xen-users

Re: [Xen-users] iptables in dom0 with bridge: no more outbound connectio

To:	xen-users@xxxxxxxxxxxxxxxxxxx
Subject:	Re: [Xen-users] iptables in dom0 with bridge: no more outbound connections
From:	Peter Fokkinga <peter@xxxxxxxxxxx>
Date:	Sat, 30 Dec 2006 20:25:46 +0100
Delivery-date:	Sat, 30 Dec 2006 11:25:06 -0800
Envelope-to:	www-data@xxxxxxxxxxxxxxxxxx
In-reply-to:	<6d06ce20612301059k70fcd55fg9d9573da46a2c080@xxxxxxxxxxxxxx>
List-help:	<mailto:xen-users-request@lists.xensource.com?subject=help>
List-id:	Xen user discussion <xen-users.lists.xensource.com>
List-post:	<mailto:xen-users@lists.xensource.com>
List-subscribe:	<http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe:	<http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
References:	<20061229162546.1r02ekiiowoos8c8@xxxxxxxxx> <459544F5.7050303@xxxxxxxxx> <20061229184255.q2fqvv8f4gk088s4@xxxxxxxxx> <4596AE10.3040402@xxxxxxxxx> <6d06ce20612301059k70fcd55fg9d9573da46a2c080@xxxxxxxxxxxxxx>
Sender:	xen-users-bounces@xxxxxxxxxxxxxxxxxxx
User-agent:	Internet Messaging Program (IMP) H3 (4.1.3)

Quoting Jerry Amundson <jamundso@xxxxxxxxx>:

Peter Fokkinga wrote:

[iptables drops outgoing traffic when xend is running]
I get the feeling iptables does not remember its state, so my rule
  iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
has no effect. Kernel modules xt_state and ip_conntrack are loaded.


Depends on your distro. Redhat for example,
"service iptables save" (overwriting /etc/sysconfig/iptables).


I did not mean "remember" in the sense of "between reboots", but more
like that iptables does not register the outgoing packet. So when the
first "response" packet comes back and enters the INPUT rule it is
seen as a NEW packet instead of ESTABLISHED or RELATED and therefore
dropped.

Distro I'm using is Ubuntu 6.06 btw.

Peter


_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
[Xen-users] iptables in dom0 with bridge: no more outbound connections, Peter Fokkinga Re: [Xen-users] iptables in dom0 with bridge: no more outbound connections, Nico Kadel-Garcia Re: [Xen-users] iptables in dom0 with bridge: no more outbound connections, Peter Fokkinga Re: [Xen-users] iptables in dom0 with bridge: no more outbound connections, Nico Kadel-Garcia Re: [Xen-users] iptables in dom0 with bridge: no more outbound connections, Jerry Amundson Re: [Xen-users] iptables in dom0 with bridge: no more outbound connections, Peter Fokkinga <= Re: [Xen-users] iptables in dom0 with bridge: no more outbound connections, Christopher G. Stach II

Previous by Date:	Re: [Xen-users] How many domU can I run?, Jerry Amundson
Next by Date:	[Xen-users] howto give DomU the pcmcia wlan card from Dom0 ?, harm
Previous by Thread:	Re: [Xen-users] iptables in dom0 with bridge: no more outbound connections, Jerry Amundson
Next by Thread:	Re: [Xen-users] iptables in dom0 with bridge: no more outbound connections, Christopher G. Stach II
Indexes:	[Date] [Thread] [Top] [All Lists]

xen.org, Legal and Privacy

This site is hosted by XenSource, a Citrix company