Re: [Xen-users] XPC ip address on dom0 xenbr0 inaccessible from other local hosts

To: Steve Allison <xen-users@xxxxxxxxxxxxxxxxxx>
From: Andrew Eross <eross@xxxxxxxxxxxx>
Date: Thu, 6 Oct 2011 16:35:31 -0300
Cc: xen-users@xxxxxxxxxxxxxxxxxxx
Delivery-date: Thu, 06 Oct 2011 12:37:23 -0700
List-id: Xen user discussion <xen-users.lists.xensource.com>

Good god why didn't I think about iptables...never occurred to me that XCP might ship with iptables built in..

And guess what, that was it.

Default XCP iptables looks like this:

target prot opt source destination

ACCEPT all -- anywhere anywhere

ACCEPT icmp -- anywhere anywhere icmp any

ACCEPT esp -- anywhere anywhere

ACCEPT ah -- anywhere anywhere

ACCEPT udp -- anywhere 224.0.0.251 udp dpt:mdns

ACCEPT udp -- anywhere anywhere udp dpt:ipp

ACCEPT tcp -- anywhere anywhere tcp dpt:ipp

ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED

ACCEPT udp -- anywhere anywhere state NEW udp dpt:ha-cluster

ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh

ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:http

ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:https

REJECT all -- anywhere anywhere reject-with icmp-host-prohibited

Just had to fix that up and poof now I have connectivity to my service.

Thanks a heap mate!

On Thu, Oct 6, 2011 at 4:27 PM, Steve Allison <xen-users@xxxxxxxxxxxxxxxxxx> wrote:

On 06/10/2011 20:19, Andrew Eross wrote:

Interestingly, I can ping the other host..

[root@vh02 ~]# ping 192.168.41.21

PING 192.168.41.21 (192.168.41.21) 56(84) bytes of data.

64 bytes from 192.168.41.21: icmp_seq=1 ttl=64 time=0.387 ms

Both hosts are XCP 1.0 and plugged directly into the same physical switch.

Just not route anything to it..

Hmm, interesting! I'd go for the other obvious, and that is iptables. Checking both filter and nat chains.

Have tcpdump or tshark running on vh01 and see if the packets are arriving to the machine.

It could be an ACL of XCP which denies connectivity with an ICMP "destination unreachable", however I am not familiar with XCP but I'm sure someone else on the list can chime in for you.
-- 
May the ping be with you ..
_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users

References:
- [Xen-users] XPC ip address on dom0 xenbr0 inaccessible from other local hosts
  - From: Andrew Eross
- Re: [Xen-users] XPC ip address on dom0 xenbr0 inaccessible from other local hosts
  - From: Steve Allison
- Re: [Xen-users] XPC ip address on dom0 xenbr0 inaccessible from other local hosts
  - From: Andrew Eross
- Re: [Xen-users] XPC ip address on dom0 xenbr0 inaccessible from other local hosts
  - From: Steve Allison
- Re: [Xen-users] XPC ip address on dom0 xenbr0 inaccessible from other local hosts
  - From: Steve Allison
- Re: [Xen-users] XPC ip address on dom0 xenbr0 inaccessible from other local hosts
  - From: Andrew Eross
- Re: [Xen-users] XPC ip address on dom0 xenbr0 inaccessible from other local hosts
  - From: Steve Allison

Prev by Date: Re: [Xen-users] XPC ip address on dom0 xenbr0 inaccessible from other local hosts
Next by Date: Re: [Xen-users] XCP 1.5 Beta availability
Previous by thread: Re: [Xen-users] XPC ip address on dom0 xenbr0 inaccessible from other local hosts
Next by thread: Re: [Xen-users] XCP 1.5 Beta availability
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.