Xen 		  
Home About Xen.org Xen Xen Summit Wiki Mailing List Bug Tracker Xen Downloads
 
   
 

xen-users

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Xen-users] iptables and state matches (established, related)

from [John Hannfield] [Permanent Link][Original]
To: "Tomas Lund" <tlund@xxxxxx>
Subject: Re: [Xen-users] iptables and state matches (established, related)
From: "John Hannfield" <hal9020@xxxxxxxxx>
Date: Sat, 28 Apr 2007 13:49:58 +0100
Cc: Andrey Oreshnikov <elride@xxxxxxxxx>, xen-users@xxxxxxxxxxxxxxxxxxx
Delivery-date: Sat, 28 Apr 2007 05:48:36 -0700
Dkim-signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=djOkTO/UPdyAXjBc7QDbIveSzFU42lluh1TGTC22GtJlFzSwso4fH7L+zsdoCosL9x+WCNbkuiDw7ATyoBrj1KzQtGBKqFW5jjqkCkKgjiJkepI3wC37EGrX66Uxv89P2MRcW82hTRcwLCLFRE3Jo8hIjICjCIvbaKOQkAxP6IM=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=X/KUlnw/fBXNBa9admCWKDdKExiMTRGUEc3wvFcpIiSQKxZ6vFxa7gNr4BzCvCNsXB2jSxrv+PKAjsL0bJ19Jqv4N64hTrinokWH8/nvheZMSywkHgXJl+e6ooZ8zfulKxfYyb1TpJSAjB+RVZs9Yh/Kk21VRSZB6YzWvKpJgng=
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
In-reply-to: <Pine.LNX.4.61.0704201317390.4846@xxxxxxxxxxx>
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
References: <c8749d500704100344n14cbf826x3cb70dc77373ce97@xxxxxxxxxxxxxx> <Pine.LNX.4.61.0704201317390.4846@xxxxxxxxxxx>
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx 
This is a known problem with Xen 3.0.x  and iptables connection tracking.
Connection tracking and state filtering only works as long as xen is
not running.
Try doing this:

echo "0" >/proc/sys/net/bridge/bridge-nf-call-iptables

That fixed it for me.


--

John

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Xen-users] can't mount vfat fs on lvm created by winxp guest, Nico Kadel-Garcia
Next by Date:  [Xen-users] X86_64 and 4GB RAM, John Hannfield
Previous by Thread:  Re: [Xen-users] iptables and state matches (established, related), Tomas Lund
Next by Thread:  Re: [Xen-users] iptables and state matches (established, related), Geert Janssens
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , XenSource, Inc. All rights reserved. Note: the xen.org trademark policy
is changing. For information please email legalxen.org, Legal and Privacy