Bug 669747
Summary: | Xen's network-route and vif-route scripts broken | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | W. Michael Petullo <mike> |
Component: | xen | Assignee: | Xen Maintainance List <xen-maint> |
Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | medium | Docs Contact: | |
Priority: | low | ||
Version: | 14 | CC: | berrange, jforbes, kraxel, m.a.young, virt-maint, xen-maint |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | xen-4.0.1-7.fc14 | Doc Type: | Bug Fix |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2011-02-07 20:03:36 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
W. Michael Petullo
2011-01-14 15:58:54 UTC
The first issue, that of the network-route script not setting up ARP proxying properly may be fixed with the following patch: --- network-route.orig 2011-01-17 11:47:56.698858533 -0600 +++ network-route 2011-01-17 11:48:15.469082276 -0600 @@ -22,7 +22,7 @@ evalVariables "$@" -netdev=${netdev:-eth${vifnum}} +netdev=${netdev:-eth${vifnum:-0}} echo 1 >/proc/sys/net/ipv4/ip_forward echo 1 >/proc/sys/net/ipv4/conf/${netdev}/proxy_arp I am not sure where $vifnum is supposed to be set, but it is not being set on my system. This uses '0' when it is not set. The second issue is fixed for me with the following patch (but someone else might want to confirm that my iptables rules are equivalent to the intention of the previous ones): --- vif-common.sh.orig 2011-01-17 12:11:41.625343857 -0600 +++ vif-common.sh 2011-01-17 13:16:04.162440608 -0600 @@ -73,10 +73,10 @@ local c="-D" fi - iptables "$c" FORWARD -m physdev --physdev-in "$vif" "$@" -j ACCEPT \ + iptables "$c" FORWARD --in-interface "$vif" "$@" -j ACCEPT \ 2>/dev/null && - iptables "$c" FORWARD -m state --state RELATED,ESTABLISHED -m physdev \ - --physdev-out "$vif" -j ACCEPT 2>/dev/null + iptables "$c" FORWARD -m state --state RELATED,ESTABLISHED \ + --out-interface "$vif" -j ACCEPT 2>/dev/null if [ "$command" == "online" -a $? -ne 0 ] then xen-4.0.1-7.fc14 has been submitted as an update for Fedora 14. https://admin.fedoraproject.org/updates/xen-4.0.1-7.fc14 Fixed in the build listed in comment #2. How do we get these changes upstream? xen-4.0.1-7.fc14 has been pushed to the Fedora 14 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update xen'. You can provide feedback for this update here: https://admin.fedoraproject.org/updates/xen-4.0.1-7.fc14 Upstream for the second change has gone in a different direction with the lines iptables "$c" FORWARD -m physdev --physdev-is-bridged --physdev-in "$vif" \ "$@" -j ACCEPT 2>/dev/null && iptables "$c" FORWARD -m physdev --physdev-is-bridged --physdev-out "$vif" \ -j ACCEPT 2>/dev/null xen-4.0.1-7.fc14 has been pushed to the Fedora 14 stable repository. If problems still persist, please make note of it in this bug report. |