I have a xen 3.2.0 setup with 2.6.18. XenoLinux kernel and FC8 Dom0 file
system. I have used xen-tools to create a Debian-Etch DomU.
With the default setup I was not able to ping to any other host except
Dom0. I guess that was due to forward chaining issue with my Dom0. But then
I modified my iptables configuration in Dom0 to comment out the forwarding
rule that was rejecting everything. So now I am being able to ping to all
the hosts in the same L3 subnet as my DomU but not not anything other than
that.
So could any please tell me what I am doing wrong? I am including some
details below. Let me know if I am missing to provide some necessary
information.
**********
my DomU config file is as follows:
#
# Configuration file for the Xen instance dmvirt1.xxx, created
# by xen-tools 3.9 on Tue Dec 2 17:51:45 2008.
#
#
# Kernel + memory size
#
kernel = ''/boot/vmlinuz-2.6.18.8-xen''
ramdisk = ''/boot/initrd-2.6.18.8-xen.img''
memory = ''128''
#
# Disk device(s).
#
root = ''/dev/sda2 ro''
disk = [
''phy:/dev/DomUVols/dmvirt1.xxx-swap,sda1,w'',
''phy:/dev/DomUVols/dmvirt1.xxx-disk,sda2,w'',
]
#
# Hostname
#
name = ''dmvirt1.xxxx''
#
# Networking
#
vif = [ ''ip=143.215.129.1xx,mac=00:16:3E:88:22:AA'' ]
vfb = [''type=vnc'']
#
# Behaviour
#
on_poweroff = ''destroy''
on_reboot = ''restart''
on_crash = ''restart''
extra = "xencons=xvc console=xvc console=tty"
*******************
*****************
Some other DomU Details
dmvirt1:~# ifconfig
eth0 Link encap:Ethernet HWaddr 00:16:3E:88:22:AA
inet addr:143.215.129.157 Bcast:143.215.129.255 Mask:
255.255.255.0
inet6 addr: fe80::216:3eff:fe88:22aa/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:1206 errors:0 dropped:0 overruns:0 frame:0
TX packets:68 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:114259 (111.5 KiB) TX bytes:10024 (9.7 KiB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
dmvirt1:~# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use
Iface
143.215.129.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
dmvirt1:/etc# cat /etc/network/interfaces
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
# The loopback network interface
auto lo
iface lo inet loopback
# The primary network interface
auto eth0
iface eth0 inet static
address 143.215.129.1xx
gateway 143.215.129.1
netmask 255.255.255.0
broadcast ${broadcast}
# post-up ethtool -K eth0 tx off
#
# The commented out line above will disable TCP checksumming which
# might resolve problems for some users. It is disabled by default
#
dmvirt1:~# ping www.yahoo.com
ping: unknown host www.yahoo.com
dmvirt1:~# ping 69.147.76.15
connect: Network is unreachable
*******************
Dom0 Details
[root@kahn dev]# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
RH-Firewall-1-INPUT all -- anywhere anywhere
Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT all -- dmvirt1 anywhere PHYSDEV match
--physdev-in vif17.0
ACCEPT udp -- anywhere anywhere PHYSDEV match
--physdev-in vif17.0 udp spt:bootpc dpt:bootps
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain RH-Firewall-1-INPUT (1 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere icmp any
ACCEPT esp -- anywhere anywhere
ACCEPT ah -- anywhere anywhere
ACCEPT udp -- anywhere 224.0.0.251 udp dpt:mdns
ACCEPT udp -- anywhere anywhere udp dpt:ipp
ACCEPT tcp -- anywhere anywhere tcp dpt:ipp
ACCEPT all -- anywhere anywhere state
RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere state NEW tcp
dpt:ssh
ACCEPT tcp -- anywhere anywhere state NEW tcp
dpt:http
ACCEPT tcp -- anywhere anywhere state NEW tcp
dpt:nfs
ACCEPT udp -- anywhere anywhere state NEW udp
dpt:nfs
ACCEPT tcp -- anywhere anywhere state NEW tcp
dpt:https
ACCEPT tcp -- anywhere anywhere state NEW tcp
dpt:domain
ACCEPT udp -- anywhere anywhere state NEW udp
dpt:domain
ACCEPT tcp -- anywhere anywhere state NEW tcp
dpt:sunrpc
ACCEPT tcp -- anywhere anywhere state NEW tcp
dpt:telnet
ACCEPT tcp -- anywhere anywhere state NEW tcp
dpt:cvspserver
ACCEPT tcp -- anywhere anywhere state NEW tcp
dpts:terabase:pxc-splr-ft
ACCEPT udp -- anywhere anywhere state NEW udp
dpts:terabase:pxc-splr-ft
ACCEPT tcp -- anywhere anywhere state NEW tcp
dpt:teradataordbms
REJECT all -- anywhere anywhere reject-with
icmp-host-prohibited
[root@kahn dev]# ifconfig
eth0 Link encap:Ethernet HWaddr 00:1A:A0:1B:88:E1
inet addr:143.215.129.2xx Bcast:143.215.129.255 Mask:
255.255.255.0
inet6 addr: fe80::21a:a0ff:fe1b:88e1/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:506521 errors:0 dropped:0 overruns:0 frame:0
TX packets:165558 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:423458331 (403.8 MiB) TX bytes:11964484 (11.4 MiB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:235929 errors:0 dropped:0 overruns:0 frame:0
TX packets:235929 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:36772495 (35.0 MiB) TX bytes:36772495 (35.0 MiB)
peth0 Link encap:Ethernet HWaddr 00:1A:A0:1B:88:E1
inet6 addr: fe80::21a:a0ff:fe1b:88e1/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:553720 errors:0 dropped:0 overruns:0 frame:0
TX packets:162980 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:434130358 (414.0 MiB) TX bytes:13050967 (12.4 MiB)
Interrupt:20
vif17.0 Link encap:Ethernet HWaddr FE:FF:FF:FF:FF:FF
inet6 addr: fe80::fcff:ffff:feff:ffff/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:361 errors:0 dropped:0 overruns:0 frame:0
TX packets:4092 errors:0 dropped:5 overruns:0 carrier:0
collisions:0 txqueuelen:32
RX bytes:43052 (42.0 KiB) TX bytes:393229 (384.0 KiB)
[root@kahn dev]# brctl show
bridge name bridge id STP enabled interfaces
eth0 8000.001aa01b88e1 no peth0
vif17.0
******************
_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users
I had sent the following mail to the xen-users list. But did not get any
reply there. So posting here. Please help
I have a xen 3.2.0 setup with 2.6.18. XenoLinux kernel and FC8 Dom0 file
system. I have used xen-tools to create a Debian-Etch DomU. I use a static
(public) IP for my DomU and have used default bridging for network setup.
With the default setup I was not able to ping to any other host except
Dom0. I guess that was due to forward chaining issue with my Dom0. But then
I modified my iptables configuration in Dom0 to comment out the forwarding
rule that was rejecting everything. So now I am being able to ping to all
the hosts in the same L3 subnet as my DomU but not not anything other than
that.
So could any please tell me what I am doing wrong? I am including some
details below. Let me know if I am missing to provide some necessary
information.
Initially I thought it might be some DNS issue. But even after modifying the
/etc/resolv.conf in DomU I am getting same error.
**********
my DomU config file is as follows:
#
# Configuration file for the Xen instance dmvirt1.xxx, created
# by xen-tools 3.9 on Tue Dec 2 17:51:45 2008.
#
#
# Kernel + memory size
#
kernel = ''/boot/vmlinuz-2.6.18.8-xen''
ramdisk = ''/boot/initrd-2.6.18.8-xen.img''
memory = ''128''
#
# Disk device(s).
#
root = ''/dev/sda2 ro''
disk = [
''phy:/dev/DomUVols/dmvirt1.xxx-swap,sda1,w'',
''phy:/dev/DomUVols/dmvirt1.xxx-disk,sda2,w'',
]
#
# Hostname
#
name = ''dmvirt1.xxxx''
#
# Networking
#
vif = [ ''ip=143.215.129.1xx,mac=00:16:3E:88:22:AA'' ]
vfb = [''type=vnc'']
#
# Behaviour
#
on_poweroff = ''destroy''
on_reboot = ''restart''
on_crash = ''restart''
extra = "xencons=xvc console=xvc console=tty"
*******************
*****************
Some other DomU Details
dmvirt1:~# ifconfig
eth0 Link encap:Ethernet HWaddr 00:16:3E:88:22:AA
inet addr:143.215.129.157 Bcast:143.215.129.255 Mask:
255.255.255.0
inet6 addr: fe80::216:3eff:fe88:22aa/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:1206 errors:0 dropped:0 overruns:0 frame:0
TX packets:68 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:114259 (111.5 KiB) TX bytes:10024 (9.7 KiB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
dmvirt1:~# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use
Iface
143.215.129.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
dmvirt1:/etc# cat /etc/network/interfaces
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
# The loopback network interface
auto lo
iface lo inet loopback
# The primary network interface
auto eth0
iface eth0 inet static
address 143.215.129.1xx
gateway 143.215.129.1
netmask 255.255.255.0
broadcast ${broadcast}
# post-up ethtool -K eth0 tx off
#
# The commented out line above will disable TCP checksumming which
# might resolve problems for some users. It is disabled by default
#
dmvirt1:~# ping www.yahoo.com
ping: unknown host www.yahoo.com
dmvirt1:~# ping 69.147.76.15
connect: Network is unreachable
*******************
Dom0 Details
[root@kahn dev]# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
RH-Firewall-1-INPUT all -- anywhere anywhere
Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT all -- dmvirt1 anywhere PHYSDEV match
--physdev-in vif17.0
ACCEPT udp -- anywhere anywhere PHYSDEV match
--physdev-in vif17.0 udp spt:bootpc dpt:bootps
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain RH-Firewall-1-INPUT (1 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere icmp any
ACCEPT esp -- anywhere anywhere
ACCEPT ah -- anywhere anywhere
ACCEPT udp -- anywhere 224.0.0.251 udp dpt:mdns
ACCEPT udp -- anywhere anywhere udp dpt:ipp
ACCEPT tcp -- anywhere anywhere tcp dpt:ipp
ACCEPT all -- anywhere anywhere state
RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere state NEW tcp
dpt:ssh
ACCEPT tcp -- anywhere anywhere state NEW tcp
dpt:http
ACCEPT tcp -- anywhere anywhere state NEW tcp
dpt:nfs
ACCEPT udp -- anywhere anywhere state NEW udp
dpt:nfs
ACCEPT tcp -- anywhere anywhere state NEW tcp
dpt:https
ACCEPT tcp -- anywhere anywhere state NEW tcp
dpt:domain
ACCEPT udp -- anywhere anywhere state NEW udp
dpt:domain
ACCEPT tcp -- anywhere anywhere state NEW tcp
dpt:sunrpc
ACCEPT tcp -- anywhere anywhere state NEW tcp
dpt:telnet
ACCEPT tcp -- anywhere anywhere state NEW tcp
dpt:cvspserver
ACCEPT tcp -- anywhere anywhere state NEW tcp
dpts:terabase:pxc-splr-ft
ACCEPT udp -- anywhere anywhere state NEW udp
dpts:terabase:pxc-splr-ft
ACCEPT tcp -- anywhere anywhere state NEW tcp
dpt:teradataordbms
REJECT all -- anywhere anywhere reject-with
icmp-host-prohibited
[root@kahn dev]# ifconfig
eth0 Link encap:Ethernet HWaddr 00:1A:A0:1B:88:E1
inet addr:143.215.129.2xx Bcast:143.215.129.255 Mask:
255.255.255.0
inet6 addr: fe80::21a:a0ff:fe1b:88e1/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:506521 errors:0 dropped:0 overruns:0 frame:0
TX packets:165558 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:423458331 (403.8 MiB) TX bytes:11964484 (11.4 MiB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:235929 errors:0 dropped:0 overruns:0 frame:0
TX packets:235929 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:36772495 (35.0 MiB) TX bytes:36772495 (35.0 MiB)
peth0 Link encap:Ethernet HWaddr 00:1A:A0:1B:88:E1
inet6 addr: fe80::21a:a0ff:fe1b:88e1/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:553720 errors:0 dropped:0 overruns:0 frame:0
TX packets:162980 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:434130358 (414.0 MiB) TX bytes:13050967 (12.4 MiB)
Interrupt:20
vif17.0 Link encap:Ethernet HWaddr FE:FF:FF:FF:FF:FF
inet6 addr: fe80::fcff:ffff:feff:ffff/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:361 errors:0 dropped:0 overruns:0 frame:0
TX packets:4092 errors:0 dropped:5 overruns:0 carrier:0
collisions:0 txqueuelen:32
RX bytes:43052 (42.0 KiB) TX bytes:393229 (384.0 KiB)
[root@kahn dev]# brctl show
bridge name bridge id STP enabled interfaces
eth0 8000.001aa01b88e1 no peth0
vif17.0
******************
Thanks in advance for all help.
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel
I would guess from your logs that your DomU simply misses a default route, so it
can only send out packets to the 143.215.129.0<http://143.215.129.0>
network.
Try adding a default route in your DomU, e.g. by calling "ip route add
default via $gateway_ip_address dev eth0". $gateway_ip_address should be
your routing box that connects to outside networks.
From: xen-users-bounces@lists.xensource.com
[mailto:xen-users-bounces@lists.xensource.com] On Behalf Of Sarika Ray
Sent: 03 December 2008 06:19
To: xen-users@lists.xensource.com
Subject: [Xen-users] strange networking issue in xen DomU
I have a xen 3.2.0 setup with 2.6.18.<http://2.6.18.> XenoLinux kernel and
FC8 Dom0 file system. I have used xen-tools to create a Debian-Etch DomU.
With the default setup I was not able to ping to any other host except Dom0. I
guess that was due to forward chaining issue with my Dom0. But then I modified
my iptables configuration in Dom0 to comment out the forwarding rule that was
rejecting everything. So now I am being able to ping to all the hosts in the
same L3 subnet as my DomU but not not anything other than that.
So could any please tell me what I am doing wrong? I am including some details
below. Let me know if I am missing to provide some necessary information.
**********
my DomU config file is as follows:
#
# Configuration file for the Xen instance dmvirt1.xxx, created
# by xen-tools 3.9 on Tue Dec 2 17:51:45 2008.
#
#
# Kernel + memory size
#
kernel = ''/boot/vmlinuz-2.6.18.8-xen''
ramdisk = ''/boot/initrd-2.6.18.8-xen.img''
memory = ''128''
#
# Disk device(s).
#
root = ''/dev/sda2 ro''
disk = [
''phy:/dev/DomUVols/dmvirt1.xxx-swap,sda1,w'',
''phy:/dev/DomUVols/dmvirt1.xxx-disk,sda2,w'',
]
#
# Hostname
#
name = ''dmvirt1.xxxx''
#
# Networking
#
vif = [ ''ip=143.215.129.1xx,mac=00:16:3E:88:22:AA'' ]
vfb = [''type=vnc'']
#
# Behaviour
#
on_poweroff = ''destroy''
on_reboot = ''restart''
on_crash = ''restart''
extra = "xencons=xvc console=xvc console=tty"
*******************
*****************
Some other DomU Details
dmvirt1:~# ifconfig
eth0 Link encap:Ethernet HWaddr 00:16:3E:88:22:AA
inet addr:143.215.129.157<http://143.215.129.157>
Bcast:143.215.129.255<http://143.215.129.255>
Mask:255.255.255.0<http://255.255.255.0>
inet6 addr: fe80::216:3eff:fe88:22aa/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:1206 errors:0 dropped:0 overruns:0 frame:0
TX packets:68 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:114259 (111.5 KiB) TX bytes:10024 (9.7 KiB)
lo Link encap:Local Loopback
inet addr:127.0.0.1<http://127.0.0.1>
Mask:255.0.0.0<http://255.0.0.0>
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
dmvirt1:~# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
143.215.129.0<http://143.215.129.0> 0.0.0.0<http://0.0.0.0>
255.255.255.0<http://255.255.255.0> U 0 0 0 eth0
dmvirt1:/etc# cat /etc/network/interfaces
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
# The loopback network interface
auto lo
iface lo inet loopback
# The primary network interface
auto eth0
iface eth0 inet static
address 143.215.129.1xx
gateway 143.215.129.1<http://143.215.129.1>
netmask 255.255.255.0<http://255.255.255.0>
broadcast ${broadcast}
# post-up ethtool -K eth0 tx off
#
# The commented out line above will disable TCP checksumming which
# might resolve problems for some users. It is disabled by default
#
dmvirt1:~# ping www.yahoo.com<http://www.yahoo.com>
ping: unknown host www.yahoo.com<http://www.yahoo.com>
dmvirt1:~# ping 69.147.76.15<http://69.147.76.15>
connect: Network is unreachable
*******************
Dom0 Details
