|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-devel] Network issues with SuSE firewall
First, I noted that xen_nat_enable was *not* built along with the
other tools in xeno-clone/install/bin. Is this still needed (per the
README.CD instructions, for a NAT-based virtual host, rather than
IP-based)?
I copied & ran the xen_nat_enable from the CD, and immediately was
unable to access my machine to/from the network (I had already run
"ifconfig eth0:0 169.254.1.0 up").
What I found was that the SuSEfirewall default configuration did not
get along well with whatever changes to iptables were made by
xen_nat_enable. My solution, which needs to be tuned later, was to
edit /etc/sysconfig/SuSEfirewall2 to greatly loosen the firewall. I
then restarted it:
/etc/rc.d/SuSEfirewall2_init restart
/etc/rc.d/SuSEfirewall2_setup restart
/etc/rc.d/SuSEfirewall2_final restart
The changes I made (again, these are certainly TOO MANY changes, but
as you'll see in my next note there are still problems with network
access to the virtual systems):
127c127
< FW_DEV_INT="eth0:0"
---
> FW_DEV_INT=""
164c164
< FW_ROUTE="yes"
---
> FW_ROUTE="no"
179c179
< FW_MASQUERADE="yes"
---
> FW_MASQUERADE="no"
201c201
< FW_MASQ_NETS="169.254.1.0"
---
> FW_MASQ_NETS=""
217c217
< FW_PROTECT_FROM_INTERNAL="no"
---
> FW_PROTECT_FROM_INTERNAL="yes"
254c254
< FW_SERVICES_EXT_TCP="2200:2300 2049 http ssh rsync ftp smtp"
---
> FW_SERVICES_EXT_TCP="2049 http ssh"
Of course, your firewall configuration might be different.
-- Greg
-------------------------------------------------------
This SF.Net email sponsored by: ApacheCon 2003,
16-19 November in Las Vegas. Learn firsthand the latest
developments in Apache, PHP, Perl, XML, Java, MySQL,
WebDAV, and more! http://www.apachecon.com/
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |