|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-users] Yet another question about multiple NICs
Simon Hobson wrote: We can see ARP requests going out via peth1, but they don't arrive at the other device - so they are either not being transmitted, or the switch is blocking them.I'd still suggest changing nothing except to connect the machine direct* to something (eg a laptop) and try again - just to completely eliminate any potential switch problem. Having said that, it's not a problem I've personally come across.* Or use a known "dumb" switch so you can have the rest of the network connected (so you get DHCP) and then unplug it from the rest of the network for testing. OK. I still think that it has nothing to do with the switches of 192.168.24.0, because when I set the description of dom1 to have its FIRST interface on that network, that FIRST interface works great (and eth1 on dom0 as well), while the SECOND interface, now on the routed network that used to work great, goes ill. So OK, I will run the test with the laptop, so that anybody here (inc. me) are convinced that it does not come from the switches. But unfortunately, I will get no physical access to the machine before the beginning of next year. Well I've no idea what's wrong here. The line that's failing reads :Append a rule to the FORWARD table, match (-m) using the physdev module, macthing in put port (--physdev-in) vif1.1, and jump (-j) to the ACCEPT rule. In other words - for any packets entering via bridge port vif1.1, forward them.Now, I've just checked on one of my work servers, and it does indeed have rules like these.# iptables -L -vn ... Chain FORWARD (policy ACCEPT 180M packets, 36G bytes)pkts bytes target prot opt in out source destination 46M 50G ACCEPT all -- * * xx.xx.xx.xx 0.0.0.0/0 PHYSDEV match --physdev-in xxxxx 0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 PHYSDEV match --physdev-in xxxxx udp spt:68 dpt:67While I see from an earlier message that your iptables is empty.However, It shouldn't matter since the default policy on your FORWARD chain is accept - ie anything not expressly blocked should be passed.Is it possible that you don't have physdev matching available in your Dom0 installation ? I don't think this is anything to do with your problem, but could account for the error message. Hmmm. I hacked the vif-common.sh file to get more information on this (and retrieve the error message from iptables). I could get two kinds of errors: "iptables: Resource temporarily unavailable" or "iptables: Bad rule (does a matching rule exist in that chain?)" But it occurs only at the first creation of a dom1 with two vifs, one on every NIC, after dom0 has just booted, and only for the second vif in the declaration. In ANY other case (single vif on whatever NIC, subsequent domU creation, etc.), no error. As an aside, I can now see one thing that setting the guest IP address does - it includes the IP address in the iptables rules added for the guest when it starts. Whether I specify ip=192.168.24.81 in the description of dom1 or not does not change anything to the problem. Only the iptables on dom0 are more specific with the IP. Regards, Philippe _______________________________________________ Xen-users mailing list Xen-users@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-users
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |