:22
10 0 0 REJECT all -- * * 0.0.0.0/0
0.0.0.0/0 reject-with icmp-host-prohibited
Table nat
Chain PREROUTING (policy ACCEPT 859 packets, 100K bytes)
num pkts bytes target prot opt in out source
destination
Chain POSTROUTING (policy ACCEPT 3 packets, 357 bytes)
num pkts bytes target prot opt in out source
destination
1 0 0 MASQUERADE all -- * *
192.168.122.0/24 0.0.0.0/0
Chain OUTPUT (policy ACCEPT 3 packets, 357 bytes)
num pkts bytes target prot opt in out source
destination
~
Regards,
Todd Deshane a écrit :> On Fri, Aug 1, 2008 at 4:32 AM, Stéphane Cesbron
> <Stephane.Cesbron@inserm.fr> wrote:
>
>> Hi,
>>
>> I ''ve got a CentOS 5.2 server running xen 3.0 with 2 DomUs
also running
>> CentOS 5.2.
>> All my boxes are up-to date.
>>
>> I''m experiencing trouble with networking.
>> Dom0 can reach the outside world when no DomU are started. It can also
reach
>> the outside world when only one DomU is running.
>> The troubles begin when I start the second DomU. At first, this new
DomU,
>> called DomU2, can''t get outside. (at the time Dom0 and DomU1
are still
>> reachable from outside).
>> Once I get connected to DomU2 (console mode, xm console DomU2) and try
to
>> get outside, I''ll get through after a small amout of time.
Nevertheless,
>> this causes Dom0 to stop being reachable from the outside.
>> Therefore when my two DomUs are running, there are running fine and I
can
>> reach them with SSH but Dom0 becomes unreachable. After sometimes it
changes
>> Dom0 becomes reachable again and one of the 2 DomUs becomes unreachable
from
>> the outside. It is completely random but there''s still one of
the Doms which
>> is unreachable. It depends on the one I''m connected to !
>> BUT being connected to the console on the server, I can reach each DomU
>> (DomU1 and DomU2) from Dom0 or reach Dom0 from each DomUs (DomU1 and
DomU2)
>> I help myself with some tutorials but can''t get through my
difficulties.
>> http://wiki.xensource.com/xenwiki/XenNetworking
>> http://doc.fedora-fr.org/wiki/Xen_et_le_réseau
>> http://www.shorewall.net/XenMyWay.html => Xen and the Art of
Consolidation
>>
>> Nevertheless, I can''t get through my troubles.
>>
>> Here''s the result of the ifconfig command when everything is
started : DomUs
>> + Dom0
>> eth0 Link encap:Ethernet HWaddr 00:21:85:32:CA:8E inet
>> adr:172.20.25.2 Bcast:172.20.25.255 Masque:255.255.255.0
>> adr inet6: fe80::221:85ff:fe32:ca8e/64 Scope:Lien
>> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
>> RX packets:88446 errors:0 dropped:0 overruns:0 frame:0
>> TX packets:2906 errors:0 dropped:0 overruns:0 carrier:0
>> collisions:0 lg file transmission:0
>> RX bytes:6888620 (6.5 MiB) TX bytes:189520 (185.0 KiB)
>>
>> lo Link encap:Boucle locale inet adr:127.0.0.1
>> Masque:255.0.0.0
>> adr inet6: ::1/128 Scope:Hôte
>> UP LOOPBACK RUNNING MTU:16436 Metric:1
>> RX packets:34 errors:0 dropped:0 overruns:0 frame:0
>> TX packets:34 errors:0 dropped:0 overruns:0 carrier:0
>> collisions:0 lg file transmission:0
>> RX bytes:7010 (6.8 KiB) TX bytes:7010 (6.8 KiB)
>>
>> peth0 Link encap:Ethernet HWaddr FE:FF:FF:FF:FF:FF adr
inet6:
>> fe80::fcff:ffff:feff:ffff/64 Scope:Lien
>> UP BROADCAST RUNNING NOARP MTU:1500 Metric:1
