Rebuild Xen IPtables Without Restarting https://www.softaculous.com/board/index.php?tid=4979 <![CDATA[Rebuild Xen IPtables Without Restarting]]> https://www.softaculous.com/board/index.php?tid=4979&tpg=1#p17872
I guess after the latest update when you rebuild a VM with multiple IPs you end up with iptables like this:

Code
Chain FORWARD (policy ACCEPT)
target    prot opt source              destination
ACCEPT    all  --  anywhere            anywhere            PHYSDEV match --physdev-in eth0 ! --physdev-out eth0
ACCEPT    all  --  anywhere            anywhere            PHYSDEV match ! --physdev-in eth0 --physdev-out eth0
ACCEPT    all  --  cloudone.bitronictech.net  anywhere            PHYSDEV match --physdev-in vif1101.0
ACCEPT    all  --  cloudone.bitronictech.net  anywhere            PHYSDEV match --physdev-in vif1101.0
ACCEPT    all  --  cloudone.bitronictech.net  anywhere            PHYSDEV match --physdev-in vif1101.0
ACCEPT    all  --  cloudone.bitronictech.net  anywhere            PHYSDEV match --physdev-in vif1101.0
ACCEPT    all  --  cloudone.bitronictech.net  anywhere            PHYSDEV match --physdev-in vif1101.0
ACCEPT    all  --  cloudone.bitronictech.net  anywhere            PHYSDEV match --physdev-in vif1101.0
ACCEPT    all  --  cloudone.bitronictech.net  anywhere            PHYSDEV match --physdev-in vif1101.0
ACCEPT    all  --  cloudone.bitronictech.net  anywhere            PHYSDEV match --physdev-in vif1101.0
ACCEPT    all  --  powerhub.bitronictech.net  anywhere            PHYSDEV match --physdev-in vif1101.0
ACCEPT    all  --  cloudone.bitronictech.net  anywhere            PHYSDEV match --physdev-in vif1101.0
ACCEPT    all  --  cloudone.bitronictech.net  anywhere            PHYSDEV match --physdev-in vif1101.0
ACCEPT    all  --  cloudone.bitronictech.net  anywhere            PHYSDEV match --physdev-in vif1101.0
ACCEPT    all  --  cloudone.bitronictech.net  anywhere            PHYSDEV match --physdev-in vif1101.0
ACCEPT    all  --  cloudone.bitronictech.net  anywhere            PHYSDEV match --physdev-in vif1101.0
ACCEPT    all  --  cloudone.bitronictech.net  anywhere            PHYSDEV match --physdev-in vif1101.0
ACCEPT    all  --  cloudone.bitronictech.net  anywhere            PHYSDEV match --physdev-in vif1101.0
ACCEPT    all  --  cloudone.bitronictech.net  anywhere            PHYSDEV match --physdev-in vif1101.0
ACCEPT    all  --  cloudone.bitronictech.net  anywhere            PHYSDEV match --physdev-in vif1101.0
ACCEPT    all  --  cloudone.bitronictech.net  anywhere            PHYSDEV match --physdev-in vif1101.0
ACCEPT    all  --  powerhub.bitronictech.net  anywhere            PHYSDEV match --physdev-in vif1101.0
ACCEPT    udp  --  anywhere            anywhere            PHYSDEV match --physdev-in vif1101.0 udp spt:bootpc dpt:bootps


Obviously a problem. It is getting the hostname instead of the IP, which is screwing the hell out of all the packet routing.

I'll be opening a ticket and referencing this forum. This needs to be patched immediately.
]]> Sat, 25 Jan 2014 07:43:44 GMT https://www.softaculous.com/board/index.php?tid=4979&tpg=1#p17872 <![CDATA[]]> https://www.softaculous.com/board/index.php?tid=4979&tpg=0#p17871
Perhaps a variant of this:

Code
#!/bin/bash

xm list | perl -alne 'next if not $F[1] > 0 ; print "@F[0,1]"' | while read VM ID
do
  xm network-list $ID | perl -alne 'next if not $F[0] =~ m{^\d+$} ; print $F[0]' | while read IFID
  do
    VIF="vif$ID.$IFID"
    echo iptables -A FORWARD -m physdev --physdev-in $VIF -s $VM -j ACCEPT
    echo iptables -A FORWARD -m physdev --physdev-in $VIF -p udp --sport bootpc --dport bootps -j ACCEPT
  done
done
]]> Sat, 25 Jan 2014 07:36:51 GMT https://www.softaculous.com/board/index.php?tid=4979&tpg=0#p17871