|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-users] Yet another question about multiple NICs
Philippe Combes wrote: Did DomU send an ARP request for the remote device ?Yes.Did the remote device reply ? Are the ping requests going out ? Are the replies coming back ? To the right MAC ?No, No, No. $ ping 192.168.24.125 & tshark -i peth1 <snip> If you see requests going out, but no reply, try firing up a packet sniffer on the remote machine and see if the requests are reaching it.I used tshark on the target too. No packet reaches it. Well I'm stumped now !We can see ARP requests going out via peth1, but they don't arrive at the other device - so they are either not being transmitted, or the switch is blocking them. I'd still suggest changing nothing except to connect the machine direct* to something (eg a laptop) and try again - just to completely eliminate any potential switch problem. Having said that, it's not a problem I've personally come across. * Or use a known "dumb" switch so you can have the rest of the network connected (so you get DHCP) and then unplug it from the rest of the network for testing. I found no such message in my logs, but I remember I saw them on the console, once when I had an access to it. But looking those messages, I found something I never saw before, because it was in /var/log/syslog, and I only looked in /var/log/xen/* so far: ---- logger: /etc/xen/scripts/vif-bridge: Successful vif-bridge online for vif1.0, bridge eth0 . logger: /etc/xen/scripts/block: Writing backend/vbd/1/51713/hotplug-status connected to x enstore. logger: /etc/xen/scripts/vif-bridge: Writing backend/vif/1/0/hotplug-status connected to xenstore. logger: /etc/xen/scripts/vif-bridge: iptables -A FORWARD -m physdev --physdev-in vif1.1 -j ACCEPT failed.#012If you are using iptables, this may affect networking for guest domains. logger: /etc/xen/scripts/vif-bridge: Successful vif-bridge online for vif1.1, bridge eth1 . logger: /etc/xen/scripts/vif-bridge: Writing backend/vif/1/1/hotplug-status connected to xenstore. Well I've no idea what's wrong here. The line that's failing reads :Append a rule to the FORWARD table, match (-m) using the physdev module, macthing in put port (--physdev-in) vif1.1, and jump (-j) to the ACCEPT rule. In other words - for any packets entering via bridge port vif1.1, forward them.Now, I've just checked on one of my work servers, and it does indeed have rules like these. # iptables -L -vn ... Chain FORWARD (policy ACCEPT 180M packets, 36G bytes) pkts bytes target prot opt in out source destination46M 50G ACCEPT all -- * * xx.xx.xx.xx 0.0.0.0/0 PHYSDEV match --physdev-in xxxxx 0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 PHYSDEV match --physdev-in xxxxx udp spt:68 dpt:67 While I see from an earlier message that your iptables is empty.However, It shouldn't matter since the default policy on your FORWARD chain is accept - ie anything not expressly blocked should be passed. Is it possible that you don't have physdev matching available in your Dom0 installation ? I don't think this is anything to do with your problem, but could account for the error message. As an aside, I can now see one thing that setting the guest IP address does - it includes the IP address in the iptables rules added for the guest when it starts. -- Simon Hobson Visit http://www.magpiesnestpublishing.co.uk/ for books by acclaimed author Gladys Hobson. Novels - poetry - short stories - ideal as Christmas stocking fillers. Some available as e-books. _______________________________________________ Xen-users mailing list Xen-users@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-users
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |