LVS
lvs-users
[Top] [All Lists]
Google
 
Web LinuxVirtualServer.org
<prev [Date] next> <prev [Thread] next>

Re: [lvs-users] LVS + Xen + NAT

from [Graeme Fowler] [Permanent Link]
To: "LinuxVirtualServer.org users mailing list." <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
Subject: Re: [lvs-users] LVS + Xen + NAT
From: Graeme Fowler <graeme@xxxxxxxxxxx>
Date: Thu, 18 Sep 2008 09:48:54 +0100 
On Wed, 2008-09-17 at 14:08 -0400, Josh Mullis wrote:
> Here is my output from iptables-save:

I'd suggest cloning your REJECT rules and adding a similar LOG line as
follows:

-A FORWARD -o virbr0 -j LOG --log-prefix '[virbr0_out]: '
-A FORWARD -o virbr0 -j REJECT --reject-with icmp-port-unreachable 
-A FORWARD -i virbr0 -j LOG --log-prefix '[virbr0_in]: '
-A FORWARD -i virbr0 -j REJECT --reject-with icmp-port-unreachable

This way you'll see if it's the ruleset triggering the problem. Somehow
I feel that the combination of the three rules specific to all packets
trying to get across the bridge is your culprit here - I could be wrong,
not having run a system like this before, but still - it may be worth a
shot.

If you end up with nothing logged, then...

Graeme
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [lvs-users] Connections through VIP are slow (with 5 seconds delay for each connection), Nookala Satish Kumar
Next by Date:  Re: [lvs-users] Connections through VIP are slow (with 5 seconds delay for each connection), Joseph Mack NA3T
Previous by Thread:  Re: [lvs-users] LVS + Xen + NAT, David Dyer-Bennet
Next by Thread:  Re: [lvs-users] LVS + Xen + NAT, Josh.Mullis
Indexes:  [Date] [Thread] [Top] [All Lists]