[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [Xen-users] firewall messing xen setup


  • To: "zuaago" <zuaago@xxxxxxxxx>, <xen-users@xxxxxxxxxxxxxxxxxxx>
  • From: "Ian Tobin" <itobin@xxxxxxxxxxxxx>
  • Date: Mon, 16 Jul 2007 13:00:25 +0100
  • Delivery-date: Mon, 16 Jul 2007 04:58:29 -0700
  • List-id: Xen user discussion <xen-users.lists.xensource.com>
  • Thread-index: AcfHncOL2FlEPFTcRaulSvEvpaSH3gAAwjlg
  • Thread-topic: [Xen-users] firewall messing xen setup

Glad it works, you will need to add it as part of your firewall script at the 
top in case you reboot the server.

thanks

Tidyhosts UK - Server & Web Specialists
 
This email and its attachments are scanned by TidyHosts UK. All emails and 
attachments should also be scanned by the recipient. TidyHosts UK accept no 
responsibility for any damage caused by any virus attached to this email.  This 
email is confidential and is intended only for the addressee(s). Information 
copied from it is prohibited unless clearly stated by TidyHosts UK. If you have 
received this email in error please reply to the sender.


-----Original Message-----
From: zuaago [mailto:zuaago@xxxxxxxxx] 
Sent: 16 July 2007 12:40
To: Ian Tobin; xen-users@xxxxxxxxxxxxxxxxxxx
Subject: Re: [Xen-users] firewall messing xen setup

now everything works, great!

thank you very very much ian!


regards

jorge



2007/7/16, Ian Tobin <itobin@xxxxxxxxxxxxx>:
>
>
>
>
> Run this
>
>
>
> sysctl -w net.bridge.bridge-nf-call-iptables="0"
>
>
>
> then try your firewall again
>
>
>
> Ian
>
>
>
> Tidyhosts UK - Server & Web Specialists
>
>
>
> This email and its attachments are scanned by TidyHosts UK. All emails and 
> attachments should also be scanned by the recipient. TidyHosts UK accept no 
> responsibility for any damage caused by any virus attached to this email.  
> This email is confidential and is intended only for the addressee(s). 
> Information copied from it is prohibited unless clearly stated by TidyHosts 
> UK. If you have received this email in error please reply to the sender.
>
>
>
>
> From: xen-users-bounces@xxxxxxxxxxxxxxxxxxx 
> [mailto:xen-users-bounces@xxxxxxxxxxxxxxxxxxx] On Behalf Of zuaago
>  Sent: 15 July 2007 23:26
>  To: xen-users@xxxxxxxxxxxxxxxxxxx
>  Subject: [Xen-users] firewall messing xen setup
>
>
>
>
> hi all,
>
>  i'm trying to understand how networking works on xen, but the firewall is 
> messing the setup and i don't know why (it shouldn't block connections of the 
> virtual interfaces!)..
>
>  i've the following setup: suse 10.2 with 2 network interfaces, the first one 
> remains untouched by xen and is used only by the server itself -no problem-. 
> the second one runs on another network and is managed by xen. the second 
> interface doesn't work when the firewall is activated and server and 
> virual-server can't see each other. none of them can connect to any other 
> hosts of this second network.
>
>  bridge is up and running:
>
>  # brctl show xenbr1
>  bridge name     bridge id               STP enabled     interfaces
>  xenbr1          8000.feffffffffff       no              vif0.1
>                                                          peth1
>                                                          vif1.0
>
>  everything seems to be correct, interfaces are:
>
>  eth0 - network 1 - xen doesn't use it, works well
>  eth1 - network 2 - xen manages it, does not work when firewall is enabled
>  peth1
>  vif0.1 - eth1 on server
>  vif1.0 - eth0 on virtual server
>  xenbr1
>  lo
>
>  what's what i'm missing about xen networking? the server firewall should 
> only block connections directed to him, but not those of the virtual server, 
> is it right? i have tried to put this interface on the internal zone (no port 
> is blocked) and doen't work, i've activated forwarding, doesn't work.. only 
> when the firewall is stopped everything works fine..
>  any help would be appreciated!
>
>  regards
>
>  jorge
>
>
>
>
>
>
>
>
>


_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.