[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-users] IPTABLES on Xen

Hmmm well what is happening here is that right now before you mailed I
just rebooted the concerned machine and on the other machine when the
target machine came up for some seconds I was able to see the reply of
Xen machine and once the gnome display came everything is a mess as I
report here in thread.

On Tue, Dec 1, 2009 at 8:04 AM, Paolo <paolovictor@xxxxxxxxx> wrote:
> I had a similar problem a couple days ago. I had this network layout:
>
> DHCP Server <-> Switch <-> Host
>
> Somehow, I could ssh from the DHCP server to a DomU at the host, but
> not on the other way around. A friend of mine suggested checking the
> routing table at the Host's Dom0, and it was:
>
> root@aramis:~# route -n
> Kernel IP routing table
> Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
> 10.0.0.0        0.0.0.0         255.255.255.0   U     0      0        0 eth0
> 0.0.0.0         10.0.0.1        0.0.0.0         UG    100    0        0 eth0
> 10.0.0.0        0.0.0.0         255.255.255.0   U     0      0        0 peth0
> 0.0.0.0         10.0.0.1        0.0.0.0         UG    100    0        0 peth0
>
> Where 10.0.0.1 is the DHCP server's IP address. eth0 is the host's
> network interface that's connected to the switch.
>
> It seemed strange, so I've started toying around and deleted the
> entries for the peth0:
>
> route del -net 0.0.0.0 dev peth0
> route del -net 10.0.0.0 dev peth0
>
> And lo and behold, now the DomU could access the Internet (ping
> google, etc). Thinking of it now, I didn't remove/disable the network
> managers (I'm using Ubuntu), so that may be the source of the problem.
>
> I hope this helps,
> Paolo
>
> On Tue, Dec 1, 2009 at 1:55 PM, Tapas Mishra <tapas@xxxxxxxxxxxx> wrote:
>>
>> I am now back to the original problem where the Xen machine is able to
>> ping other machines on network
>> here is the output from of the Xen machine the issue started with ssh
>> [root@localhost ~]# netstat -tualp | grep 22
>> tcp        0      0 localhost.localdomain:2208  *:*
>>     LISTEN      2594/hpiod
>> tcp        0      0 192.168.122.1:domain        *:*
>>     LISTEN      2829/dnsmasq
>> tcp        0      0 localhost.localdomain:2207  *:*
>>     LISTEN      2599/python
>> tcp        0      0 192.168.1.84:58022
>> qw-in-f83.1e100.net:http    ESTABLISHED 4056/firefox
>> udp        0      0 192.168.122.1:domain        *:*
>>                 2829/dnsmasq
>>
>>
>> So it is clear that port 22 is not open here but I have not enabled
>> firewall and not disabled ICMP echo still it is not able reply back I
>> am able to have outgoing ssh/ping from Xen machine but any incoming
>> ssh/ping is notworking while if you read above replies in the thread I
>> was able to this Xen machine from my LAN but then it was not able to
>> access internet
>> Once again I am doing it from start here is what iptables on this machine say
>>
>> [root@localhost ~]# iptables -L
>> Chain INPUT (policy ACCEPT)
>> target     prot opt source               destination
>> ACCEPT     udp  --  anywhere             anywhere            udp dpt:domain
>> ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:domain
>> ACCEPT     udp  --  anywhere             anywhere            udp dpt:bootps
>> ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:bootps
>>
>> Chain FORWARD (policy ACCEPT)
>> target     prot opt source               destination
>> ACCEPT     all  --  anywhere             192.168.122.0/24    state
>> RELATED,ESTABLISHED
>> ACCEPT     all  --  192.168.122.0/24     anywhere
>> ACCEPT     all  --  anywhere             anywhere
>> REJECT     all  --  anywhere             anywhere
>> reject-with icmp-port-unreachable
>> REJECT     all  --  anywhere             anywhere
>> reject-with icmp-port-unreachable
>>
>> Chain OUTPUT (policy ACCEPT)
>> target     prot opt source               destination
>> [root@localhost ~]#
>>
>> Now what ?
>> On Tue, Dec 1, 2009 at 7:40 AM, Tapas Mishra <tapas@xxxxxxxxxxxx> wrote:
>> > I have resolved this probblem here is what I did
>> > I added to /etc/sysconfig/network-scripts/ifcfg-eth0
>> > PEERDNS=no
>> > DNS1=XXX.XXX.XXX.XXX (that is my gateway)
>> >
>> > But still I am wondering why did it happned
>> > ssh and everything else including internet is working fine on the Xen 
>> > machine
>> > On Tue, Dec 1, 2009 at 7:00 AM, Tait Clarridge <tait@xxxxxxxxxxxx> wrote:
>> >>
>> >>> Yes the problem is happening when using the normal kernel also
>> >>> I checked /etc/resolv.conf
>> >>> and the nameserver entry there is wrong it should be 4.2.2.6 but each
>> >>> time I manually edit it is still taking it from ADSL router.
>> >>
>> >> Do you have NetworkManager running? If so, stop it and disable it:
>> >>
>> >> If you are running CentOS you should be able to change the ifcfg-eth*
>> >> scripts in /etc/sysconfig/network-scripts to not automatically set DNS
>> >> according to the gateway.
>> >>
>> >> In the ifcfg-ethX (where X is the interface number that your server is
>> >> connected to the network, eg eth0) file you can add PEERDNS=no to stop
>> >> it from overwriting the DNS entries.
>> >>
>> >
>> >
>> >
>> > --
>> >
>> > http://www.abhitech.com
>> >
>>
>>
>>
>> --
>>
>> http://www.abhitech.com
>>
>> _______________________________________________
>> Xen-users mailing list
>> Xen-users@xxxxxxxxxxxxxxxxxxx
>> http://lists.xensource.com/xen-users
>



-- 

http://www.abhitech.com

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.