[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-users] frob_iptable not getting called for network-bridge?

Hi list,

I have a CentOS Xen 3.4.2 dom0 setup with:

(network-script 'network-bridge netdev=eth0 antispoof=yes')

and:

(vif-script vif-bridge)

The problem is that newly created domUs are firewalled (the FORWARD chain
policy is DROP).

Looking at the scripts in /etc/xen/scripts, shouldn't the frob_iptable
function should take care of adding the correct rules to permit access to
the domU IP?  Or have I missed something?

Here is the output of 'brctl show' with  guests running:

[root@mydom0 xen]# brctl show
bridge name     bridge id               STP enabled     interfaces
eth0            8000.003048d9edf6       no              vifdomu1
                                                        vifdomu2
                                                        peth0

and here is the output of 'iptables -L':

[root@mydom0 xen]# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain FORWARD (policy DROP)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere            PHYSDEV match
--physdev-in peth0

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

If I drop the FORWARD rules and set it to ACCEPT by default, domU
networking starts to work, but I would rather do it right.


Thanks in advance,

Matt


_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.