I actually expected to see some different rules than what I have. Not sure what I need to add.
Here are my current tables. (Spaces replaced with -'s for formatting) iptables -L Chain-INPUT(policyACCEPT) target-prot-opt-source-destination ACCEPT-udp--anywhere-anywhere-udp dpt:domain ACCEPT-tcp--anywhere-anywhere-tcp dpt:domain ACCEPT-udp--anywhere-anywhere-udp dpt:bootps ACCEPT-tcp--anywhere-anywhere-tcp dpt:bootps Chain-FORWARD(policyACCEPT) target-prot-opt-source-destination ACCEPT-all--anywhere-192.168.122.0/24-state-RELATED,ESTABLISHED ACCEPT-all--192.168.122.0/24-anywhere ACCEPT-all--anywhere-anywhere REJECT-all--anywhere-anywhere-reject-with icmp-port-unreachable REJECT-all--anywhere-anywhere-reject-with icmp-port-unreachable ACCEPT-all--192.168.122.10-anywhere-PHYSDEV-match--physdev-in vif2.0 ACCEPT-udp--anywhere-anywhere-PHYSDEV-match--physdev-in-vif2.0-udp-spt:bootpc dpt:bootps Chain-OUTPUT-(policyACCEPT) target-prot-opt-source-destination On Wed, 2008-09-17 at 12:59 -0400, Laurentiu C. Badea (L.C.) wrote: > > Graeme Fowler wrote: > > Simple question: does the realserver (the VM, 192.168.122.10) have a > > route direct back to the 10.0.0.0/whatever network? > > > > Xen creates a virtual bridge and adds a few iptables rules to control > access and do NAT for its clients, while the host domain becomes their > gateway. So you have the LVS setup sitting on top of a NAT router. > > I would take a look at the iptables setup and check the packet > counters > during a query, especially on reject rules. Then try to insert rules > to > make it work and make sure the ruleset is maintained across reboots > (Xen > dynamically inserts rules when the bridges are brought up). > > -- > Laurentiu > > _______________________________________________ > LinuxVirtualServer.org mailing list - [email protected] > Send requests to [EMAIL PROTECTED] > or go to http://lists.graemef.net/mailman/listinfo/lvs-users > > _______________________________________________ LinuxVirtualServer.org mailing list - [email protected] Send requests to [EMAIL PROTECTED] or go to http://lists.graemef.net/mailman/listinfo/lvs-users
