Hi, The situation is that: 1. dom0 can ping external IP 2. dom0 can ping domU 3. domU can ping dom0 domU can NOT ping external IP. I reinstalled the machine, it worked before installation. ANY steps will find the crux? Shawn _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
Quoting "Y. D." <duyuyang@gmail.com>:> Hi, > > The situation is that: > > 1. dom0 can ping external IP > 2. dom0 can ping domU > 3. domU can ping dom0 > > domU can NOT ping external IP. > > I reinstalled the machine, it worked before installation. > > ANY steps will find the crux? > > Shawn > > >Maybe a DENY rule for the FORWARD chain in iptables? Jon _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
How''s your network setup?
Bridged networking? Firewall settings?
The bridge setup in dom0:
#brctl show
bridge name bridge id STP enabled interfaces
eth0 8000.000fea0247e6 no peth0
vif81.0
The iptables setup in dom0:
#iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere PHYSDEV match
--physdev-in vif81.0
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
The route setup in dom0 and domU is the same:
#route -n
Destination Gateway Genmask Flags Metric Ref Use Iface
10.0.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth21
0.0.0.0 10.0.0.165 0.0.0.0 UG 0 0 0 eth21
thank you.
------------------
Y. D.
2008-10-31
_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users
iptables on domU? On Thu, Oct 30, 2008 at 8:36 PM, Y. D. <duyuyang@gmail.com> wrote:> How''s your network setup? > Bridged networking? Firewall settings? > > The bridge setup in dom0: > #brctl show > bridge name bridge id STP enabled interfaces > eth0 8000.000fea0247e6 no peth0 > > vif81.0 > The iptables setup in dom0: > #iptables -L > Chain INPUT (policy ACCEPT) > target prot opt source destination > Chain FORWARD (policy ACCEPT) > target prot opt source destination > > ACCEPT all -- anywhere anywhere PHYSDEV match --physdev-in vif81.0 > Chain OUTPUT (policy ACCEPT) > target prot opt source destination > > The route setup in dom0 and domU is the same: > #route -n > > Destination Gateway Genmask Flags Metric Ref Use Iface > 10.0.0.0 0.0.0.0 255.255.255.0 > U 0 0 0 eth21 > 0.0.0.0 10.0.0.165 0.0.0.0 > UG 0 0 0 eth21 > > thank you. > ------------------ > Y. D. > 2008-10-31 > > _______________________________________________ > Xen-users mailing list > Xen-users@lists.xensource.com > http://lists.xensource.com/xen-users >_______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
Surprisingly, I find there is no iptables in domU. Is this a problem? I guest not. ------------------ Y. D. 2008-10-31 ------------------------------------------------------------- From:Harold_A._Gim閚ez_Ch. Date:2008-10-31 08:46:30 To:Y. D. Cc:Antonino Catinello; xen-users Subject:Re: AW: [Xen-users] domU network not work iptables on domU? On Thu, Oct 30, 2008 at 8:36 PM, Y. D. <duyuyang@gmail.com> wrote:> How's your network setup? > Bridged networking? Firewall settings? > > The bridge setup in dom0: > #brctl show > bridge name bridge id STP enabled interfaces > eth0 8000.000fea0247e6 no peth0 > > vif81.0 > The iptables setup in dom0: > #iptables -L > Chain INPUT (policy ACCEPT) > target prot opt source destination > Chain FORWARD (policy ACCEPT) > target prot opt source destination > > ACCEPT all -- anywhere anywhere PHYSDEV match --physdev-in vif81.0 > Chain OUTPUT (policy ACCEPT) > target prot opt source destination > > The route setup in dom0 and domU is the same: > #route -n > > Destination Gateway Genmask Flags Metric Ref Use Iface > 10.0.0.0 0.0.0.0 255.255.255.0 > U 0 0 0 eth21 > 0.0.0.0 10.0.0.165 0.0.0.0 > UG 0 0 0 eth21 > > thank you. > ------------------ > Y. D. > 2008-10-31 > > _______________________________________________ > Xen-users mailing list > Xen-users@lists.xensource.com > http://lists.xensource.com/xen-users >_______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
A domU is installed in Xen, it can ping dom0, but not outside Xen. In domU: ping 10.0.0.150>From 10.0.0.36 icmp_seq=303 Destination Host Unreachable >From 10.0.0.36 icmp_seq=304 Destination Host Unreachable >From 10.0.0.36 icmp_seq=305 Destination Host Unreachable >From 10.0.0.36 icmp_seq=306 Destination Host Unreachable >From 10.0.0.36 icmp_seq=307 Destination Host Unreachable >From 10.0.0.36 icmp_seq=308 Destination Host UnreachableIn dom0: tcpdump -i peth0 | grep "10.0.0.36" /*10.0.0.36 is domu''s IP*/ 16:21:10.181977 arp who-has 10.0.0.165 tell 10.0.0.36 16:21:11.181961 arp who-has 10.0.0.165 tell 10.0.0.36 16:21:11.841972 arp who-has 10.0.0.150 tell 10.0.0.36 16:21:12.181974 arp who-has 10.0.0.165 tell 10.0.0.36 16:21:12.841953 arp who-has 10.0.0.150 tell 10.0.0.36 16:21:13.841997 arp who-has 10.0.0.150 tell 10.0.0.36 16:21:14.848934 arp who-has 10.0.0.150 tell 10.0.0.36 16:21:15.181945 arp who-has 10.0.0.165 tell 10.0.0.36 16:21:15.845963 arp who-has 10.0.0.150 tell 10.0.0.36 16:21:16.181962 arp who-has 10.0.0.165 tell 10.0.0.36 I don''t know what is wrong. Can anyone help? Thanks, Shawn _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
I guess echo 1 > /proc/sys/net/ipv4/conf/eth0/proxy_arp might resolve your problem. _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
Hi, Fixed. Turns out that the promiscuous mode in peth0 is the cause. Don''t know why, but it was turned off. Thanks, Shawn _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users