[Gllug] Xen and iptables problem

- Tethys tethys at gmail.com
Fri Jan 5 14:42:59 UTC 2007


On 1/5/07, Bruce Richardson <itsbruce at workshy.org> wrote:

> It isn't insanely complicated if you tread dom0 purely as an
> administrative domain and do any firewalling from within user domains.

Sadly, that's all I'm trying to do in the first place. I'm quite happy
for the Xen bridge to act as a sure passthrough device. I have no need
or desire to perform any kind of filtering there. DomU filtering will
be done in each DomU, as if it were a real device, directly connected
to the net. Indeed, nothing is being blocked when it traverses xenbr0
anyway. That much is working. It's just the (virtual) eth0 in Dom0
that's giving me problems.

Actually, I forgot to mention in the original post that this is purely
in Dom0. At the moment, all I want is to be able to do DNS lookups
from Dom0 (as a first step to getting "yum update" to work). If I can
get that much working, then the rest should fall into place. I can get
incoming traffic to Dom0 working (e.g., ssh), but all outbound TCP
traffic has the SYN/ACK reply blocked by iptables, for reasons that I
just can't understand.

Tet
-- 
Gllug mailing list  -  Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug




More information about the GLLUG mailing list