[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-users] iptables does not see inter-domU traffic

To: Xen-users@xxxxxxxxxxxxxxxxxxx
From: Bart Verwilst <lists@xxxxxxxxxxx>
Date: Thu, 11 Oct 2007 00:52:19 +0200 (CEST)
Delivery-date: Wed, 10 Oct 2007 15:53:11 -0700
List-id: Xen user discussion <xen-users.lists.xensource.com>

Hi!

I'm trying to use iptables to regulate traffic between my domU's. Every domU 
has an external IP address. I have one bridge, xenbr0, configured the debian 
way like this:

auto xenbr0
iface xenbr0 inet static
        address xxx.xx.xx.xxx
        netmask 255.255.255.192
        metric  0
        gateway xxx.xx.xx.xxx
        bridge_ports eth0
        bridge_maxwait 0


All domU's have internet access and can reach eachother, no problems there.

net.bridge.bridge-nf-call-iptables is set to 1.

To test/show my problem, i've set this rule:

iptables -A FORWARD -p tcp --dport 80 -d <domU ip> -j LOG 
--log-prefix="connect-http: "

Then, from a remote location, i telnet to the ip and port. I see an entry about 
it appearing in /var/log/syslog.
When I try the same from another domU, no logs whatsoever..

Any clues?

Thanks!

Kind regards,

Bart Verwilst

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users

Prev by Date: Re: [Xen-users] clocksource/0: Time went backwards
Next by Date: Re: [Xen-users] clocksource/0: Time went backwards
Previous by thread: [Xen-devel] dom0 and domU /dev/urandom generating too less entropy
Next by thread: [Xen-users] VCPU migration count
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.