Hi, I have CentOS 5.2 Dom0, which was running xen-3.1.2 which I rebuilt from Fedora RPMS. All DomUs worked fine (CentOS PV installs). I recently upgraded to xen-3.3 (from the gitco repo - nice job!) and I''ve found that guest networking is working the same. Specifically, the Dom0 firewall is blocking traffic to/from the DomUs. If I turn off iptables on the dom0, the guest networking works OK. Was there some change between xen 3.1.2 and xen 3.3 that could cause this? Do I need to tweak the config slightly? I am grateful for any pointers. Thanks, R. _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
Meng Kuan
2008-Oct-22 12:51 UTC
Re: [Xen-users] CentOS 5.2, xen-3.3, network/firewall setup
On Oct 22, 2008, at 8:17 PM, Robin Bowes wrote:> I have CentOS 5.2 Dom0, which was running xen-3.1.2 which I rebuilt > from Fedora RPMS. All DomUs worked fine (CentOS PV installs). > > I recently upgraded to xen-3.3 (from the gitco repo - nice job!) and > I''ve found that guest networking is working the same. Specifically, > the Dom0 firewall is blocking traffic to/from the DomUs. > > If I turn off iptables on the dom0, the guest networking works OK. >Try the following tip from http://wiki.libvirt.org/page/Networking Alternatively, you can prevent bridged traffic getting pushed through the host''s iptables rules. In /etc/sysctl.conf add # cat >> /etc/sysctl.conf <<EOF net.bridge.bridge-nf-call-ip6tables = 0 net.bridge.bridge-nf-call-iptables = 0 net.bridge.bridge-nf-call-arptables = 0 EOF # sysctl -p /etc/sysctl.conf _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
Robin Bowes
2008-Oct-22 15:56 UTC
[Xen-users] Re: CentOS 5.2, xen-3.3, network/firewall setup
Meng Kuan wrote:> > On Oct 22, 2008, at 8:17 PM, Robin Bowes wrote: >> I have CentOS 5.2 Dom0, which was running xen-3.1.2 which I rebuilt >> from Fedora RPMS. All DomUs worked fine (CentOS PV installs). >> >> I recently upgraded to xen-3.3 (from the gitco repo - nice job!) and >> I''ve found that guest networking is working the same. Specifically, >> the Dom0 firewall is blocking traffic to/from the DomUs. >> >> If I turn off iptables on the dom0, the guest networking works OK. >> > > Try the following tip from http://wiki.libvirt.org/page/Networking > > > Alternatively, you can prevent bridged traffic getting pushed through > the host''s iptables rules. In /etc/sysctl.conf add > > # cat >> /etc/sysctl.conf <<EOF > net.bridge.bridge-nf-call-ip6tables = 0 > net.bridge.bridge-nf-call-iptables = 0 > net.bridge.bridge-nf-call-arptables = 0 > EOF > # sysctl -p /etc/sysctl.confThanks. I''m doing a new install so I can see what the "out-of-the-box" settings are, and take it from there. Cheers, R. _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users