https://bugzilla.novell.com/show_bug.cgi?id=472107 James Fehlig changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |jfehlig@novell.com, | |lbendixs@novell.com AssignedTo|cgriffin@novell.com |jfehlig@novell.com QAContact|qa@suse.de |jdouglas@novell.com -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

https://bugzilla.novell.com/show_bug.cgi?id=472107 User Emmanuel.Appiah-Kubi@atea.com added comment https://bugzilla.novell.com/show_bug.cgi?id=472107#c2 --- Comment #2 from Emmanuel Appiah-Kubi 2009-02-09 08:20:53 MST --- The dists I been installing XEN on dont usally have a firewall (empty tables in iptables ) but OpenSuse differs. Should these networking scripts be changed for suse? Or Suse provide it's on networking scripts for XEN? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

https://bugzilla.novell.com/show_bug.cgi?id=472107 User jfehlig@novell.com added comment https://bugzilla.novell.com/show_bug.cgi?id=472107#c4 James Fehlig changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |NEEDINFO Info Provider| |lnussel@novell.com --- Comment #4 from James Fehlig 2009-02-11 15:21:19 MST --- With firewall off, I can use the network-nat and vif-nat scripts successfully. It sounds like this works for you (Emmanuel) as well. Re comment #3: Ludwig, during startup of a vm (xen, kvm, qemu, ...) a vif (tap) device is created and hotplug triggers invocation of vif-nat script. When called with 'online vif vif-ipaddr' this script does routing_ip() { echo $(echo $1 | awk -F. '{print $1"."$2"."$3"."$4 + 127}') } router_ip=$(routing_ip "$vif_ip") ip link set "$vif" up arp on ip addr add "$router_ip" dev "$vif" ip route add "$vif_ip" dev "$vif" src "$router_ip" echo 1 >/proc/sys/net/ipv4/conf/${vif}/proxy_arp iptables -A FORWARD -m physdev --physdev-in "$vif" -s "$addr" -j ACCEPT iptables -A FORWARD -m physdev --physdev-in "$vif" -p udp --sport 68 --dport 67 -j ACCEPT How can this be handled when firewall is active? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

https://bugzilla.novell.com/show_bug.cgi?id=472107 User Emmanuel.Appiah-Kubi@atea.com added comment https://bugzilla.novell.com/show_bug.cgi?id=472107#c6 --- Comment #6 from Emmanuel Appiah-Kubi 2009-02-20 01:28:05 MST --- So if I understand this right. There should be (or a request) for a XEN-NAT rule in the Firewall configuration in Yast? You change the script like in step 1 Go into Yast -> Security -> Firewall , add XEN-NAT to allow and then it should work? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.