Xen users - Mar 2013 - Can't contact dom0 but can contact dom1, dom2, etc.

Hello.

I have this problem on my Xen server: I have 4 domains running; each of
them has its own static IP adress.

I can VNC onto these domains with their IP adress; but I can''t use
xen-server:5900 or 5901 etc. to VNC into them.

In fact, I can''t even ping the server. I can log onto the physical
keyboard
of the server, but I can''t ssh into the server, even though sshd is
running.

What can explain this?

Thanks.

-- 
F. Delente


_______________________________________________
Xen-users mailing list
Xen-users@lists.xen.org
http://lists.xen.org/xen-users

On Mar 26, 2013 7:42 AM, "Fabrice Delente" <delentef@gmail.com>
wrote:
>
> Hello.
>
> I have this problem on my Xen server: I have 4 domains running; each of
them has its own static IP adress.
>
> I can VNC onto these domains with their IP adress; but I can''t use
xen-server:5900 or 5901 etc. to VNC into them.
>
> In fact, I can''t even ping the server. I can log onto the physical
keyboard of the server, but I can''t ssh into the server, even though
sshd
is running.
>
> What can explain this?
>
> Thanks.
>
> --
> F. Delente
>
>
First blush would have me assume you either have networking misconfigured
on dom0 or a fascist firewall on dom0. Can you confirm that dom0 has an ip
address?


_______________________________________________
Xen-users mailing list
Xen-users@lists.xen.org
http://lists.xen.org/xen-users

Yes it has; I can usually ssh into it, but after having destroyed an
unresponsive domain it stopped responding to net connections on its IP.​


_______________________________________________
Xen-users mailing list
Xen-users@lists.xen.org
http://lists.xen.org/xen-users

On Tue, Mar 26, 2013 at 8:36 AM, Fabrice Delente <delentef@gmail.com>
wrote:
> Yes it has; I can usually ssh into it, but after having destroyed an
> unresponsive domain it stopped responding to net connections on its IP.
Can you SSH into it from itself (e.g. ssh 127.0.0.1)? Can you ping the
domUs from dom0?

-- 
--Zootboy

Sent from some sort of computing device.

Today it has started respnding again to ssh, even though I didn''t do
anything.

In dmesg I have scores of lines like these:

[5800201.055609] physdev match: using --physdev-out in the OUTPUT, FORWARD
and POSTROUTING chains for non-bridged traffic is not supported anymore.
[5800201.904358] device tap55.0 entered promiscuous mode
[5800201.904384] xen-bridge: port 3(tap55.0) entering learning state
[5800211.377315] vif55.0: no IPv6 routers present
[5800212.181315] tap55.0: no IPv6 routers present
[5800216.021324] xen-bridge: port 2(vif55.0) entering forwarding state
[5800216.901315] xen-bridge: port 3(tap55.0) entering forwarding state

​I don''t know if it''s relevant.

I''ll post an update if the problem arises again.


_______________________________________________
Xen-users mailing list
Xen-users@lists.xen.org
http://lists.xen.org/xen-users

On Wed, Mar 27, 2013 at 1:16 PM, Fabrice Delente <delentef@gmail.com>
wrote:
> Today it has started respnding again to ssh, even though I didn''t
do
> anything.
>
> In dmesg I have scores of lines like these:
>
> [5800201.055609] physdev match: using --physdev-out in the OUTPUT, FORWARD
> and POSTROUTING chains for non-bridged traffic is not supported anymore.
This means you have some rules in your iptables that aren''t supported.
If this is any indication of what yous issues are, it''s that iptables
is misconfigured. You may want to check over your rules table and make
sure they''re all sane.
> [5800201.904358] device tap55.0 entered promiscuous mode
> [5800201.904384] xen-bridge: port 3(tap55.0) entering learning state
Just general Xen networking chatter. Nothing to worry about here.
> [5800211.377315] vif55.0: no IPv6 routers present
> [5800212.181315] tap55.0: no IPv6 routers present
IPv6 stuff, obviously makes no difference if you''re not on a v6
network.
> [5800216.021324] xen-bridge: port 2(vif55.0) entering forwarding state
> [5800216.901315] xen-bridge: port 3(tap55.0) entering forwarding state
More chatter. All normal.
>
> I don''t know if it''s relevant.
>
> I''ll post an update if the problem arises again.
You may want to take a look at whatever writes your iptables. If
you''re using a script to set up networking, it may be out of date.

-- 
--Zootboy

Sent from some sort of computing device.

Ok, thanks for the hint, I''ll look into that.
​


_______________________________________________
Xen-users mailing list
Xen-users@lists.xen.org
http://lists.xen.org/xen-users

Sean Greenslade wrote:
> Fabrice Delente wrote:
>> physdev match: using --physdev-out in the OUTPUT, FORWARD and 
>> POSTROUTING chains for non-bridged traffic is not supported anymore.
> 
> This means you have some rules in your iptables that aren''t
supported.
> If this is any indication of what yous issues are, it''s that
iptables
> is misconfigured. You may want to check over your rules table and make
> sure they''re all sane.
No, this only means that you''re using --physdev-out somewhere in the 
rules.  Even if you''re only using it in a sane fashion--for bridged 
traffic--the message still appears.  When you modify the rules, it 
appears once for every usage.

On Wed, Mar 27, 2013 at 2:50 PM, Mike <debian@good-with-numbers.com>
wrote:
> Sean Greenslade wrote:
>> Fabrice Delente wrote:
>>> physdev match: using --physdev-out in the OUTPUT, FORWARD and
>>> POSTROUTING chains for non-bridged traffic is not supported
anymore.
>>
>> This means you have some rules in your iptables that aren''t
supported.
>> If this is any indication of what yous issues are, it''s that
iptables
>> is misconfigured. You may want to check over your rules table and make
>> sure they''re all sane.
>
> No, this only means that you''re using --physdev-out somewhere in
the
> rules.  Even if you''re only using it in a sane fashion--for
bridged
> traffic--the message still appears.  When you modify the rules, it
> appears once for every usage.
Oops, didn''t know that. Thanks for the correction,

-- 
--Zootboy

Sent from some sort of computing device.