Hi, can anyone help me with this (weirdest problem Ive ever seen) I have the latest Debian Squeeze vendor xen dom0 kernel and 1 domU succesfully installed on it using bridged networking. From dom0, I can ping/telnet etc. to anywhere on the web WHAT IS WORKING > * From my domU I can successfully ping google.com and telnet to 8.8.8.8:53 (googles dns server) * tcpdump vif1.0 and I see SYNs and ACKs * tcpdump peth0 and I see corresponding SYNs and ACKs WHAT IS NOT WORKING > * However I cannot telnet to google.com:80 - connection refused * When I TCPDump vif1.0 I see SYNs followed by RST,ACK sent from dom0 * There are no packets leaving or entering on peth0 at all - so they dont get out onto the network All my iptables rules are all ACCEPT rules, and the policys are all ACCEPT. IE there is no iptables rule in either INPUT, FORWARD, OUTPUT, PREROUTING or POSTROUTING that does anything other than accept. This is the case for both dom0 and domU Can anyone shed any light on this mysterious behaviour? Why would googles dns server work but http server not? Is there something I''ve forgotten? -- Geoff Meakin _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
Solved -- Geoff Meakin On 18 Aug 2011, at 00:19, Geoff Meakin Acid wrote:> Hi, can anyone help me with this (weirdest problem Ive ever seen) > > I have the latest Debian Squeeze vendor xen dom0 kernel and 1 domU succesfully installed on it using bridged networking. From dom0, I can ping/telnet etc. to anywhere on the web > > WHAT IS WORKING > > * From my domU I can successfully ping google.com and telnet to 8.8.8.8:53 (googles dns server) > * tcpdump vif1.0 and I see SYNs and ACKs > * tcpdump peth0 and I see corresponding SYNs and ACKs > > WHAT IS NOT WORKING > > * However I cannot telnet to google.com:80 - connection refused > * When I TCPDump vif1.0 I see SYNs followed by RST,ACK sent from dom0 > * There are no packets leaving or entering on peth0 at all - so they dont get out onto the network > > All my iptables rules are all ACCEPT rules, and the policys are all ACCEPT. IE there is no iptables rule in either INPUT, FORWARD, OUTPUT, PREROUTING or POSTROUTING that does anything other than accept. This is the case for both dom0 and domU > > Can anyone shed any light on this mysterious behaviour? Why would googles dns server work but http server not? Is there something I''ve forgotten? > > > -- > > Geoff Meakin > > > > >_______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
Geoff Meakin Acid wrote:>SolvedGo on, you can''t leave it like that ;-) -- Simon Hobson Visit http://www.magpiesnestpublishing.co.uk/ for books by acclaimed author Gladys Hobson. Novels - poetry - short stories - ideal as Christmas stocking fillers. Some available as e-books. _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
Geoff Meakin Acid
2011-Aug-18 10:30 UTC
Re: [Xen-users] Re: Xen bridge swallowing packets?
>> Solved > > Go on, you can''t leave it like that ;-) > >I had a rogue rule in POSTROUTING that natted port 80 to a non existent network. User Error = Embarrassing! _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users