[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-devel] Re: Qestion about the Xen network?

  • To: Paolo Bonzini <pbonzini@xxxxxxxxxx>
  • From: Bei Guan <gbtju85@xxxxxxxxx>
  • Date: Sat, 23 Oct 2010 23:27:12 +0800
  • Cc: Samuel Thibault <samuel.thibault@xxxxxxxxxxxx>, Xen Devel <xen-devel@xxxxxxxxxxxxxxxxxxx>
  • Delivery-date: Sat, 23 Oct 2010 08:27:57 -0700
  • Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; b=GHmXRKQIqMSMjv+KopLw4hEb2U2BESBgO0PQ1F0GZOfdyjL1i0KIxZMp7yVtRo0vZ2 TDkrEOpEN7Kdtmm9bc7GV3lBAFqDhAL8NiyNmWdGStMcKLZtlNCm2cyXWjmMRA5QC/Bi oykIvKNH44zVx9jKbc6ilfZ4ICO/Yw/2Hccl4=
  • List-id: Xen developer discussion <xen-devel.lists.xensource.com>


2010/10/23 Paolo Bonzini <pbonzini@xxxxxxxxxx>
On 10/22/2010 05:50 PM, Bei Guan wrote:
My Dom0 (fedora 8) iptables /etc/sysconfig/iptables

This is only half of your configuration.  Libvirt is creating virbr0 and adding iptables rules to connect it to the outside world via NAT (the 192.168.122.x subnet).  iptables -L can show those rules.

Sorry, my Dom0 (fedora 8) iptables configuration is as following.

[root@localhost ~]# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination        
ACCEPT     udp  --  anywhere             anywhere            udp dpt:domain
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:domain
ACCEPT     udp  --  anywhere             anywhere            udp dpt:bootps
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:bootps
RH-Firewall-1-INPUT  all  --  anywhere             anywhere           

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination        
ACCEPT     all  --  anywhere             localhost/24        state RELATED,ESTABLISHED
ACCEPT     all  --  localhost/24         anywhere           
ACCEPT     all  --  anywhere             anywhere           
REJECT     all  --  anywhere             anywhere            reject-with icmp-port-unreachable
REJECT     all  --  anywhere             anywhere            reject-with icmp-port-unreachable
REJECT     all  --  anywhere             anywhere            reject-with icmp-host-prohibited

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination        

Chain RH-Firewall-1-INPUT (1 references)
target     prot opt source               destination        
ACCEPT     all  --  anywhere             anywhere           
ACCEPT     icmp --  anywhere             anywhere            icmp any
ACCEPT     esp  --  anywhere             anywhere           
ACCEPT     ah   --  anywhere             anywhere           
ACCEPT     udp  --  anywhere             224.0.0.251         udp dpt:mdns
ACCEPT     udp  --  anywhere             anywhere            udp dpt:ipp
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:ipp
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:ftp
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:nfs
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:ssh
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:telnet
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:http
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:https
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:smtp
REJECT     all  --  anywhere             anywhere            reject-with icmp-host-prohibited

 

Paolo

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.