Bug 177794 - Networking conflicts between xend and iptables
Summary: Networking conflicts between xend and iptables
Status: CLOSED RAWHIDE
Alias: None
Product: Fedora
Classification: Fedora
Component: xen
Version: rawhide
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Rik van Riel
QA Contact:
URL:
Whiteboard:
Keywords:
Depends On:
Blocks: 179599
TreeView+ depends on / blocked
 
Reported: 2006-01-14 05:21 UTC by Stephen Tweedie
Modified: 2007-11-30 22:11 UTC (History)
3 users (show)

(edit)
Clone Of:
(edit)
Last Closed: 2006-02-02 22:23:02 UTC


Attachments (Terms of Use)

Description Stephen Tweedie 2006-01-14 05:21:58 UTC
Description of problem:

Networking is unreliable (often failing entirely) after the xen service is
started if iptables are enabled.

Version-Release number of selected component (if applicable):
FC5test2:
  xen-3.0-0.20060110.fc5.2.i386.rpm
  iptables-1.3.4-2.1.i386.rpm

How reproducible:
100%

Steps to Reproduce:
1. Install FC5test2 with default firewall enabled
2. yum install kernel-xen-hypervisor
3. boot into hypervisor kernel
  
Actual results:
Networking stops working once the xen service starts during boot.  Services that
run prior to that see the network fine.

Expected results:
Networking should really keep working 

Additional info:
This is almost certainly due to Xen's extensive use of bridging.  When xend
starts up, part of the process involves moving the main (usually eth0) IF to a
new name (typically peth0), then setting up a bridge and a new virtual eth0
which inherits the IP settings of the old physical IF.  The way the iptables
rules are set up does not work under this environment.

Booting after "chkconfig iptables off" runs just fine.

Comment 1 Bill Nottingham 2006-02-02 22:23:02 UTC
Fixed in xen-3.0-0.20060130.fc5.3.


Note You need to log in before you can comment on or make changes to this bug.