WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
Xen
Home Products Support Community News

xen-users

[Top] [All Lists]
<prev [Date] next>
[Advanced]
<prev [Thread] next>

[Xen-users] iptables and state matches (established, related)

from [Andrey Oreshnikov] [Permanent Link][Original]
To: xen-users@xxxxxxxxxxxxxxxxxxx
Subject: [Xen-users] iptables and state matches (established, related)
From: "Andrey Oreshnikov" <elride@xxxxxxxxx>
Date: Mon, 9 Apr 2007 16:12:47 +0400
Delivery-date: 2007年4月09日 05:11:42 -0700
Dkim-signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; b=Q7uQqz0GOGSqtD7VSt64kuCGAiNVj0c9Aummz5wtPs2psZnytpG6ZGo/Ai8VcJ8WmZlpSrjatIg0NhwAmhk5LR5cseUs1Mmo56MLjayvh6fCTW8CYDCj4WF7JKwEVOfYf4Zue9EAE4xTr/WlEMsw/jG1cec0XEKgqXqCnuF8lGo=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; b=Pi/49oDUEFJ3o8iMFHtxIQRPKtWlACb5gML6n4cuJ7IMXWYu1GfmS5hia0ninEDZuGM3TRZwFpSY7z03/APsGS6WI0r+eD+GiJCR+akYt1XvMR1bnpVJdBCYeJpJyYFV8wCxYmFxYjrEDmvQ8j2ZG02lQXlYDbL0aGIgMf0to8I=
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx 
I use xen-3.0.4_1 ( linux-2.6.16.33 ) and have some promblem with it
and iptables. I installed both from source and from rpms for Suse. The
problem is in both.
The iptables state match don't work in INPUT and OUTPUT chains but
work in FORWARD chain. For example rule
iptables -A INPUT -p ALL -m state --state ESTABLISHED,RELATED -j ACCEPT
don't match any packets in established connection.
Necessarily modules are loaded
# lsmod | grep conntrack
ip_conntrack_ftp 12144 1 ip_nat_ftp
ip_conntrack 58584 3 ip_nat_ftp,ip_nat,ip_conntrack_ftp
nfnetlink 10520 2 ip_nat,ip_conntrack
# cat /proc/net/ip_conntrack
tcp 6 186909 ESTABLISHED src=192.168.0.170 dst=192.168.0.124
sport=29664 dport=22 packets=1 bytes=52 [UNREPLIED] src=192.168.0.124
dst=192.168.0.170 sport=22 dport=29664 packets=0 bytes=0 mark=0 use=1
This rule work fine:
IPTABLES -A FORWARD -p ALL -m state --state ESTABLISHED,RELATED -j ACCEPT
In xen-3.0.2 from sles distribution this problem is absent.
any suggestion?
_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date: Re: [Xen-users] xen check-build errors , Nico Kadel-Garcia
Next by Date: Re: [Xen-users] Custom networking problems , trilok nuwal
Previous by Thread: [Xen-users] How to write a domU for an existing kernel? , pradeep ratnala
Next by Thread: [Xen-users] iptables and state matches (established, related) , Andrey Oreshnikov
Indexes: [Date] [Thread] [Top] [All Lists]

Copyright ©, Citrix Systems Inc. All rights reserved. Legal and Privacy
Citrix This site is hosted by Citrix

AltStyle によって変換されたページ (->オリジナル) /