[CentOS-virt] IP aliases of CentOS Guests not accessible running 2.6.18-164.el5xen

Mon Sep 28 09:29:59 UTC 2009
Devraj Mukherjee <devraj at gmail.com>

Hi all,

First of all I am posting this on two lists for a reason, because the
issue being reported by me could be because of a change delivered by a
Kernel update or due to Xen.

I have recently managed to update all Xen Guest domains running CentOS
5.3 to the latest bunch of updates + Kernel. My Xen host also runs the
same CentOS 5.3 updated to all recent packages.

The Guest images in concern had IP aliases assigned to them.
Everything worked until I ran the updates and restarted.

Since I have restarted the aliased IP addresses are no longer
accessible from the outside world, they can still be accessed from all
machines (guest virtual machines) in the subnet (ping, services like
http).

I have removed all firewall rules to test if that would have effected
it without any change (any the fact that I can access them within the
subnet proves its not the firewall).

Is there anything special I have to do to enable aliasing? May be this
is a Xen issue? I am suspecting the Xen host, but not sure how to go
about proving this.

Any information would be greatly appreciated.

My Guests do run fail2ban (delivered via atrpms) and iptables
(allowing only HTTP, HTTPS and SSH) connections.

PS for obvious reasons I am not posting IP addresses and routes etc
first up, I can make that information available if required.

-- 
"The secret impresses no-one, the trick you use it for is everything"
- Alfred Borden (The Prestiege)