Forwarding, ARP proxy, Lenny, XEN & route.

To: debian-user@lists.debian.org
Subject: Forwarding, ARP proxy, Lenny, XEN & route.
From: Gaulin Jérôme <jerome.gaulin@tescom-uplink.com>
Date: Sat, 21 Feb 2009 14:20:58 +1100
Message-id: <[🔎] 19CD4043-11A6-437B-A845-0707BBE4CC31@tescom-uplink.com>

Hello,

After a dom0 upgrade to lenny I can not reach anymore my debian baseddomU from another site (exept from dom0) as well as reach anothersite ( exept dom0 ) from the domU.Both dom0 and domU have public IP address (x.x.y.38 and x.x.z.148) & Iuse xen routing mode.


An overview :

#
# The dom0 :
#
A Lenny recently upgrade from etch.

Linux B 2.6.26-1-xen-amd64 #1 SMP Sat Jan 10 20:39:26 UTC 2009 x86_64GNU/Linux


# dpkg -l  xen :
libxenstore3.0
linux-image-2.6.26-1-xen-amd64
linux-modules-2.6.26-1-xen-amd64
xen-hypervisor-3.2-1-amd64
xen-linux-system-2.6.26-1-xen-amd64
xen-shell
xen-tools
xen-utils-3.2-1
xen-utils-common
xenstore-utils
xenwatch

# The primary network interface
iface eth0 inet static
        address x.x.y.38
        netmask 255.255.255.0
        network x.x.y.0
        broadcast x.x.y.255
        gateway x.x.y.1

# grep -v # /etc/xen/xend-config.sxp | cat -s
(network-script 'network-route netdev=eth0')
(vif-script     vif-route)
(dom0-min-mem 520)

# route -n

x.x.z.148 0.0.0.0 255.255.255.255 UH 0 0 0vif1.0

x.x.y.0     0.0.0.0         255.255.255.0   U     0      0        0 eth0
0.0.0.0         x.x.y.1     0.0.0.0         UG    0      0        0 eth0

# sysctl -a
net.ipv4.conf.eth0.proxy_arp = 1
net.ipv4.conf.vif1/0.proxy_arp = 1

# iptables -L ( the table nat is empty )
Chain INPUT (policy ACCEPT) empty
Chain OUTPUT (policy ACCEPT) empty
Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

ACCEPT all -- x.x.z.148 anywhere PHYSDEV match --physdev-in vif1.0ACCEPT udp -- anywhere anywhere PHYSDEVmatch --physdev-in vif1.0 udp spt:bootpc dpt:bootps


# xm list

Name ID Mem VCPUs StateTime(s)Domain-0 0 256 1r----- 24.7C 1 1408 1-b---- 11.9



#
# The domU: an etch
#
kernel  = '/boot/vmlinuz-2.6.18-6-xen-amd64'
disk    = [ 'phy:vg00/www-disk,sda1,w', 'phy:vg00/www-swap,sda2,w' ]
name    = 'C'
vif  = [ 'mac=00:16:3e:52:6a:df, ip=x.x.z.148' ]
netmask = "255.255.255.0"
gateway = "x.x.y.38"

# The primary network interface
auto eth0
iface eth0 inet static
        address x.x.z.148
        netmask 255.255.255.255
        up route add -host x.x.y.38 dev eth0
        up route add -net 0.0.0.0 netmask 0.0.0.0 gw x.x.y.38 dev eth0

down route del -net 0.0.0.0 netmask 0.0.0.0 gw x.x.y.38 deveth0

        down route del -host x.x.y.38 dev eth0


#
# Scenario :
#

From dom0 : ping domU ok
From domU: ping dom0 ok

I did a ping from a server in another site ( server "A”) to the domU“C”, which is the virtualised guest running on server “B”.I tcpdumped on the server B and i saw the classical icmp’s paquetsrequest & reply But… the reply never reach the server A. Packets arelike dropped by the domU.


It seems that i have forgoten something... but WHAT
In the table "filter", the chain FORWARD seems sufficiant for me.

Thanks for your time,

J.

Reply to:

Prev by Date: Re: vlc still playing?
Next by Date: Re: Lenny kernel (2.6.26) hangs
Previous by thread: Google Talk voice chat on GNU/Linux
Next by thread: Buggy Lenny "xkb-data" Package (Alt/AltGr Problem)
Index(es):
- Date
- Thread