>> RX packets:25871448 errors:0 dropped:0 overruns:0 frame:0
>> TX packets:5396663 errors:0 dropped:0 overruns:0 carrier:0
>> collisions:0 lg file transmission:100
>> RX bytes:31027675382 (28.8 GiB) TX bytes:434789497 (414.6 MiB)
>> MÃ(c)moire:de340000-de360000
>>
>> vif0.0 Link encap:Ethernet HWaddr FE:FF:FF:FF:FF:FF adr
inet6:
>> fe80::fcff:ffff:feff:ffff/64 Scope:Lien
>> UP BROADCAST RUNNING NOARP MTU:1500 Metric:1
>> RX packets:2906 errors:0 dropped:0 overruns:0 frame:0
>> TX packets:88446 errors:0 dropped:0 overruns:0 carrier:0
>> collisions:0 lg file transmission:0
>> RX bytes:189520 (185.0 KiB) TX bytes:6888620 (6.5 MiB)
>>
>> vif1.0 Link encap:Ethernet HWaddr FE:FF:FF:FF:FF:FF adr
inet6:
>> fe80::fcff:ffff:feff:ffff/64 Scope:Lien
>> UP BROADCAST RUNNING NOARP MTU:1500 Metric:1
>> RX packets:1886 errors:0 dropped:0 overruns:0 frame:0
>> TX packets:86964 errors:0 dropped:0 overruns:0 carrier:0
>> collisions:0 lg file transmission:32
>> RX bytes:127848 (124.8 KiB) TX bytes:6453003 (6.1 MiB)
>>
>> vif2.0 Link encap:Ethernet HWaddr FE:FF:FF:FF:FF:FF adr
inet6:
>> fe80::fcff:ffff:feff:ffff/64 Scope:Lien
>> UP BROADCAST RUNNING NOARP MTU:1500 Metric:1
>> RX packets:5389130 errors:0 dropped:0 overruns:0 frame:0
>> TX packets:10150353 errors:0 dropped:0 overruns:0 carrier:0
>> collisions:0 lg file transmission:32
>> RX bytes:358810111 (342.1 MiB) TX bytes:15229333872 (14.1 GiB)
>>
>> virbr0 Link encap:Ethernet HWaddr 00:00:00:00:00:00 inet
>> adr:192.168.122.1 Bcast:192.168.122.255 Masque:255.255.255.0
>> adr inet6: fe80::200:ff:fe00:0/64 Scope:Lien
>> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
>> RX packets:0 errors:0 dropped:0 overruns:0 frame:0
>> TX packets:44 errors:0 dropped:0 overruns:0 carrier:0
>> collisions:0 lg file transmission:0
>> RX bytes:0 (0.0 b) TX bytes:8758 (8.5 KiB)
>>
>> xenbr0 Link encap:Ethernet HWaddr FE:FF:FF:FF:FF:FF UP
BROADCAST
>> RUNNING NOARP MTU:1500 Metric:1
>> RX packets:84790 errors:0 dropped:0 overruns:0 frame:0
>> TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
>> collisions:0 lg file transmission:0
>> RX bytes:4982000 (4.7 MiB) TX bytes:0 (0.0 b)
>>
>> I can''t understand why the MAC addresses of peth0 is different
from the one
>> of eth0. vibr0 seems to be useless. These should be the same,
shouldn''t they
>> ?
>> peth0''s MAC address and xenbr0''s MAC address are the
same which seems
>> logical to me. Am I wrong ?
>>
>> Can anyone help ?
>> Any suggestions will be greatly appreciated.
>>
>>
>
> What is the output of:
>
> brctl show
> ip route list
>
> with 0, 1 and 2 domUs running?
>
> The networking parts of xend-config.sxp and the vif lines in your
> domUs might be useful.
>
> Cheers.
> Todd
>
>
>> Kind regards,
>>
>> --
>>
>> Stéphane Cesbron
>> Responsable Régional Informatique,
>> INSERM ADR Grand-Ouest,
>> BRETAGNE, PAYS DE LA LOIRE et CENTRE
>>
>> 63, quai Magellan
>> 3ème étage - Hall B
>> B.P. 32116
>> 44021 Nantes cedex 1
>>
>> Email : stephane.cesbron@inserm.fr
>> Tél : 02.40.20.92.28
>> Portable : 06.78.68.76.39
>> -----------------------------------------------------------------
>> Ce message et toutes les pieces jointes sont etablis a
l''intention exclusive
>> de ses destinataires et peuvent etre confidentiels ou proteges.
