[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-users] IPTABLES on Xen
Hmmm well what is happening here is that right now before you mailed I just rebooted the concerned machine and on the other machine when the target machine came up for some seconds I was able to see the reply of Xen machine and once the gnome display came everything is a mess as I report here in thread. On Tue, Dec 1, 2009 at 8:04 AM, Paolo <paolovictor@xxxxxxxxx> wrote: > I had a similar problem a couple days ago. I had this network layout: > > DHCP Server <-> Switch <-> Host > > Somehow, I could ssh from the DHCP server to a DomU at the host, but > not on the other way around. A friend of mine suggested checking the > routing table at the Host's Dom0, and it was: > > root@aramis:~# route -n > Kernel IP routing table > Destination Gateway Genmask Flags Metric Ref Use Iface > 10.0.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 > 0.0.0.0 10.0.0.1 0.0.0.0 UG 100 0 0 eth0 > 10.0.0.0 0.0.0.0 255.255.255.0 U 0 0 0 peth0 > 0.0.0.0 10.0.0.1 0.0.0.0 UG 100 0 0 peth0 > > Where 10.0.0.1 is the DHCP server's IP address. eth0 is the host's > network interface that's connected to the switch. > > It seemed strange, so I've started toying around and deleted the > entries for the peth0: > > route del -net 0.0.0.0 dev peth0 > route del -net 10.0.0.0 dev peth0 > > And lo and behold, now the DomU could access the Internet (ping > google, etc). Thinking of it now, I didn't remove/disable the network > managers (I'm using Ubuntu), so that may be the source of the problem. > > I hope this helps, > Paolo > > On Tue, Dec 1, 2009 at 1:55 PM, Tapas Mishra <tapas@xxxxxxxxxxxx> wrote: >> >> I am now back to the original problem where the Xen machine is able to >> ping other machines on network >> here is the output from of the Xen machine the issue started with ssh >> [root@localhost ~]# netstat -tualp | grep 22 >> tcp 0 0 localhost.localdomain:2208 *:* >> LISTEN 2594/hpiod >> tcp 0 0 192.168.122.1:domain *:* >> LISTEN 2829/dnsmasq >> tcp 0 0 localhost.localdomain:2207 *:* >> LISTEN 2599/python >> tcp 0 0 192.168.1.84:58022 >> qw-in-f83.1e100.net:http ESTABLISHED 4056/firefox >> udp 0 0 192.168.122.1:domain *:* >> 2829/dnsmasq >> >> >> So it is clear that port 22 is not open here but I have not enabled >> firewall and not disabled ICMP echo still it is not able reply back I >> am able to have outgoing ssh/ping from Xen machine but any incoming >> ssh/ping is notworking while if you read above replies in the thread I >> was able to this Xen machine from my LAN but then it was not able to >> access internet >> Once again I am doing it from start here is what iptables on this machine say >> >> [root@localhost ~]# iptables -L >> Chain INPUT (policy ACCEPT) >> target prot opt source destination >> ACCEPT udp -- anywhere anywhere udp dpt:domain >> ACCEPT tcp -- anywhere anywhere tcp dpt:domain >> ACCEPT udp -- anywhere anywhere udp dpt:bootps >> ACCEPT tcp -- anywhere anywhere tcp dpt:bootps >> >> Chain FORWARD (policy ACCEPT) >> target prot opt source destination >> ACCEPT all -- anywhere 192.168.122.0/24 state >> RELATED,ESTABLISHED >> ACCEPT all -- 192.168.122.0/24 anywhere >> ACCEPT all -- anywhere anywhere >> REJECT all -- anywhere anywhere >> reject-with icmp-port-unreachable >> REJECT all -- anywhere anywhere >> reject-with icmp-port-unreachable >> >> Chain OUTPUT (policy ACCEPT) >> target prot opt source destination >> [root@localhost ~]# >> >> Now what ? >> On Tue, Dec 1, 2009 at 7:40 AM, Tapas Mishra <tapas@xxxxxxxxxxxx> wrote: >> > I have resolved this probblem here is what I did >> > I added to /etc/sysconfig/network-scripts/ifcfg-eth0 >> > PEERDNS=no >> > DNS1=XXX.XXX.XXX.XXX (that is my gateway) >> > >> > But still I am wondering why did it happned >> > ssh and everything else including internet is working fine on the Xen >> > machine >> > On Tue, Dec 1, 2009 at 7:00 AM, Tait Clarridge <tait@xxxxxxxxxxxx> wrote: >> >> >> >>> Yes the problem is happening when using the normal kernel also >> >>> I checked /etc/resolv.conf >> >>> and the nameserver entry there is wrong it should be 4.2.2.6 but each >> >>> time I manually edit it is still taking it from ADSL router. >> >> >> >> Do you have NetworkManager running? If so, stop it and disable it: >> >> >> >> If you are running CentOS you should be able to change the ifcfg-eth* >> >> scripts in /etc/sysconfig/network-scripts to not automatically set DNS >> >> according to the gateway. >> >> >> >> In the ifcfg-ethX (where X is the interface number that your server is >> >> connected to the network, eg eth0) file you can add PEERDNS=no to stop >> >> it from overwriting the DNS entries. >> >> >> > >> > >> > >> > -- >> > >> > http://www.abhitech.com >> > >> >> >> >> -- >> >> http://www.abhitech.com >> >> _______________________________________________ >> Xen-users mailing list >> Xen-users@xxxxxxxxxxxxxxxxxxx >> http://lists.xensource.com/xen-users > -- http://www.abhitech.com _______________________________________________ Xen-users mailing list Xen-users@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-users
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |