Xen 		  
Home About Xen.org Xen Xen Summit Wiki Mailing List Bug Tracker Xen Downloads
 
   
 

xen-users

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Xen-users] iptables in dom0 with bridge: no more outbound connectio

from [Peter Fokkinga] [Permanent Link][Original]
To: xen-users@xxxxxxxxxxxxxxxxxxx
Subject: Re: [Xen-users] iptables in dom0 with bridge: no more outbound connections
From: Peter Fokkinga <peter@xxxxxxxxxxx>
Date: Fri, 29 Dec 2006 18:42:55 +0100
Delivery-date: Fri, 29 Dec 2006 09:42:17 -0800
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
In-reply-to: <459544F5.7050303@xxxxxxxxx>
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
References: <20061229162546.1r02ekiiowoos8c8@xxxxxxxxx> <459544F5.7050303@xxxxxxxxx>
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: Internet Messaging Program (IMP) H3 (4.1.3) 
Quoting Nico Kadel-Garcia <nkadel@xxxxxxxxx>:

Peter Fokkinga wrote:

[...]
Now for the real spooky part:
 1. I booted into dom0 (no xend)
 2. executed `telnet 129.125.14.12 daytime`, it works
 3. started xend
 4. executed `telnet 129.125.14.12 daytime`, it still works (surprise!)
 5. executed `telnet 129.125.14.13 daytime`, it does not work

DNS cache, I think.


But I'm using ip adresses, not names? I don't see how DNS fits in
this picture.


It's been discussed before: I haven't had a chance to pursue it,
myself. Basically, after you start Xend, traffic going *out* from Dom0
goes through peth0, as near as I can tell, not eth0.


Ok, but why is iptables interfering? I'm not refering to eth0 in
my rules. If I flush iptables after starting Xend everything is fine,
troubles start the moment I re-activate the rules.

I get the feeling iptables does not remember its state, so my rule
  iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
has no effect. Kernel modules xt_state and ip_conntrack are loaded.

Peter


_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Xen-users] Using pygrub, Henning Sprang
Next by Date:  Re: [Xen-users] CIM @ LINUX(XEN) (FC6 or SuSE 10), Szymanski, Lukasz K
Previous by Thread:  Re: [Xen-users] iptables in dom0 with bridge: no more outbound connections, Nico Kadel-Garcia
Next by Thread:  Re: [Xen-users] iptables in dom0 with bridge: no more outbound connections, Nico Kadel-Garcia
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , XenSource, Inc. All rights reserved. Note: the xen.org trademark policy
is changing. For information please email legalxen.org, Legal and Privacy