[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-users] iptables problem

To: xen-users@xxxxxxxxxxxxxxxxxxx
From: Ivan Lisenkov <ivan@xxxxxxxxx>
Date: Tue, 13 Oct 2009 14:31:52 +0400
Delivery-date: Tue, 13 Oct 2009 03:33:00 -0700
List-id: Xen user discussion <xen-users.lists.xensource.com>

Dear xen users,

I am using xen 3.3.1 on opensuse 11.1. After creating a domU with 2 nics two iptables rules are created by default:

-A FORWARD -s XX.XX.XX.24/32 -m physdev --physdev-in vif77.0 -j ACCEPT
-A FORWARD -p udp -m physdev --physdev-in vif77.0 -m udp --sport 68 --dport 67 -j ACCEPT
-A FORWARD -s XX.XX.XX.25/32 -m physdev --physdev-in vif77.1 -j ACCEPT
-A FORWARD -p udp -m physdev --physdev-in vif77.1 -m udp --sport 68 --dport 67 -j ACCEPT

The rules seems logical, but one of them does no work! I can't ping XX.XX.XX.24 from outside. But if I change the rule manulally to:

-A FORWARD -s 188.40.226.24/32 -m physdev --physdev-in vif77.1 -j ACCEPT

everything works. This seems unlogical, because first ip is bounded to second nic, but works. The problem is that I have to change the rules every I reboot domu.

Any ideas how to fix it?

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users

Follow-Ups:
- Re: [Xen-users] iptables problem
  - From: Sergey Smirnov

Prev by Date: Re: [Xen-users] moving virtual machines from one computer to another
Next by Date: [Xen-users] i have question about domain-U's full virtual install
Previous by thread: [Xen-users] Xen on archlinux
Next by thread: Re: [Xen-users] iptables problem
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.