[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-users] so close! just an iptables rule away.....?
Hi, I've been making leaps and strides with Xen on FC4. It has been easy to get installed and to start our first virtual host. I've got one outstanding issue with iptables that is preventing me progressing further. This is a colo'd server. It has s single NIC with public IPs. The bridge is set to come up binding vif* <> xen-br0 <> eth1. I can start a virtual host and I am able to ping & SSH to the virtual host. I am not able to resolve DNS query from my virtual host though - tcpdump shows Admin Prohibited e.g.: 14:45:01.527142 IP dellserver.comwifinet.lan > vm-colo1.comwifinet.lan: icmp 80: host 217.160.133.239 unreachable - admin prohibited If I drop IP tables then all name resolution works from the virtual machines. I have not had any success with adding the iptables rules as shown in the wiki # iptables -L -v -n Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 8216 809K RH-Firewall-1-INPUT all -- * * 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 PHYSDEV match --physdev-in eth1 ! --physdev-out eth1 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 PHYSDEV match ! --physdev-in eth1 --physdev-out eth1 Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 1844 216K RH-Firewall-1-INPUT all -- * * 0.0.0.0/0 0.0.0.0/0 Chain OUTPUT (policy ACCEPT 1256 packets, 373K bytes) pkts bytes target prot opt in out source destination Chain RH-Firewall-1-INPUT (2 references) pkts bytes target prot opt in out source destination 42 3108 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0 19 1540 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 255 0 0 ACCEPT esp -- * * 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT ah -- * * 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT udp -- * * 0.0.0.0/0 224.0.0.251 udp dpt:5353 0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:631 3296 287K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 2 116 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:143 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:53 9 740 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22 7 336 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:25 4 228 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:80 6681 732K REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited Running 2.6.12-1.1398_FC4xen0 I have read https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=161792 - is this the cause of my problems? do I need to run a newer kernel to resolve this issue? Thanks for any advice - please prompt me to supply further info (e.g. credit card number, inside leg measurement, etc......) /rob _______________________________________________ Xen-users mailing list Xen-users@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-users
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |