[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH] Re: network-bridge script breaks networkconnectivity

On Tue, Jul 11, 2006 at 06:45:01AM +0100, Ian Pratt wrote:
> > This patch configures the bridge to *not* apply iptables filtering.
> This
> > makes the virtual bridge more like a real bridge (in that ip-layer
> filter
> > does not happen) and it makes the installation/configuration of xen
> from
> > sources easier (at least on FC5).
> The interaction with host firewall rules has always been a bit icky, not
> least because the xen network scripts typically run after the host's
> firewall scripts (and rename the network device). I've never understood
> what happens to the firewall rules - do they stay with the old eth0 (now
> peth0) or do they now apply to the new device name?

IIRC, interface names in iptables rules are symbolic, so eth0 means what
currently stands for eth0.

For what is worth, I never understood why Xen decides to rename the real
interface or why it tries to manually set the bridge's MAC address.

What I do, in my machines, is use the system's method of bridge
configuration (/etc/sysconfig/network-scripts/ifcfg-xenbr0). That fixed
some problems I had with xen (some instances of connections resetted on
xend start and domU unable to talk to other domU on another machine).


Attachment: pgpJHdJh2IQkB.pgp
Description: PGP signature

Xen-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.