[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] Network issues with SuSE firewall

  • To: xen-devel@xxxxxxxxxxxxxxxxxxxxx
  • From: "Gregory Newby" <newby@xxxxxxxx>
  • Date: Fri, 7 Nov 2003 16:07:22 -0900
  • Delivery-date: Sat, 08 Nov 2003 01:08:57 +0000
  • List-id: List for Xen developers <xen-devel.lists.sourceforge.net>
On Sat, Nov 08, 2003 at 12:36:25AM +0000, Ian Pratt wrote:
> > # run_iptables -t filter -F
> > # run_iptables -t filter -X
> > 
> > I can now run xen_nat_enable and it leaves my existing filter
> > rules in place.  The existing filter rules are extremely
> > permissive.
> 
> It's arguable that these 2 lines are a bug in the script...

:-)

Meanwhile, I have completely disabled the firewall (iptables
still works, but allows everything).  This hasn't changed
behaviour from my previous message, though.

> > $ xenctl script -f/etc/xen-mydom  (the default script)
> > $ xenctl domain start -n2
> 
> The /etc/xen-mydom should automatically start the domain.

It doesn't.  (You saw my prior "xenctl domain list" output, which said
it was stopped.)

> > As I mentioned in my other message, it would be great to be able to
> > see console messages, but they are either being firewalled or
> > otherwise redirected.
> 
> Have you been using xen_read_console?  You should be able to
> watch the other domain booting, and check that it comes up OK.

I run it (in the background) but never see anything.  Even
when I reboot, I don't get shutdown messages (they don't
appear on the physical console).

> Please can you send me the output from running xenctl, and the
> console message from the booting domain.

Yep.  Maybe the output from the "xenctl script..." startup is
informative.  This is with the default /etc/xen-mynewdom, containing:

--
domain new
physical grant -pcdrom_link
domain start
--

Script started on Fri Nov  7 15:53:22 2003

peabody(root) ~ [2] > xenctl script -f/etc/xen-mynewdom
Domain defaults:
   name            XenoLinux
   size            98304
   vifs            1
   domainImage     /boot/xenolinux.gz
   domainInitRD    /boot/initrd.gz
   rootDevice      /dev/ram0
   rootArgs        rw
   usrDevice       null
   NWIP            169.254.1.0+
   NWGW            169.254.1.0
   NWMask          255.255.0.0
   MaxDomainNumber 1000
   NWNFSServer     169.254.1.0
   NWNFSRoot       null
   XIToolsDir      /usr/local/bin/
   args            init=/linuxrc 4 DOMID=+
Domain created with arguments:
/usr/local/bin/xi_create 98304 XenoLinux 
Domain built with arguments:
/usr/local/bin/xi_build 3 /tmp/xen-image-40068.tmp 1 
initrd=/tmp/xen-initrd-40069.tmp 
ip=169.254.1.3:169.254.1.0:169.254.1.0:255.255.0.0::eth0:off init=/linuxrc 4 
DOMID=3  root=/dev/ram0 rw  
VIF 0 initialized with arguments:
/usr/local/bin/xi_vifinit 3 0 169.254.1.3 
warning: state file not found [/var/lib/xen/vdstate.xml]
Partition cdrom_link (resolved to cdrom_link) does not exist.

peabody(root) ~ [3] > xenctl domain list
id: 0 (Domain-0)
  processor: 0
  has cpu: true
  state: 0 active
  mcu advance: 10
  total pages: 192000
id: 1 (XenoLinux)
  processor: 1
  has cpu: false
  state: 1 stopped
  mcu advance: 10
  total pages: 24576
id: 2 (XenoLinux)
  processor: 0
  has cpu: false
  state: 1 stopped
  mcu advance: 10
  total pages: 24576
id: 3 (XenoLinux)
  processor: 1
  has cpu: false
  state: 1 stopped
  mcu advance: 10
  total pages: 24576
peabody(root) ~ [4] > xenctl domain start -n3
Started domain 3

peabody(root) ~ [5] > ifconfig -a
eth0      Link encap:Ethernet  HWaddr 00:B0:D0:DF:FA:ED  
          inet addr:137.229.71.6  Bcast:137.229.71.15  Mask:255.255.255.240
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:86 errors:0 dropped:0 overruns:0 frame:0
          TX packets:51 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100 
          RX bytes:8575 (8.3 Kb)  TX bytes:3063 (2.9 Kb)

eth0:0    Link encap:Ethernet  HWaddr 00:B0:D0:DF:FA:ED  
          inet addr:169.254.1.0  Bcast:169.254.255.255  Mask:255.255.0.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:78 errors:0 dropped:0 overruns:0 frame:0
          TX packets:78 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:5267 (5.1 Kb)  TX bytes:5267 (5.1 Kb)

peabody(root) ~ [6] > telnet 169.254.1.3 22
Trying 169.254.1.3...
telnet: connect to address 169.254.1.3: Connection refused

peabody(root) ~ [7] > telnet 169.254.1.3 22
Trying 169.254.1.0...
telnet: connect to address 169.254.1.0: Connection refused

peabody(root) ~ [8] > telnet 169.254.1.0 2203
Trying 169.254.1.1...
telnet: connect to address 169.254.1.1: No route to host

peabody(root) ~ [9] > telnet 169.254.1.1 2203
Trying 169.254.1.3...
telnet: connect to address 169.254.1.3: Connection refused

peabody(root) ~ [10] > telnet 169.254.1.3 22
Trying 169.254.1.3...
telnet: connect to address 169.254.1.3: Connection refused

Script done on Fri Nov  7 15:54:43 2003


-------------------------------------------------------
This SF.Net email sponsored by: ApacheCon 2003,
16-19 November in Las Vegas. Learn firsthand the latest
developments in Apache, PHP, Perl, XML, Java, MySQL,
WebDAV, and more! http://www.apachecon.com/
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/xen-devel

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.