Re: Problem with networking in xen

Stelian Iancu adjusted his/her tin foil beanie and asbestos underwear
to
write:

> Hi all,
>
> I've instlled xen 2.0.5b from the packages at
> http://www.suse.de/~garloff/linux/xen in SUSE Linux 9.2.
>
> My network setup is as follows:
> - eth0 has a private ip (192.168.1.1) and it is linked to my
internal
> network (actually to my laptop using a crossover cable);
> - eth1 has a public ip and it goes to internet.
>
> I am using SUSE Firewall for NAT. The laptop has the IP 192.168.1.2.

>
> Now when I'm booting the xen kernel, it creates the bridge xen-br0
> which is linked to eth0. The problem is that now the NAT doesn't
work
> anymore. I cannot even ping 192.168.1.1 from the laptop. However, if
I
> stop the SUSE Firewall, I am able to ping eth0 (but then the NAT
won't
> work, and I really want to have the firewall on).
>
> This is what my logs say at the moment:
>
> Mar 26 11:12:29 paradise kernel: SFW2-FWD-ILL-ROUTING IN=xen-br0
> OUT=eth1 PHYSIN=eth0 SRC=192.168.1.2 DST=194.47.142.103 LEN=48
> TOS=0x00 PREC=0x00 TTL=127 ID=31697 DF PROTO=TCP SPT=1950 DPT=22904> WINDOW=65535 RES=0x00 SYN URGP=0 OPT (020405B401010402)
>
> In the README.SUSE document from the site above, it is written:
>
> If you use SUSEfirewall2, you'll probably want to add xen-br0 to the

> list of interfaces; as eth0 is on there, you'll probably want to add

> xen-br0 to the same class as eth0.
>
> The problem is that I don't know how to add xen-br0 to this
firewall.
>
> So any help and suggestions are really welcome!
>
> Thanks!
>

Quick answer:

You can add more than one interface to the internal/external parts ofthe firewall, run Yast>Security & Users>Firewall now if you want the xen-br0 interface in the internal box just click in the box after theeth0 and enter xen-br0 as long as there is a space between the 2
entries it will work fine.

HTH

--
Mark
Novell Support Forums SysOp
Twixt hill and high water
N. Wales, UK.

>
> Quick answer:
>
> You can add more than one interface to the internal/external parts
of
> the firewall, run Yast>Security & Users>Firewall now if you want the

> xen-br0 interface in the internal box just click in the box after
the
> eth0 and enter xen-br0 as long as there is a space between the 2
> entries it will work fine.
>
> HTH
>

Thanks Mark! I found it out in the next minute after my posting by
reading the help in the left part of the firewall config window :-)

I guess that help was *really* meant to be read! :-)

--
Regards,
Stelian

siancu _AT_ gmail _DOT_ com

Stelian Iancu adjusted his/her tin foil beanie and asbestos underwear
to
write:

>>
>> Quick answer:
>>
>> You can add more than one interface to the internal/external parts
of
>> the firewall, run Yast>Security & Users>Firewall now if you want
the
>> xen-br0 interface in the internal box just click in the box after
the
>> eth0 and enter xen-br0 as long as there is a space between the 2
>> entries it will work fine.
>>
>> HTH
>>
>
> Thanks Mark! I found it out in the next minute after my posting by
> reading the help in the left part of the firewall config window :-)>
> I guess that help was *really* meant to be read! :-)
>

No probs Stellan,

You actually read the help?????!!!

Shame on you, don`t do it again you might teach people bad habits ;-)
Enjoy.

--
Mark
Novell Support Forums SysOp
Twixt hill and high water
N. Wales, UK.