[root@kahn dev]# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
RH-Firewall-1-INPUT all -- anywhere anywhere
Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT all -- dmvirt1 anywhere PHYSDEV match
--physdev-in vif17.0
ACCEPT udp -- anywhere anywhere PHYSDEV match
--physdev-in vif17.0 udp spt:bootpc dpt:bootps
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain RH-Firewall-1-INPUT (1 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere icmp any
ACCEPT esp -- anywhere anywhere
ACCEPT ah -- anywhere anywhere
ACCEPT udp -- anywhere 224.0.0.251<http://224.0.0.251>
udp dpt:mdns
ACCEPT udp -- anywhere anywhere udp dpt:ipp
ACCEPT tcp -- anywhere anywhere tcp dpt:ipp
ACCEPT all -- anywhere anywhere state
RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere state NEW tcp
dpt:ssh
ACCEPT tcp -- anywhere anywhere state NEW tcp
dpt:http
ACCEPT tcp -- anywhere anywhere state NEW tcp
dpt:nfs
ACCEPT udp -- anywhere anywhere state NEW udp
dpt:nfs
ACCEPT tcp -- anywhere anywhere state NEW tcp
dpt:https
ACCEPT tcp -- anywhere anywhere state NEW tcp
dpt:domain
ACCEPT udp -- anywhere anywhere state NEW udp
dpt:domain
ACCEPT tcp -- anywhere anywhere state NEW tcp
dpt:sunrpc
ACCEPT tcp -- anywhere anywhere state NEW tcp
dpt:telnet
ACCEPT tcp -- anywhere anywhere state NEW tcp
dpt:cvspserver
ACCEPT tcp -- anywhere anywhere state NEW tcp
dpts:terabase:pxc-splr-ft
ACCEPT udp -- anywhere anywhere state NEW udp
dpts:terabase:pxc-splr-ft
ACCEPT tcp -- anywhere anywhere state NEW tcp
dpt:teradataordbms
REJECT all -- anywhere anywhere reject-with
icmp-host-prohibited
[root@kahn dev]# ifconfig
eth0 Link encap:Ethernet HWaddr 00:1A:A0:1B:88:E1
inet addr:143.215.129.2xx
Bcast:143.215.129.255<http://143.215.129.255>
Mask:255.255.255.0<http://255.255.255.0>
inet6 addr: fe80::21a:a0ff:fe1b:88e1/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:506521 errors:0 dropped:0 overruns:0 frame:0
TX packets:165558 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:423458331 (403.8 MiB) TX bytes:11964484 (11.4 MiB)
lo Link encap:Local Loopback
inet addr:127.0.0.1<http://127.0.0.1>
Mask:255.0.0.0<http://255.0.0.0>
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:235929 errors:0 dropped:0 overruns:0 frame:0
TX packets:235929 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:36772495 (35.0 MiB) TX bytes:36772495 (35.0 MiB)
peth0 Link encap:Ethernet HWaddr 00:1A:A0:1B:88:E1
inet6 addr: fe80::21a:a0ff:fe1b:88e1/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:553720 errors:0 dropped:0 overruns:0 frame:0
TX packets:162980 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:434130358 (414.0 MiB) TX bytes:13050967 (12.4 MiB)
Interrupt:20
vif17.0 Link encap:Ethernet HWaddr FE:FF:FF:FF:FF:FF
inet6 addr: fe80::fcff:ffff:feff:ffff/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:361 errors:0 dropped:0 overruns:0 frame:0
TX packets:4092 errors:0 dropped:5 overruns:0 carrier:0
collisions:0 txqueuelen:32
RX bytes:43052 (42.0 KiB) TX bytes:393229 (384.0 KiB)
[root@kahn dev]# brctl show
bridge name bridge id STP enabled interfaces
eth0 8000.001aa01b88e1 no peth0
vif17.0
******************
_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users
Thanks. It solved the issue. I was dumb to miss this earlier. On Wed, Dec 3, 2008 at 11:08 PM, Fischer, Anna <anna.fischer@hp.com> wrote:> I would guess from your logs that your DomU simply misses a default > route, so it can only send out packets to the 143.215.129.0 network. > > > > Try adding a default route in your DomU, e.g. by calling "ip route add > default via $gateway_ip_address dev eth0". $gateway_ip_address should be > your routing box that connects to outside networks. > > > > *From:* xen-users-bounces@lists.xensource.com [mailto: > xen-users-bounces@lists.xensource.com] *On Behalf Of *Sarika Ray > *Sent:* 03 December 2008 06:19 > *To:* xen-users@lists.xensource.com > *Subject:* [Xen-users] strange networking issue in xen DomU > > > > I have a xen 3.2.0 setup with 2.6.18. XenoLinux kernel and FC8 Dom0 file > system. I have used xen-tools to create a Debian-Etch DomU. > > With the default setup I was not able to ping to any other host except > Dom0. I guess that was due to forward chaining issue with my Dom0. But then > I modified my iptables configuration in Dom0 to comment out the forwarding > rule that was rejecting everything. So now I am being able to ping to all > the hosts in the same L3 subnet as my DomU but not not anything other than > that. > > So could any please tell me what I am doing wrong? I am including some > details below. Let me know if I am missing to provide some necessary > information. > > ********** > my DomU config file is as follows: > # > # Configuration file for the Xen instance dmvirt1.xxx, created > # by xen-tools 3.9 on Tue Dec 2 17:51:45 2008. > # > > # > # Kernel + memory size > # > kernel = ''/boot/vmlinuz-2.6.18.8-xen'' > ramdisk = ''/boot/initrd-2.6.18.8-xen.img'' > memory = ''128'' > > # > # Disk device(s). > # > root = ''/dev/sda2 ro'' > disk = [ > ''phy:/dev/DomUVols/dmvirt1.xxx-swap,sda1,w'', > ''phy:/dev/DomUVols/dmvirt1.xxx-disk,sda2,w'', > ] > > > # > # Hostname > # > name = ''dmvirt1.xxxx'' > > # > # Networking > # > vif = [ ''ip=143.215.129.1xx,mac=00:16:3E:88:22:AA'' ] > > vfb = [''type=vnc''] > # > # Behaviour > # > on_poweroff = ''destroy'' > on_reboot = ''restart'' > on_crash = ''restart'' > > extra = "xencons=xvc console=xvc console=tty" > ******************* > > ***************** > Some other DomU Details > > dmvirt1:~# ifconfig > eth0 Link encap:Ethernet HWaddr 00:16:3E:88:22:AA > inet addr:143.215.129.157 Bcast:143.215.129.255 Mask: > 255.255.255.0 > inet6 addr: fe80::216:3eff:fe88:22aa/64 Scope:Link > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > RX packets:1206 errors:0 dropped:0 overruns:0 frame:0 > TX packets:68 errors:0 dropped:0 overruns:0 carrier:0 > collisions:0 txqueuelen:1000 > RX bytes:114259 (111.5 KiB) TX bytes:10024 (9.7 KiB) > > lo Link encap:Local Loopback > inet addr:127.0.0.1 Mask:255.0.0.0 > inet6 addr: ::1/128 Scope:Host > UP LOOPBACK RUNNING MTU:16436 Metric:1 > RX packets:0 errors:0 dropped:0 overruns:0 frame:0 > TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 > collisions:0 txqueuelen:0 > RX bytes:0 (0.0 b) TX bytes:0 (0.0 b) > > > dmvirt1:~# route -n > Kernel IP routing table > Destination Gateway Genmask Flags Metric Ref Use > Iface > 143.215.129.0 0.0.0.0 255.255.255.0 U 0 0 0 > eth0 > > > dmvirt1:/etc# cat /etc/network/interfaces > # This file describes the network interfaces available on your system > # and how to activate them. For more information, see interfaces(5). > > # The loopback network interface > auto lo > iface lo inet loopback > > # The primary network interface > auto eth0 > iface eth0 inet static > address 143.215.129.1xx > gateway 143.215.129.1 > netmask 255.255.255.0 > broadcast ${broadcast} > > # post-up ethtool -K eth0 tx off > > # > # The commented out line above will disable TCP checksumming which > # might resolve problems for some users. It is disabled by default > # > > > > > > dmvirt1:~# ping www.yahoo.com > ping: unknown host www.yahoo.com > dmvirt1:~# ping 69.147.76.15 > connect: Network is unreachable > > > > ******************* > Dom0 Details > > [root@kahn dev]# iptables -L > Chain INPUT (policy ACCEPT) > target prot opt source destination > RH-Firewall-1-INPUT all -- anywhere anywhere > > Chain FORWARD (policy ACCEPT) > target prot opt source destination > ACCEPT all -- dmvirt1 anywhere PHYSDEV match > --physdev-in vif17.0 > ACCEPT udp -- anywhere anywhere PHYSDEV match > --physdev-in vif17.0 udp spt:bootpc dpt:bootps > > Chain OUTPUT (policy ACCEPT) > target prot opt source destination > > Chain RH-Firewall-1-INPUT (1 references) > target prot opt source destination > ACCEPT all -- anywhere anywhere > ACCEPT icmp -- anywhere anywhere icmp any > ACCEPT esp -- anywhere anywhere > ACCEPT ah -- anywhere anywhere > ACCEPT udp -- anywhere 224.0.0.251 udp dpt:mdns > ACCEPT udp -- anywhere anywhere udp dpt:ipp > ACCEPT tcp -- anywhere anywhere tcp dpt:ipp > ACCEPT all -- anywhere anywhere state > RELATED,ESTABLISHED > ACCEPT tcp -- anywhere anywhere state NEW tcp > dpt:ssh > ACCEPT tcp -- anywhere anywhere state NEW tcp > dpt:http > ACCEPT tcp -- anywhere anywhere state NEW tcp > dpt:nfs > ACCEPT udp -- anywhere anywhere state NEW udp > dpt:nfs > ACCEPT tcp -- anywhere anywhere state NEW tcp > dpt:https > ACCEPT tcp -- anywhere anywhere state NEW tcp > dpt:domain > ACCEPT udp -- anywhere anywhere state NEW udp > dpt:domain > ACCEPT tcp -- anywhere anywhere state NEW tcp > dpt:sunrpc > ACCEPT tcp -- anywhere anywhere state NEW tcp > dpt:telnet > ACCEPT tcp -- anywhere anywhere state NEW tcp > dpt:cvspserver > ACCEPT tcp -- anywhere anywhere state NEW tcp > dpts:terabase:pxc-splr-ft > ACCEPT udp -- anywhere anywhere state NEW udp > dpts:terabase:pxc-splr-ft > ACCEPT tcp -- anywhere anywhere state NEW tcp > dpt:teradataordbms > REJECT all -- anywhere anywhere reject-with > icmp-host-prohibited > > > [root@kahn dev]# ifconfig > eth0 Link encap:Ethernet HWaddr 00:1A:A0:1B:88:E1 > inet addr:143.215.129.2xx Bcast:143.215.129.255 Mask: > 255.255.255.0 > inet6 addr: fe80::21a:a0ff:fe1b:88e1/64 Scope:Link > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > RX packets:506521 errors:0 dropped:0 overruns:0 frame:0 > TX packets:165558 errors:0 dropped:0 overruns:0 carrier:0 > collisions:0 txqueuelen:0 > RX bytes:423458331 (403.8 MiB) TX bytes:11964484 (11.4 MiB) > > lo Link encap:Local Loopback > inet addr:127.0.0.1 Mask:255.0.0.0 > inet6 addr: ::1/128 Scope:Host > UP LOOPBACK RUNNING MTU:16436 Metric:1 > RX packets:235929 errors:0 dropped:0 overruns:0 frame:0 > TX packets:235929 errors:0 dropped:0 overruns:0 carrier:0 > collisions:0 txqueuelen:0 > RX bytes:36772495 (35.0 MiB) TX bytes:36772495 (35.0 MiB) > > peth0 Link encap:Ethernet HWaddr 00:1A:A0:1B:88:E1 > inet6 addr: fe80::21a:a0ff:fe1b:88e1/64 Scope:Link > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > RX packets:553720 errors:0 dropped:0 overruns:0 frame:0 > TX packets:162980 errors:0 dropped:0 overruns:0 carrier:0 > collisions:0 txqueuelen:1000 > RX bytes:434130358 (414.0 MiB) TX bytes:13050967 (12.4 MiB) > Interrupt:20 > > vif17.0 Link encap:Ethernet HWaddr FE:FF:FF:FF:FF:FF > inet6 addr: fe80::fcff:ffff:feff:ffff/64 Scope:Link > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > RX packets:361 errors:0 dropped:0 overruns:0 frame:0 > TX packets:4092 errors:0 dropped:5 overruns:0 carrier:0 > collisions:0 txqueuelen:32 > RX bytes:43052 (42.0 KiB) TX bytes:393229 (384.0 KiB) > > > [root@kahn dev]# brctl show > bridge name bridge id STP enabled interfaces > eth0 8000.001aa01b88e1 no peth0 > vif17.0 > > > > ****************** > >_______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users