[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-users] Re: [Xen-devel] xen 4.1.2* dhcp issue/bug when installing/booting HVM domU domains (CentOS 6, unbuntu 11.04 server). Debian/OpenSolaris work fine.

On Tue, Aug 16, 2011 at 09:05:13PM +0200, Mark Schneider wrote:
>>>>>>>>                
>>>>>>> So here's your problem. Your bridge in dom0 is NOT forwarding the
>>>>>>> packets out to peth0..
>>>>>>>
>>>>>>>
>>>>>>> So where are these packets going to ? They're not getting out of
>>>>>>> dom0..
>>>>>>>
>>>>>>> Do you have a firewall rule in dom0 that drops them?
>>>>>>>
>>>>        
>> and "iptables -L -n -v" does not list any rules?
>>    
>
> root@xen411dom0:~# iptables -L -n -v
> Chain INPUT (policy ACCEPT 232 packets, 25984 bytes)
>  pkts bytes target     prot opt in     out     source                
> destination
>
> Chain FORWARD (policy DROP 0 packets, 0 bytes)
>  pkts bytes target     prot opt in     out     source                
> destination
>     0     0 ACCEPT     all  --  *      *       0.0.0.0/0             
> 0.0.0.0/0            PHYSDEV match --physdev-in peth0
>

So you DO have a firewall in place!

As a default ALL packets are DROPped!
And you're only allowing packets to other direction? 


> Chain OUTPUT (policy ACCEPT 184 packets, 24528 bytes)
>  pkts bytes target     prot opt in     out     source                
> destination
> root@xen411dom0:~#
>


>>>      
>> So the HVM domU gets the correct MAC of the gateway,
>> and starts sending packets to it.
>>
>> The next step would be to dump on eth0 on dom0.. do you see the same packets 
>> there?
>>
>> At the same time also dump on peth0, do the packets go out there to the 
>> physical network?
>>    
>
> # Requests and reply on peth0 are there:
> 18:06:00.324825 ARP, Request who-has 192.168.1.1 tell 192.168.1.180,  
> length 28
> 18:06:00.325012 ARP, Reply 192.168.1.1 is-at 00:1d:7e:ad:35:a8, length 46
>
> # Requests and reply on eth0 are *also* there:
> 18:06:00.324825 ARP, Request who-has 192.168.1.1 tell 192.168.1.180,  
> length 28
> 18:06:00.325012 ARP, Reply 192.168.1.1 is-at 00:1d:7e:ad:35:a8, length 46
>
> # There are ICMP requests on eth0 but look like that there are *not  
> forwarded* to peth0.
> 18:06:00.334350 IP 192.168.1.180 > 192.168.1.1: ICMP echo request, id  
> 55045, seq 1, length 64
> 18:06:01.324098 IP 192.168.1.180 > 192.168.1.1: ICMP echo request, id  
> 55045, seq 2, length 64
>

So the problem is in dom0 Linux kernel configuration.


> Any idea why? I have attached both tpcdumps.
>

Because of the firewall rule? 

-- Pasi


_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.