[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-devel] Compiling from source and networking problem - SOLVED ?



Because I had recompiled Xen a few times and even tried installing it from
packages, I wasn't sure about the state of the machine, so I just blew it
out, and reinstalled (FC 8) from scratch.

I compiled Xen (3.2 - testing) and installed a Fedora VM, still no
networking.

I checked my iptables rules and saw that the first rule in the FORWARD chain
rejected everything.  I deleted that rule and the VM's networking came right
up.

I'm not an iptables expert but looking at the FORWARD chain I originally
sent out, it looks like that may have been the original problem as well.

ORIGINAL FORWARD CHAIN:

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
ACCEPT     all  --  anywhere             192.168.122.0/24    state
RELATED,ESTABLISHED
ACCEPT     all  --  192.168.122.0/24     anywhere
ACCEPT     all  --  anywhere             anywhere
REJECT     all  --  anywhere             anywhere           reject-with
icmp-port-unreachable
REJECT     all  --  anywhere             anywhere           reject-with
icmp-port-unreachable
ACCEPT     all  --  anywhere             192.168.122.0/24    state
RELATED,ESTABLISHED
ACCEPT     all  --  192.168.122.0/24     anywhere
ACCEPT     all  --  anywhere             anywhere
REJECT     all  --  anywhere             anywhere           reject-with
icmp-port-unreachable
REJECT     all  --  anywhere             anywhere           reject-with
icmp-port-unreachable
ACCEPT     all  --  anywhere             192.168.122.0/24    state
RELATED,ESTABLISHED
ACCEPT     all  --  192.168.122.0/24     anywhere
ACCEPT     all  --  anywhere             anywhere
REJECT     all  --  anywhere             anywhere           reject-with
icmp-port-unreachable
REJECT     all  --  anywhere             anywhere           reject-with
icmp-port-unreachable
REJECT     all  --  anywhere             anywhere           reject-with
icmp-host-prohibited
ACCEPT     all  --  anywhere             anywhere           PHYSDEV match
--physdev-in vif2.0

There are a lot of REJECT rules before the rule that accepts to/from vif2.0.
So I'm guessing that the ACCEPT from anywhere to anywhere rules don't
include traffice to/from the virtual interface?