L''internet
>> ne permettant pas d''assurer l''integrite de ce
message, l''INSERM decline
>> toute responsabilite au titre de ce message, dans l''hypothese
ou il aurait
>> ete modifie. Toute utilisation de ce message non conforme a sa
destination,
>> toute diffusion ou toute publication, totale ou partielle, est
interdite,
>> sauf autorisation expresse. Si vous recevez ce message par erreur,
merci de
>> le detruire et d''en avertir immediatement
l''expediteur. Merci.
>>
>> The information transmitted is intended exclusively for the person or
entity
>> to which it is addressed and may contain confidential and/or privileged
>> material. Any disclosure, copying, distribution or other action based
upon
>> the information by persons or entities other than the intended
recipient is
>> prohibited. If you receive this information in error, please contact
the
>> sender and delete the material from any and all computers.
>>
>>
>>
>> _______________________________________________
>> Xen-users mailing list
>> Xen-users@lists.xensource.com
>> http://lists.xensource.com/xen-users
>>
>>
>
>
>
>
--
Stéphane Cesbron
Responsable Régional Informatique,
INSERM ADR Grand-Ouest,
BRETAGNE, PAYS DE LA LOIRE et CENTRE
63, quai Magellan
3ème étage - Hall B
B.P. 32116
44021 Nantes cedex 1
Email : stephane.cesbron@inserm.fr
Tél : 02.40.20.92.28
Portable : 06.78.68.76.39
-----------------------------------------------------------------
Ce message et toutes les pieces jointes sont etablis a l''intention
exclusive de ses destinataires et peuvent etre confidentiels ou proteges.
L''internet ne permettant pas d''assurer l''integrite de
ce message, l''INSERM decline toute responsabilite au titre de ce
message, dans l''hypothese ou il aurait ete modifie. Toute utilisation
de ce message non conforme a sa destination, toute diffusion ou toute
publication, totale ou partielle, est interdite, sauf autorisation expresse. Si
vous recevez ce message par erreur, merci de le detruire et d''en
avertir immediatement l''expediteur. Merci.
The information transmitted is intended exclusively for the person or entity to
which it is addressed and may contain confidential and/or privileged material.
Any disclosure, copying, distribution or other action based upon the
information by persons or entities other than the intended recipient is
prohibited. If you receive this information in error, please contact the sender
and delete the material from any and all computers.
_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users
Hi Todd, As I forgot some answers to your questions in my previous reply and had no time yesterday to complete it, I do so today. Sorry for the delay. You''ll find enclosed the configuration files you requested (xend-config.sxp, and the 2 DomUs''config files). You''ll also find a doc (txt file) which states all the networking status with no DomU running, 1 DomU and 2 DomUs running. Hope this helps, NB : I made a third DomUs which is not routable when the others DomUs are running. When I stopped the others DomUs it became routable. It seems to me that I can only run 2 Doms together (Dom0 +1 DomUs or 2 DomUs) Todd Deshane a écrit :> On Fri, Aug 1, 2008 at 4:32 AM, Stéphane Cesbron > <Stephane.Cesbron@inserm.fr> wrote: > >> Hi, >> >> I ''ve got a CentOS 5.2 server running xen 3.0 with 2 DomUs also running >> CentOS 5.2. >> All my boxes are up-to date. >> >> I''m experiencing trouble with networking. >> Dom0 can reach the outside world when no DomU are started. It can also reach >> the outside world when only one DomU is running. >> The troubles begin when I start the second DomU. At first, this new DomU, >> called DomU2, can''t get outside. (at the time Dom0 and DomU1 are still >> reachable from outside). >> Once I get connected to DomU2 (console mode, xm console DomU2) and try to >> get outside, I''ll get through after a small amout of time. Nevertheless, >> this causes Dom0 to stop being reachable from the outside. >> Therefore when my two DomUs are running, there are running fine and I can >> reach them with SSH but Dom0 becomes unreachable. After sometimes it changes >> Dom0 becomes reachable again and one of the 2 DomUs becomes unreachable from >> the outside. It is completely random but there''s still one of the Doms which >> is unreachable. It depends on the one I''m connected to ! >> BUT being connected to the console on the server, I can reach each DomU >> (DomU1 and DomU2) from Dom0 or reach Dom0 from each DomUs (DomU1 and DomU2) >> I help myself with some tutorials but can''t get through my difficulties. >> http://wiki.xensource.com/xenwiki/XenNetworking >> http://doc.fedora-fr.org/wiki/Xen_et_le_réseau >> http://www.shorewall.net/XenMyWay.html => Xen and the Art of Consolidation >> >> Nevertheless, I can''t get through my troubles. >> >> Here''s the result of the ifconfig command when everything is started : DomUs >> + Dom0 >> eth0 Link encap:Ethernet HWaddr 00:21:85:32:CA:8E inet >> adr:172.20.25.2 Bcast:172.20.25.255 Masque:255.255.255.0 >> adr inet6: fe80::221:85ff:fe32:ca8e/64 Scope:Lien >> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 >> RX packets:88446 errors:0 dropped:0 overruns:0 frame:0 >> TX packets:2906 errors:0 dropped:0 overruns:0 carrier:0 >> collisions:0 lg file transmission:0 >> RX bytes:6888620 (6.5 MiB) TX bytes:189520 (185.0 KiB) >> >> lo Link encap:Boucle locale inet adr:127.0.0.1 >> Masque:255.0.0.0 >> adr inet6: ::1/128 Scope:Hôte >> UP LOOPBACK RUNNING MTU:16436 Metric:1 >> RX packets:34 errors:0 dropped:0 overruns:0 frame:0 >> TX packets:34 errors:0 dropped:0 overruns:0 carrier:0 >> collisions:0 lg file transmission:0 >> RX bytes:7010 (6.8 KiB) TX bytes:7010 (6.8 KiB) >> >> peth0 Link encap:Ethernet HWaddr FE:FF:FF:FF:FF:FF adr inet6: >> fe80::fcff:ffff:feff:ffff/64 Scope:Lien >> UP BROADCAST RUNNING NOARP MTU:1500 Metric:1 >> RX packets:25871448 errors:0 dropped:0 overruns:0 frame:0 >> TX packets:5396663 errors:0 dropped:0 overruns:0 carrier:0 >> collisions:0 lg file transmission:100 >> RX bytes:31027675382 (28.8 GiB) TX bytes:434789497 (414.6 MiB) >> MÃ(c)moire:de340000-de360000 >> >> vif0.0 Link encap:Ethernet HWaddr FE:FF:FF:FF:FF:FF adr inet6: >> fe80::fcff:ffff:feff:ffff/64 Scope:Lien >> UP BROADCAST RUNNING NOARP MTU:1500 Metric:1 >> RX packets:2906 errors:0 dropped:0 overruns:0 frame:0 >> TX packets:88446 errors:0 dropped:0 overruns:0 carrier:0 >> collisions:0 lg file transmission:0 >> RX bytes:189520 (185.0 KiB) TX bytes:6888620 (6.5 MiB) >> >> vif1.0 Link encap:Ethernet HWaddr FE:FF:FF:FF:FF:FF adr inet6: >> fe80::fcff:ffff:feff:ffff/64 Scope:Lien >> UP BROADCAST RUNNING NOARP MTU:1500 Metric:1 >> RX packets:1886 errors:0 dropped:0 overruns:0 frame:0 >> TX packets:86964 errors:0 dropped:0 overruns:0 carrier:0 >> collisions:0 lg file transmission:32 >> RX bytes:127848 (124.8 KiB) TX bytes:6453003 (6.1 MiB) >> >> vif2.0 Link encap:Ethernet HWaddr FE:FF:FF:FF:FF:FF adr inet6: >> fe80::fcff:ffff:feff:ffff/64 Scope:Lien >> UP BROADCAST RUNNING NOARP MTU:1500 Metric:1 >> RX packets:5389130 errors:0 dropped:0 overruns:0 frame:0 >> TX packets:10150353 errors:0 dropped:0 overruns:0 carrier:0 >> collisions:0 lg file transmission:32 >> RX bytes:358810111 (342.1 MiB) TX bytes:15229333872 (14.1 GiB) >> >> virbr0 Link encap:Ethernet HWaddr 00:00:00:00:00:00 inet >> adr:192.168.122.1 Bcast:192.168.122.255 Masque:255.255.255.0 >> adr inet6: fe80::200:ff:fe00:0/64 Scope:Lien >> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 >> RX packets:0 errors:0 dropped:0 overruns:0 frame:0 >> TX packets:44 errors:0 dropped:0 overruns:0 carrier:0 >> collisions:0 lg file transmission:0 >> RX bytes:0 (0.0 b) TX bytes:8758 (8.5 KiB) >> >> xenbr0 Link encap:Ethernet HWaddr FE:FF:FF:FF:FF:FF UP BROADCAST >> RUNNING NOARP MTU:1500 Metric:1 >> RX packets:84790 errors:0 dropped:0 overruns:0 frame:0 >> TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 >> collisions:0 lg file transmission:0 >> RX bytes:4982000 (4.7 MiB) TX bytes:0 (0.0 b) >> >> I can''t understand why the MAC addresses of peth0 is different from the one >> of eth0. vibr0 seems to be useless. These should be the same, shouldn''t they >> ? >> peth0''s MAC address and xenbr0''s MAC address are the same which seems >> logical to me. Am I wrong ? >> >> Can anyone help ? >> Any suggestions will be greatly appreciated. >> >> > > What is the output of: > > brctl show > ip route list > > with 0, 1 and 2 domUs running? > > The networking parts of xend-config.sxp and the vif lines in your > domUs might be useful. > > Cheers. > Todd > > >> Kind regards, >> >> -- >> >> Stéphane Cesbron >> Responsable Régional Informatique, >> INSERM ADR Grand-Ouest, >> BRETAGNE, PAYS DE LA LOIRE et CENTRE >> >> 63, quai Magellan >> 3ème étage - Hall B >> B.P. 32116 >> 44021 Nantes cedex 1 >> >> Email : stephane.cesbron@inserm.fr >> Tél : 02.40.20.92.28 >> Portable : 06.78.68.76.39 >> ----------------------------------------------------------------- >> Ce message et toutes les pieces jointes sont etablis a l''intention exclusive >> de ses destinataires et peuvent etre confidentiels ou proteges. L''internet >> ne permettant pas d''assurer l''integrite de ce message, l''INSERM decline >> toute responsabilite au titre de ce message, dans l''hypothese ou il aurait >> ete modifie. Toute utilisation de ce message non conforme a sa destination, >> toute diffusion ou toute publication, totale ou partielle, est interdite, >> sauf autorisation expresse. Si vous recevez ce message par erreur, merci de >> le detruire et d''en avertir immediatement l''expediteur. Merci. >> >> The information transmitted is intended exclusively for the person or entity >> to which it is addressed and may contain confidential and/or privileged >> material. Any disclosure, copying, distribution or other action based upon >> the information by persons or entities other than the intended recipient is >> prohibited. If you receive this information in error, please contact the >> sender and delete the material from any and all computers. >> >> >> >> _______________________________________________ >> Xen-users mailing list >> Xen-users@lists.xensource.com >> http://lists.xensource.com/xen-users >> >> > > > >-- Stéphane Cesbron Responsable Régional Informatique, INSERM ADR Grand-Ouest, BRETAGNE, PAYS DE LA LOIRE et CENTRE 63, quai Magellan 3ème étage - Hall B B.P. 32116 44021 Nantes cedex 1 Email : stephane.cesbron@inserm.fr Tél : 02.40.20.92.28 Portable : 06.78.68.76.39 ----------------------------------------------------------------- Ce message et toutes les pieces jointes sont etablis a l''intention exclusive de ses destinataires et peuvent etre confidentiels ou proteges. L''internet ne permettant pas d''assurer l''integrite de ce message, l''INSERM decline toute responsabilite au titre de ce message, dans l''hypothese ou il aurait ete modifie. Toute utilisation de ce message non conforme a sa destination, toute diffusion ou toute publication, totale ou partielle, est interdite, sauf autorisation expresse. Si vous recevez ce message par erreur, merci de le detruire et d''en avertir immediatement l''expediteur. Merci. The information transmitted is intended exclusively for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any disclosure, copying, distribution or other action based upon the information by persons or entities other than the intended recipient is prohibited. If you receive this information in error, please contact the sender and delete the material from any and all computers. _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users