Xen project Mailing List

[Xen-users] FC5 -- Xen 3.0.2 -- iptables with dom0 and domU

Date: Sat, 26 Aug 2006 18:13:51 -0400 (EDT)

Delivery-date: Sat, 26 Aug 2006 15:14:40 -0700

Importance: Normal

List-id: Xen user discussion <xen-users.lists.xensource.com>

Situation: Running a simple UDP client/server program where the client on one domU on one computer sends echo packets to another domU on another computer, server sends echoes back. They do this on a specified port (will use any port between 5000-6000). This program works on non-Xen machines in various environments, Linux and Solaris. Program just hangs on the domUs. I believe I need help with my ports to allow connections and UDP/TCP packets to go through ports 5000-6000. -------------------------------------------- My environment: (machine1) domU 10.0.0.1 <-> (machine1) dom0 172.16.48.252 <-> (machine2) dom0 172.16.48.253 <-> (machine1) domU 10.0.1.1 dom0s -- FC5 (2.6.17-1.2157_FC5xen0, using 512MB RAM) domUs -- FC5 (2.6.17-1.2157_FC5xen0, using 256MB RAM) -NAT scripts (network-nat, vif-nat) are used on bootup -can ping and ssh between dom0 and domUs (on both machines) -I have disabled selinux and firewall ------------------------------------------------- My routing table on (machine1) dom0: Destination Gateway Genmask Flags Metric Ref Use Iface 10.0.0.1 0.0.0.0 255.255.255.255 UH 0 0 0 vif1.0 10.0.1.0 172.16.48.253 255.255.255.0 UG 0 0 0 eth0 172.16.48.0 0.0.0.0 255.255.254.0 U 0 0 0 eth0 169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0 0.0.0.0 172.16.48.1 0.0.0.0 UG 0 0 0 eth0 ------------------------------------------------- My routing table on (machine1) domU: Destination Gateway Genmask Flags Metric Ref Use Iface 10.0.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0 0.0.0.0 10.0.0.1 0.0.0.0 UG 0 0 0 eth0 ------------------------------------------------- 'iptables -L' on (machine1) dom0: Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt source destination ACCEPT all -- 10.0.0.1 anywhere PHYSDEV match --physdev-in vif1.0 ACCEPT udp -- anywhere anywhere PHYSDEV match --physdev-in vif1.0 udp spt:bootpc dpt:bootps Chain OUTPUT (policy ACCEPT) target prot opt source destination ------------------------------------------------ 'iptables -L' on (machine1) domU: Chain INPUT (policy ACCEPT) target prot opt source destination RH-Firewall-1-INPUT all -- anywhere anywhere Chain FORWARD (policy ACCEPT) target prot opt source destination RH-Firewall-1-INPUT all -- anywhere anywhere Chain OUTPUT (policy ACCEPT) target prot opt source destination Chain RH-Firewall-1-INPUT (2 references) target prot opt source destination ACCEPT all -- anywhere anywhere ACCEPT icmp -- anywhere anywhere icmp any ACCEPT ipv6-crypt-- anywhere anywhere ACCEPT ipv6-auth-- anywhere anywhere ACCEPT udp -- anywhere 224.0.0.251 udp dpt:mdns ACCEPT udp -- anywhere anywhere udp dpt:ipp ACCEPT tcp -- anywhere anywhere tcp dpt:ipp ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh REJECT all -- anywhere anywhere reject-with icmp-host-prohibited ----------------------------------- Would like domU on machine1 to have the ability to use tcp/udp over ports 5000-6000 with domU on machine2. Sorry if the columns aren't aligned. Any help sent, thanks in advance. Vince _______________________________________________ Xen-users mailing list Xen-users@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-users

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.