|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-users] UPATED xenbr0 doesn't have an IP (should it?!)
Stuart Rench wrote: So now I am convinced that something in iptables and nat has gone awry...but I am EXTREMELY weak on IPTABLES... If I were to flush all dom0 iptables to start from scratch, what is a bare minimum to allow for the following basic network architecture? Gateway - 10.0.0.1 XenServer - 10.0.0.12 Virtual Server - 10.0.0.13 Anyone else on my network - 10.0.0.x The main thing that affects traffic to and from domU in dom0 is the FORWARD chain in the filter table: if you flush this (iptables -F FORWARD) then the usual default policy is ACCEPT which means that traffic can be forwarded. The default rule that permits traffic from some source vifX.0 phydev is only needed when the table's policy is not ACCEPT or when there is some other rule in the FORWARD chain that rejects traffic. You might find "iptables -I FORWARD 1 -j LOG" useful, although, be warned, this can generate a _lot_ of messages that will wind up in /var/log/messages, but you will be able to see what traffic iptables is seeing on that chain. It's also possible that you have rules in some other table that are causing you trouble; running iptables-save will show you all the rules in all the chains in all the tables. You may have something odd in the nat table that is giving you grief. jch _______________________________________________ Xen-users mailing list Xen-users@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-users
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |