[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-users] xen, fc4, bridging, iptables and conntrack problem



Paul Jakma wrote:


On Sat, 25 Jun 2005, Jon Howse wrote:

Hi Paul,

I have Fedora Core 4 and I am having exactly the same problem as you.

Aha, so it's not just me. Time to raise a bug with fedora.

I can confirm the problem here.

[snip]
machine and i can't then log in via ssh. It seems that the conntrack system is failing to match already accepted connections.

See above. For me, all dom0 initiated connections fail to appear in conntrack state (but strangely the remote replies still get seen by tcpdump on xen-br0). domU's work fine though, as FORWARD is unrestricted.

The initial packet seems to get accepted by the INPUT rule, then the reply packet slips past the ESTABLISHED,RELATED rule and gets logged then dropped by the default policy.

[snip]
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=161792 and please add your comments to it.


The snapshot for -unstable used for the latest FC4 package is quite old: * Tue Apr 26 2005 Rik van Riel <...> 2-20050424
- upgrade to last night's snapshot

So perhaps this is already fixed in xen-unstable. Or it was just an artefact of code changes, similar to the problem that xm restore does not work correctly in that snapshot.

Rik said he would upgrade to a new snapshot for rawhide rather soon. Not sure when that will be, though.

Can anyone not using FC4 confirm problems with iptables and conntrack in the latest -unstable?

Best Regards,
Michael Paesold

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.