Hi all, I have an XCP host based on Debian, that contains a number of virtual machines for my internal network. A basic diagram of my network is here:
https://www.gently.org.uk/gently-network.jpeg The 'gateway' vm is the only thing connected directly to the cable modem. eth0 receives its IP address via DHCP. eth1 is a fixed 'internal' (192.168.x.x) address, as are the ip addresses of the 'mailnews' vm, and seperate (physical) NAS server and other machines on the internal network. The gateway contains firewall rules to forward incoming traffic from the internet to appropriate internal machines, allow ssh access, imap etc. Up until recently, all was working perfectly. Last week I accidentally rebooted the xcp host machine (typing reboot into the wrong console window!) and since then I've been experiencing some odd behaviour: 1. From the internet, I can use the port forwarded SSH port connected to the NAS server to perform file transfers from the NAS. 2. From any virtual machine on the XCP host, I can perform ssh transfers from any other machine in my network (including other virtual machines on the same XCP host). 3. If I try to perform the same transfer from the internet to the ssh port on (say) the 'mailnews' virtual machine, I get next to no traffic at all. It appears that a few packets will flow initially, but the connection then stalls. As far as I can tell all the iptables rules for forwarding are set up correctly in the 'gateway' virtual machine (as I can successfully make transfers from the internet to the nas server). However, any ports that are forwarded to virtual machines on the XCP hosts show this slow behaviour. I should point out that it's not just ssh traffic that's affected. If I use (for example) Thunderbird from my work PC to access the imap server on the 'mailnews' virtual machine, I see the same stalling behaviour. Today I've installed the perdition imap proxy on the NAS machine, and changed the forwarding rule on 'gateway' such that incoming imap traffic is sent to the imap port on 'nas', which then makes a connection to the 'mailnews' imap port. This works perfectly, with no speed issues. It seems to me that something is confusing the networking side of the XEN / XCP machine, in that packets that are rewritten by iptables on the 'gateway' machine are not being correctly handled, causing the slow connections. Can anyone offer any suggestions as to what I can try to work out what's going on? As I said, as far as I'm aware no changes were made other than a reboot of the xcp host. I've even tried going back in kernel versions on both 'gateway' vm and xcp host, without any success (that's about the only thing I can think that would have changed as a result of the reboot). Thanks in advance for any advice you can offer. Pointers to documentation or more appropriate places to ask are appreciated if necessary. Cheers Andy -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/slrnlt4t4c.leu.a...@xcp-mailnews.gently.org.uk
