[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-users] Xen bridge acting weird -- fixed

[Threading was done manually; I hope it worked]

I think I've fixed the problem, since I've just been trying to do the same
bridge-fiddling on another (simpler) setup, and I think it's a problem with
the antispoof protection.  One of the things it does on the dom0 is:

iptables -P FORWARD DROP

which naturally makes IP packets much harder to get from place to place. 
Unfortunately, the associated rule to allow certain packets fails on my
system with a "iptables: No chain/target/match by that name", so the network
on my dom0 effectively goes "none shall pass" and it's game over.  The
reason, of course, that ARP still runs through is because it's not IP, and
therefore iptables has nothing to do with it.

The fix?  Run your network scripts with antispoof=no, or clear up the
forward policy stuff with:


Of course, if you have any sort of actual firewalling happening on your
machines, this will probably not be a wise move, but on simple systems with
normally-permissive networking, this works fine.

- Matt

Xen-users mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.