Hi all, In order to create a -more or less- representative test configuration, I tried to copy a real life situation into a xen-set-up: -external firewal (kc3040) -openvpn server (kc3072) -Internal firewall (kc3041) -management gateway (kc3075) -asterisk pabx -mysql server To simulate different networks, I created dummy ethernet devices, and connected bridges to it. All of the four bridges are working OK, except ONE: BR2 and also only from one virtual machine: openvpn/kc3072 If i ping on the vpn-box (vpn is not setup yet) towards internal firewall i see no traffic at all ( 172.16.100.1 => 172.16.100.2 ) Even if i do an tcpdump on the bridge-device from DOM-0, i dont see anything. On the otherhand, if i do a ping the otherway round (int-fw towards vpn) i see the icmp-request on the bridge device (but no repy, hence the problem) Looked at [internal] firewall, at the bridges, routing, but i'm clue-less…. Tried to move the whole configuration towards a different DOM-0, with the same result, rebuild the vpn-dom-U: still no show All firewall's are down. All boxes are suse: both firewals are open_11.4, mgnt+vpn are sles11sp1 and dom0 is also sles, but tried also with open. Tried the lists at xen, but the only replies were questions what i used to make the drawing ;-) Any suggestion where to look next? Kind regards, Hans Oh, btw config of the vpn-box (kc3072) is as follows: name="kc3072" description="int vpn server" uuid="99ee7c72-493b-e69d-3cfa-7b438fcd2988" memory=1000 maxmem=1000 vcpus=1 on_poweroff="destroy" on_reboot="restart" on_crash="destroy" localtime=0 keymap="en-us" builder="linux" bootloader="/usr/bin/pygrub" bootargs="" extra=" " disk=[ 'phy:/dev/xen-productie/kc3072-boot,xvda,w', 'phy:/dev/xen-productie/kc3072-swap,xvdb,w', 'phy:/dev/xen-productie/kc3072-syst,xvdc,w', 'phy:/dev/xen-productie/kc3072-data,xvdd,w', ] vif=[ 'mac=00:16:3e:30:72:01,bridge=br1', 'mac=00:16:3e:30:72:02,bridge=br2', 'mac=00:16:3e:30:72:03,bridge=br3', ] vfb=['type=vnc,vncunused=1'] kc3072:~ # ifconfig -a eth0 Link encap:Ethernet HWaddr 00:16:3E:30:72:01 inet addr:192.168.100.2 Bcast:192.168.100.255 Mask:255.255.255.0 inet6 addr: fe80::216:3eff:fe30:7201/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:14 errors:0 dropped:0 overruns:0 frame:0 TX packets:19 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:1140 (1.1 Kb) TX bytes:1530 (1.4 Kb) eth1 Link encap:Ethernet HWaddr 00:16:3E:30:72:02 inet addr:172.16.100.1 Bcast:172.16.100.255 Mask:255.255.255.0 inet6 addr: fe80::216:3eff:fe30:7202/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:3 errors:0 dropped:0 overruns:0 frame:0 TX packets:77 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:230 (230.0 b) TX bytes:3518 (3.4 Kb) eth2 Link encap:Ethernet HWaddr 00:16:3E:30:72:03 inet addr:192.168.0.236 Bcast:192.168.0.255 Mask:255.255.255.0 inet6 addr: fe80::216:3eff:fe30:7203/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:53 errors:0 dropped:0 overruns:0 frame:0 TX packets:14 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:2330 (2.2 Kb) TX bytes:872 (872.0 b)
