Re: [Xen-users] Cannot access domU's network in a network-route and vif-route setup

[list user <xktnniuymlla@xxxxxxxxxxxxxx>]

Md Mooktakim Ahmed wrote:
> Nope i'm wrong. I tried every combination i could think of:
> ACCEPT     all  --  82.165.37.189        0.0.0.0/0           PHYSDEV match 
> --physdev-in
> vif43.0
> ACCEPT     all  --  0.0.0.0/0            82.165.37.189       PHYSDEV match 
> --physdev-in
> vif43.0
> ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           PHYSDEV match 
> --physdev-in
> vif43.0
> ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           PHYSDEV match 
> --physdev-out
> vif43.0
> ACCEPT     all  --  82.165.27.12         82.165.37.189       PHYSDEV match 
> --physdev-in
> vif43.0
> ACCEPT     all  --  82.165.27.12         82.165.37.189       PHYSDEV match 
> --physdev-out
> vif43.0
> ACCEPT     all  --  82.165.37.189        82.165.27.12        PHYSDEV match 
> --physdev-in
> vif43.0
> ACCEPT     all  --  82.165.37.189        82.165.27.12        PHYSDEV match 
> --physdev-out
> vif43.0
>
>
> 82.165.27.12 dom0
> 82.165.37.189 domU
>
> I still can't ssh to domU from dom0.
> I just don't get it. I can ping it.
Hello,

This look like the infamous checksum errors problem.  Bit me, too.

Try "ethtool -K eth?? tx off" on your virtual ethernet cards.  That 
_may_ solve the problem.
hope that helps

> On Fri, May 12, 2006 5:00 pm, Md Mooktakim Ahmed wrote:
>
> > I need something like the ALL command but in reverse. eg:
> > ACCEPT     all  --  anywhere  MY_DOMU_HOSTNAME     PHYSDEV match --physdev-in 
> > vif1.0
> >
> >
> > Does anyone know how to do this? What should i add to vif-common.sh to 
> > permanent this?
> > I use shorewall for this exact reason.
> >
> >
> > On Fri, May 12, 2006 12:42 pm, Md Mooktakim Ahmed wrote:
> >
> >
> > > Hello,
> > >
> > >
> > >
> > > I have setup my domU's with route. Everything is working with my domU's. I set 
> > > the
> > > default route to be eth0, which allowed them to access the outside world. I can
> > > install firewall on the domU, but i haven't been able to install one on dom0 
> > > (it stops
> > > the domU's network working). But anyway this email is about dom0 not being able 
> > > to
> > > talk to domU's.
> > >
> > > See its a strange thing. I hadn't noticed this before becuase i usually ping 
> > > things
> > > to test it. Ping works just fine. I can ping the domU's and they will respond. 
> > > However
> > > if i try anything like ssh, no response. So i have a look at iptables -L :
> > >
> > >
> > > ACCEPT     all  --  MY_DOMU_HOSTNAME  anywhere            PHYSDEV match 
> > > --physdev-in
> > > vif1.0 ACCEPT     udp  --  anywhere             anywhere            PHYSDEV 
> > > match
> > > --physdev-in
> > > vif1.0 udp spt:bootpc dpt:bootps
> > >
> > > It seems only UDP's are getting through. I can't connect to the domU's using 
> > > any TCP
> > > transport. Has anyone had this problem before? I haven't changed anything 
> > > special to
> > > the vif and network -route files. I'm using the latest stable xen, installed on 
> > > Centos
> > > 4.3 (without rpm).
> > >
> > >
> > > Also in an ideal world i would like to install Shorewall on my dom0 and still 
> > > have
> > > the independent network on the domU's (install their own firewall's if needed).
> > >
> > > Thanks for the help.
> > >
> > >
> > >
> > >
> > > _______________________________________________
> > > Xen-users mailing list
> > > Xen-users@xxxxxxxxxxxxxxxxxxx
> > > http://lists.xensource.com/xen-users
> >
> > --
> > Website: http://www.mooktakim.com
> > email: mma@xxxxxxxxxxxxx
> >
> >
> >
> > _______________________________________________
> > Xen-users mailing list
> > Xen-users@xxxxxxxxxxxxxxxxxxx
> > http://lists.xensource.com/xen-users
_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users