Matthew Law
2009-Dec-15 11:31 UTC
[Xen-users] frob_iptable not getting called for network-bridge?
Hi list, I have a CentOS Xen 3.4.2 dom0 setup with: (network-script ''network-bridge netdev=eth0 antispoof=yes'') and: (vif-script vif-bridge) The problem is that newly created domUs are firewalled (the FORWARD chain policy is DROP). Looking at the scripts in /etc/xen/scripts, shouldn''t the frob_iptable function should take care of adding the correct rules to permit access to the domU IP? Or have I missed something? Here is the output of ''brctl show'' with guests running: [root@mydom0 xen]# brctl show bridge name bridge id STP enabled interfaces eth0 8000.003048d9edf6 no vifdomu1 vifdomu2 peth0 and here is the output of ''iptables -L'': [root@mydom0 xen]# iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy DROP) target prot opt source destination ACCEPT all -- anywhere anywhere PHYSDEV match --physdev-in peth0 Chain OUTPUT (policy ACCEPT) target prot opt source destination If I drop the FORWARD rules and set it to ACCEPT by default, domU networking starts to work, but I would rather do it right. Thanks in advance, Matt _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users