|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] [PATCH] Re: network-bridge script breaks networkconnectivity
On Tue, Jul 11, 2006 at 06:45:01AM +0100, Ian Pratt wrote: > > This patch configures the bridge to *not* apply iptables filtering. > This > > makes the virtual bridge more like a real bridge (in that ip-layer > filter > > does not happen) and it makes the installation/configuration of xen > from > > sources easier (at least on FC5). > > The interaction with host firewall rules has always been a bit icky, not > least because the xen network scripts typically run after the host's > firewall scripts (and rename the network device). I've never understood > what happens to the firewall rules - do they stay with the old eth0 (now > peth0) or do they now apply to the new device name? IIRC, interface names in iptables rules are symbolic, so eth0 means what currently stands for eth0. For what is worth, I never understood why Xen decides to rename the real interface or why it tries to manually set the bridge's MAC address. What I do, in my machines, is use the system's method of bridge configuration (/etc/sysconfig/network-scripts/ifcfg-xenbr0). That fixed some problems I had with xen (some instances of connections resetted on xend start and domU unable to talk to other domU on another machine). -- lfr 0/0 Attachment:
pgpJHdJh2IQkB.pgp _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |