XEN: can't ping google.com from domU

Discussion in 'Installation/Configuration' started by nomed, Apr 15, 2008.

  1. nomed

    nomed New Member

    hi,

    i have a xen dom0 based on debian etch.



    Code:
    dom0# ifconfig
    
    eth0      Link encap:Ethernet  HWaddr 00:13:21:20:B2:80  
              inet addr:10.62.1.117  Bcast:10.62.1.255  Mask:255.255.255.0
              inet6 addr: fe80::213:21ff:fe20:b280/64 Scope:Link
              UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
              RX packets:7552 errors:0 dropped:0 overruns:0 frame:0
              TX packets:1789 errors:0 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:1000 
              RX bytes:805664 (786.7 KiB)  TX bytes:435194 (424.9 KiB)
              Interrupt:17 
    
    eth1      Link encap:Ethernet  HWaddr 00:13:21:20:B2:7F  
              inet addr:192.168.1.1  Bcast:192.168.1.255  Mask:255.255.255.0
              inet6 addr: fe80::213:21ff:fe20:b27f/64 Scope:Link
              UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
              RX packets:590 errors:0 dropped:0 overruns:0 frame:0
              TX packets:194 errors:0 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:0 
              RX bytes:69271 (67.6 KiB)  TX bytes:27279 (26.6 KiB)
    
    lo        Link encap:Local Loopback  
              inet addr:127.0.0.1  Mask:255.0.0.0
              inet6 addr: ::1/128 Scope:Host
              UP LOOPBACK RUNNING  MTU:16436  Metric:1
              RX packets:256 errors:0 dropped:0 overruns:0 frame:0
              TX packets:256 errors:0 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:0 
              RX bytes:20903 (20.4 KiB)  TX bytes:20903 (20.4 KiB)
    
    peth1     Link encap:Ethernet  HWaddr FE:FF:FF:FF:FF:FF  
              UP BROADCAST NOARP  MTU:1500  Metric:1
              RX packets:0 errors:0 dropped:0 overruns:0 frame:0
              TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:1000 
              RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)
              Interrupt:18 
    
    vif0.1    Link encap:Ethernet  HWaddr FE:FF:FF:FF:FF:FF  
              inet6 addr: fe80::fcff:ffff:feff:ffff/64 Scope:Link
              UP BROADCAST RUNNING NOARP  MTU:1500  Metric:1
              RX packets:194 errors:0 dropped:0 overruns:0 frame:0
              TX packets:590 errors:0 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:0 
              RX bytes:27279 (26.6 KiB)  TX bytes:69271 (67.6 KiB)
    
    vif1.0    Link encap:Ethernet  HWaddr FE:FF:FF:FF:FF:FF  
              inet6 addr: fe80::fcff:ffff:feff:ffff/64 Scope:Link
              UP BROADCAST RUNNING NOARP  MTU:1500  Metric:1
              RX packets:590 errors:0 dropped:0 overruns:0 frame:0
              TX packets:191 errors:0 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:0 
              RX bytes:61011 (59.5 KiB)  TX bytes:27041 (26.4 KiB)
    
    xenbr1    Link encap:Ethernet  HWaddr FE:FF:FF:FF:FF:FF  
              inet6 addr: fe80::200:ff:fe00:0/64 Scope:Link
              UP BROADCAST RUNNING NOARP  MTU:1500  Metric:1
              RX packets:8 errors:0 dropped:0 overruns:0 frame:0
              TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:0 
              RX bytes:440 (440.0 b)  TX bytes:0 (0.0 b)
    
    
    Code:
    dom0# cat /etc/network/interfaces 
    
    auto lo
    iface lo inet loopback
    
    allow-hotplug eth0
    iface eth0 inet static
            address 10.62.1.117
            netmask 255.255.255.0
            network 10.62.1.0
            broadcast 10.62.1.255
            gateway 10.62.1.1
    
    allow-hotplug eth1
    iface eth1 inet static
            address 192.168.1.1
            netmask 255.255.255.0
            network 192.168.1.0
            broadcast 192.168.1.255 
    
    Code:
    dom0# brctl show
    bridge name     bridge id               STP enabled     interfaces
    xenbr1          8000.feffffffffff       no              vif0.1
                                                            peth1
                                                            vif1.0
    
    
    Code:
    dom0# route
    Kernel IP routing table
    Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
    192.168.1.0     *               255.255.255.0   U     0      0        0 eth1
    localnet        *               255.255.255.0   U     0      0        0 eth0
    default         10.62.1.1       0.0.0.0         UG    0      0        0 eth0
    
    Code:
    dom0# iptables-save 
    
    *filter
    :INPUT ACCEPT [88:7776]
    :FORWARD ACCEPT [0:0]
    :OUTPUT ACCEPT [79:6696]
    -A FORWARD -s 192.168.1.2 -m physdev  --physdev-in vif1.0 -j ACCEPT 
    -A FORWARD -p udp -m physdev  --physdev-in vif1.0 -m udp --sport 68 --dport 67 -j ACCEPT 
    COMMIT
    
    there is then a domU called stable-i386:

    Code:
    kernel  = '/boot/vmlinuz-2.6.18-6-xen-amd64'
    ramdisk = '/boot/initrd.img-2.6.18-6-xen-amd64'
    memory  = '256'
    root    = '/dev/sda1 ro'
    disk    = [ 'phy:xenvg/stable-i386-disk,sda1,w', 'phy:xenvg/stable-i386-swap,sda2,w', 'phy:xenvg/buildd-lvm,sda3,w']
    name    = 'stable-i386'
    vif  = [ 'ip=192.168.1.2, bridge=xenbr1' ]
    on_poweroff = 'destroy'
    on_reboot   = 'restart'
    on_crash    = 'restart'
    
    i can:

    - ping from dom0
    - ssh to domU from dom0
    - ping dom0 from domU

    the problem is that i can't ping google.com from domU.

    How can i fix that issue ?

    thanks

    from dom0 i can ping google.com, but i can't ping google from domu
     
  2. falko

    falko Super Moderator ISPConfig Developer

    What's in /etc/resolv.conf on domu?
    Does
    Code:
    ping -c2 72.14.207.99
    work?
     
  3. nomed

    nomed New Member

    Code:
    
    stable-i386:~# ping -c2 72.14.207.99
    PING 72.14.207.99 (72.14.207.99) 56(84) bytes of data.
    
    --- 72.14.207.99 ping statistics ---
    2 packets transmitted, 0 received, 100% packet loss, time 1007ms
    
    it's not a ns issue, i suppose i should add iptables rules.

    Any idea if i have to do that and what 's the iptables cmd i should use ?
     
  4. falko

    falko Super Moderator ISPConfig Developer

Share This Page