[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-users] firewalls and Xen

Patrick Wolfe wrote:
On Tue, 2006-03-07 at 15:00 -0600, Kevin wrote:

The domU's can access anyone without trouble.  Dom0 can successfully ping any 
IP address, but cannot connect to remote services.
From dom0, attempting a wget of google's homepage ( shows the 
connection is successful, but the request times out

It sounds like you haven't run 'ethtool -K eth0 tx off' on dom0.

You need to run that command on every xen virtual ethernet interface, or
you get corrupt checksums on random packets.  You can verify this by
running 'tcpdump' or 'ethereal' while doing the wget.

I hope this fix this problem by 3.0.2.  It's sure annoying.

You were exactly right Patrick; the following patch for /etc/xen/scripts/network-bridge (thanks Nicholas -- http://lists.xensource.com/archives/html/xen-users/2006-02/msg00747.html ) worked for me in fixing up my dom0's eth1:

      add_to_bridge2 ${bridge} ${pdev}
      do_ifup ${netdev}
      + # disable ip checksum offloading for veth device
      + [ -x /usr/sbin/ethtool ] && /usr/sbin/ethtool -K ${netdev} tx off

Thanks again,

Xen-users mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.