-matthew


> -----Original Message-----
> From: Matthew Donovan [mailto:matthew@xxxxxxxxxxxxxx] 
> Sent: Tuesday, June 24, 2008 11:02 AM
> To: Keir Fraser; xen-devel
> Subject: RE: [Xen-devel] Compiling from source and networking problem
> 
> Networking for an HVM linux guest (FC 8) also does not work.  
> One thing I'm
> seeing on the linux guest (and I don't know if it matters) is 
> that every
> time I boot it, the ethernet interface number increases: 
> eth0, eth1, eth2,
> eth3.
> 
> -matthew
> 
> 
> > -----Original Message-----
> > From: Keir Fraser [mailto:keir.fraser@xxxxxxxxxxxxx] 
> > Sent: Friday, June 13, 2008 3:32 PM
> > To: Matthew Donovan; xen-devel
> > Subject: Re: [Xen-devel] Compiling from source and 
> networking problem
> > 
> > Networking for Windows guests should work straightforwardly 
> > 'out of the
> > box'. Have you been able to get networking going with any 
> > other type of
> > guest: e.g., Linux, WinXP?
> > 
> >  -- Keir
> > 
> > On 13/6/08 18:50, "Matthew Donovan" <matthew@xxxxxxxxxxxxxx> wrote:
> > 
> > > Hey,
> > > 
> > > I was originally asking questions on xen-users but no one 
> > seems to have any
> > > idea about this so I figured I'd try this list.
> > > 
> > > I compiled Xen from source (3.2 testing) on an Intel 
> > machine running Fedora
> > > Core 8 and have discovered that my guest (Windows Vista) 
> > does not have a
> > > network connection.
> > > 
> > > Looking at various online documentation and a machine that 
> > does work, I
> > > guessed that I needed dnsmasq and libvirtd installed.  I 
> > did that (and I
> > > think it's configured correctly i.e. it runs when the 
> > machine boots and has
> > > the same flags as the machine that works) and still nothing 
> > (i.e. domU does
> > > not have a network connection).  I installed libvirt from 
> > source and got the
> > > Fedora package for dnsmasq.
> > > 
> > > Most of the documentation I've found for networking is old 
> > and doesn't seem
> > > to reflect what Xen is doing.  Most sources refer to xenbr0 
> > while only a
> > > couple places mention that eth0 becomes the bridge and 
> > peth0 is now the
> > > interface that dom0 uses.
> > > 
> > > It's possible that I have remnants of my attempt to get Xen 
> > working from
> > > rpm's on this system.  I don't know if that would screw 
> > anything up or not.
> > > 
> > > Is there an up-to-date reference for how Xen networking is 
> > done?  I've read
> > > the XenNetworking Wiki page through repeatedly and can't glean the
> > > appropriate trouble-shooting information from it.
> > > 
> > > In the VM I've tried configuring it for DHCP and giving it 
> > a static IP.
> > > Neither do anything.
> > > 
> > > Should I just format the computer and start from scratch?
> > > 
> > > I'm at my wit's end here.
> > > Any help is appreciated.
> > > -matthew
> > > 
> > > Some other details:
> > > My _current_ guest config specifies networking as:
> > > 
> > > dhcp="dhcp"
> > > vif=[ 'type=ioemu, bridge=xenbr0' ]
> > > 
> > > 
> > > /etc/xen/xend-config.sxp says:
> > > (network-script network-bridge)
> > > (vif-script vif-bridge)
> > > 
> > > My guest is currently running and "brctl show" output:
> > > [root@moosen ~]# brctl show
> > > bridge name     bridge id               STP enabled     interfaces
> > > eth0            8000.0019b932c635       no              peth0
> > >                                                         tap0
> > >                                                         vif2.0
> > > virbr0          8000.000000000000       yes
> > > 
> > > 
> > > Iptables output:
> > > 
> > > [root@moosen ~]# iptables -L
> > > Chain INPUT (policy ACCEPT)
> > > target     prot opt source               destination
> > > ACCEPT     udp  --  anywhere             anywhere           
> >  udp dpt:domain
> > > ACCEPT     tcp  --  anywhere             anywhere           
> >  tcp dpt:domain
> > > ACCEPT     udp  --  anywhere             anywhere           
> >  udp dpt:bootps
> > > ACCEPT     tcp  --  anywhere             anywhere           
> >  tcp dpt:bootps
> > > ACCEPT     udp  --  anywhere             anywhere           
> >  udp dpt:domain
> > > ACCEPT     tcp  --  anywhere             anywhere           
> >  tcp dpt:domain
> > > ACCEPT     udp  --  anywhere             anywhere           
> >  udp dpt:bootps
> > > ACCEPT     tcp  --  anywhere             anywhere           
> >  tcp dpt:bootps
> > > ACCEPT     udp  --  anywhere             anywhere           
> >  udp dpt:domain
> > > ACCEPT     tcp  --  anywhere             anywhere           
> >  tcp dpt:domain
> > > ACCEPT     udp  --  anywhere             anywhere           
> >  udp dpt:bootps
> > > ACCEPT     tcp  --  anywhere             anywhere           
> >  tcp dpt:bootps
> > > RH-Firewall-1-INPUT  all  --  anywhere             anywhere
> > > 
> > > Chain FORWARD (policy ACCEPT)
> > > target     prot opt source               destination
> > > ACCEPT     all  --  anywhere             192.168.122.0/24    state
> > > RELATED,ESTABLISHED
> > > ACCEPT     all  --  192.168.122.0/24     anywhere
> > > ACCEPT     all  --  anywhere             anywhere
> > > REJECT     all  --  anywhere             anywhere           
> >  reject-with
> > > icmp-port-unreachable
> > > REJECT     all  --  anywhere             anywhere           
> >  reject-with
> > > icmp-port-unreachable
> > > ACCEPT     all  --  anywhere             192.168.122.0/24    state
> > > RELATED,ESTABLISHED
> > > ACCEPT     all  --  192.168.122.0/24     anywhere
> > > ACCEPT     all  --  anywhere             anywhere
> > > REJECT     all  --  anywhere             anywhere           
> >  reject-with
> > > icmp-port-unreachable
> > > REJECT     all  --  anywhere             anywhere           
> >  reject-with
> > > icmp-port-unreachable
> > > ACCEPT     all  --  anywhere             192.168.122.0/24    state
> > > RELATED,ESTABLISHED
> > > ACCEPT     all  --  192.168.122.0/24     anywhere
> > > ACCEPT     all  --  anywhere             anywhere
> > > REJECT     all  --  anywhere             anywhere           
> >  reject-with
> > > icmp-port-unreachable
> > > REJECT     all  --  anywhere             anywhere           
> >  reject-with
> > > icmp-port-unreachable
> > > REJECT     all  --  anywhere             anywhere           
> >  reject-with
> > > icmp-host-prohibited
> > > ACCEPT     all  --  anywhere             anywhere           
> >  PHYSDEV match
> > > --physdev-in vif2.0
> > > 
> > > Chain OUTPUT (policy ACCEPT)
> > > target     prot opt source               destination
> > > 
> > > Chain RH-Firewall-1-INPUT (1 references)
> > > target     prot opt source               destination
> > > ACCEPT     all  --  anywhere             anywhere
> > > ACCEPT     icmp --  anywhere             anywhere           
> >  icmp any
> > > ACCEPT     esp  --  anywhere             anywhere
> > > ACCEPT     ah   --  anywhere             anywhere
> > > ACCEPT     udp  --  anywhere             224.0.0.251        
> >  udp dpt:mdns
> > > ACCEPT     udp  --  anywhere             anywhere           
> >  udp dpt:ipp
> > > ACCEPT     tcp  --  anywhere             anywhere           
> >  tcp dpt:ipp
> > > ACCEPT     all  --  anywhere             anywhere            state
> > > RELATED,ESTABLISHED
> > > ACCEPT     tcp  --  anywhere             anywhere           
> >  state NEW tcp
> > > dpt:ssh
> > > REJECT     all  --  anywhere             anywhere           
> >  reject-with
> > > icmp-host-prohibited
> > > 
> > > 
> > > _______________________________________________
> > > Xen-devel mailing list
> > > Xen-devel@xxxxxxxxxxxxxxxxxxx
> > > http://lists.xensource.com/xen-devel
> > 
> > 
> 
> _______________________________________________
> Xen-devel mailing list
> Xen-devel@xxxxxxxxxxxxxxxxxxx
> http://lists.xensource.com/xen-devel
> 

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.