Hi again! On Friday 18 July 2008 10.06:59 I wrote:

I'm a bit confused.

The confusion has increased.

Bridged networking, no firewall, external host on the same network as the Xen machine.

I can ping between external, domU and dom0 in all directions.

I can ssh between domU and dom0, and I can ssh between dom0 and external, in both directions.

I can't ssh between domU and external at all. Or any other TCP based thing. Connection opens (netstat shows an open connection), so some initial ACK seems to go through, but after that the connection is dead.

Playing around got me to the state where one domU would accept connections, the other wouldn't. In the end, it turns out that I can reversibly cause TCP for any domU to work by loading iptable_nat and break it by unloading that module. It is *not* necessary for any rules to be configured at all in the firewall, the module just has to be present. ????

ping works regardless of packet size, so it isn't an MTU issue. I assume it's not a MAC issue as ping wouldn't work, right? I'm not sure where to start looking.

(Oh, yes: everything is on SLES10)

Up to date as of right now, with 2.6.16.60-0.25-xen kernel on x86_64 on both host and client. Trying with other operating systems should probably be the next step, but I don't know if I can find (paid) time for that. Anyway, perhaps this description motivates somebody with too much time on his hands to try duplicating and searching the problem. cheers -- vbi -- Linus has opinions, I have opinions, everybody else has opinions, and the only consistency here is that most of us are wrong most of the time. -- Andrew Morton, OLS 2004