|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-users] Cannot access domU's network in a network-route and vif-route setup
So no one knows how to solve this? I can't ssh (or other) to the domU's from dom0 Please i need your help here. On Fri, May 12, 2006 5:17 pm, Md Mooktakim Ahmed wrote: > Nope i'm wrong. I tried every combination i could think of: > ACCEPT all -- 82.165.37.189 0.0.0.0/0 PHYSDEV match > --physdev-in > vif43.0 ACCEPT all -- 0.0.0.0/0 82.165.37.189 PHYSDEV > match > --physdev-in > vif43.0 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 PHYSDEV > match > --physdev-in > vif43.0 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 PHYSDEV > match > --physdev-out > vif43.0 ACCEPT all -- 82.165.27.12 82.165.37.189 PHYSDEV > match > --physdev-in > vif43.0 ACCEPT all -- 82.165.27.12 82.165.37.189 PHYSDEV > match > --physdev-out > vif43.0 ACCEPT all -- 82.165.37.189 82.165.27.12 PHYSDEV > match > --physdev-in > vif43.0 ACCEPT all -- 82.165.37.189 82.165.27.12 PHYSDEV > match > --physdev-out > vif43.0 > > > 82.165.27.12 dom0 > 82.165.37.189 domU > > > I still can't ssh to domU from dom0. > I just don't get it. I can ping it. > > > On Fri, May 12, 2006 5:00 pm, Md Mooktakim Ahmed wrote: > >> I need something like the ALL command but in reverse. eg: >> ACCEPT all -- anywhere MY_DOMU_HOSTNAME PHYSDEV match >> --physdev-in vif1.0 >> >> >> >> Does anyone know how to do this? What should i add to vif-common.sh to >> permanent >> this? I use shorewall for this exact reason. >> >> >> >> On Fri, May 12, 2006 12:42 pm, Md Mooktakim Ahmed wrote: >> >> >>> >> >>> Hello, >>> >>> >>> >>> >>> I have setup my domU's with route. Everything is working with my domU's. I >>> set the >>> default route to be eth0, which allowed them to access the outside world. I >>> can >>> install firewall on the domU, but i haven't been able to install one on >>> dom0 (it >>> stops the domU's network working). But anyway this email is about dom0 not >>> being >>> able to talk to domU's. >>> >>> See its a strange thing. I hadn't noticed this before becuase i usually >>> ping things >>> to test it. Ping works just fine. I can ping the domU's and they will >>> respond. >>> However >>> if i try anything like ssh, no response. So i have a look at iptables -L : >>> >>> >>> ACCEPT all -- MY_DOMU_HOSTNAME anywhere PHYSDEV match >>> --physdev-in >>> vif1.0 ACCEPT udp -- anywhere anywhere PHYSDEV >>> match >>> --physdev-in >>> vif1.0 udp spt:bootpc dpt:bootps >>> >>> It seems only UDP's are getting through. I can't connect to the domU's >>> using any >>> TCP >>> transport. Has anyone had this problem before? I haven't changed anything >>> special to >>> the vif and network -route files. I'm using the latest stable xen, >>> installed on >>> Centos >>> 4.3 (without rpm). >>> >>> >>> >>> Also in an ideal world i would like to install Shorewall on my dom0 and >>> still have >>> the independent network on the domU's (install their own firewall's if >>> needed). >>> >>> Thanks for the help. >>> >>> >>> >>> >>> >>> _______________________________________________ >>> Xen-users mailing list >>> Xen-users@xxxxxxxxxxxxxxxxxxx >>> http://lists.xensource.com/xen-users >>> >>> >>> >>> >>> >> >> >> -- >> Website: http://www.mooktakim.com >> email: mma@xxxxxxxxxxxxx >> >> >> >> >> _______________________________________________ >> Xen-users mailing list >> Xen-users@xxxxxxxxxxxxxxxxxxx >> http://lists.xensource.com/xen-users >> >> >> >> > > > -- > Website: http://www.mooktakim.com > email: mma@xxxxxxxxxxxxx > > > > _______________________________________________ > Xen-users mailing list > Xen-users@xxxxxxxxxxxxxxxxxxx > http://lists.xensource.com/xen-users > > > -- Website: http://www.mooktakim.com email: mma@xxxxxxxxxxxxx _______________________________________________ Xen-users mailing list Xen-users@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-users
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |