thr3ads.net - Xen users - [Xen-users] icmp problem on [Feb 2010]

If this information is useful, please help other people find it:
Share via:

Oliver Rojo

2010-Feb-16 10:50 UTC

[Xen-users] icmp problem on

Hi guys,

This is my first time using xen over shorewall. 

I have succesfully setup xen server (dom0) and running one guest (domU). I only
have problem on my domU that I need to resolve immediately.

I can ping remote IP addresses but I couldn''t ping domains such as
google.com unless I do clear my shorewall rules on dom0. I''m using
bridging by the way.

Thanks in advance.

Oliver

_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users

Fajar A. Nugraha

2010-Feb-16 10:59 UTC

head link

Re: [Xen-users] icmp problem on

On Tue, Feb 16, 2010 at 5:50 PM, Oliver Rojo <orojo@tresmax.asia>
wrote:> I can ping remote IP addresses but I couldn''t ping domains such as
google.com unless I do clear my shorewall rules on dom0. I''m using
bridging by the way.
So you''re able to ping google''s IP address directly?
If yes, sounds like shorewall is blocking DNS queries from domUs. You
need to allow that, as by default iptables will not only filter dom0''s
traffic, but also bridged traffic from domUs.

An alternative would be to set
/proc/sys/net/bridge/bridge-nf-call-iptables to 0, which should make
iptables ignore bridged traffic.

-- 
Fajar

_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users

Oliver Rojo

2010-Feb-16 11:44 UTC

head link

Re: [Xen-users] icmp problem on

that did the trick! :D 

thanks a lot.

----- Original Message -----
From: Fajar A. Nugraha
[mailto:fajar@fajar.net]
To: Oliver Rojo [mailto:orojo@tresmax.asia]
Cc:
xen-users@lists.xensource.com
Sent: Tue, 16 Feb 2010 10:59:56 +0000
Subject:
Re: [Xen-users] icmp problem on

> On Tue, Feb 16, 2010 at 5:50 PM, Oliver Rojo <orojo@tresmax.asia>
wrote:
> > I can ping remote IP addresses but I couldn''t ping domains
such as
> google.com unless I do clear my shorewall rules on dom0. I''m using
bridging
> by the way.
> 
> So you''re able to ping google''s IP address directly?
> If yes, sounds like shorewall is blocking DNS queries from domUs. You
> need to allow that, as by default iptables will not only filter
dom0''s
> traffic, but also bridged traffic from domUs.
> 
> An alternative would be to set
> /proc/sys/net/bridge/bridge-nf-call-iptables to 0, which should make
> iptables ignore bridged traffic.
> 
> -- 
> Fajar
> 
_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users

Xen users - Feb 2010 - icmp problem on

[Xen-users] icmp problem on

Re: [Xen-users] icmp problem on

Re: [Xen-users] icmp problem on