LVS
lvs-users
Google
 
Web LinuxVirtualServer.org

Re: [lvs-users] LVS + Xen + NAT

To: "LinuxVirtualServer.org users mailing list." <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
Subject: Re: [lvs-users] LVS + Xen + NAT
From: Graeme Fowler <graeme@xxxxxxxxxxx>
Date: Thu, 18 Sep 2008 09:48:54 +0100
On Wed, 2008-09-17 at 14:08 -0400, Josh Mullis wrote:
> Here is my output from iptables-save:

I'd suggest cloning your REJECT rules and adding a similar LOG line as
follows:

-A FORWARD -o virbr0 -j LOG --log-prefix '[virbr0_out]: '
-A FORWARD -o virbr0 -j REJECT --reject-with icmp-port-unreachable 
-A FORWARD -i virbr0 -j LOG --log-prefix '[virbr0_in]: '
-A FORWARD -i virbr0 -j REJECT --reject-with icmp-port-unreachable

This way you'll see if it's the ruleset triggering the problem. Somehow
I feel that the combination of the three rules specific to all packets
trying to get across the bridge is your culprit here - I could be wrong,
not having run a system like this before, but still - it may be worth a
shot.

If you end up with nothing logged, then...

Graeme



<Prev in Thread] Current Thread [Next in Thread>