I've been experimenting with setting up Ubuntu Server 8.04 (Hardy Heron) to run Xen, and had a minor problem with UFW (Uncomplicated Firewall) running in the dom0 blocking network access to a domU running in bridged mode. It seems the fix is just to edit
/etc/defaults/ufw and make this change to enable forwarding:
--- a/default/ufw Thu Oct 23 10:00:33 2008 -0500 +++ b/default/ufw Thu Oct 23 10:34:36 2008 -0500 @@ -16,7 +16,7 @@ DEFAULT_OUTPUT_POLICY="ACCEPT" # set the default forward policy to ACCEPT or DROP. Please note that if you # change this you will most likely want to adjust your rules -DEFAULT_FORWARD_POLICY="DROP" +DEFAULT_FORWARD_POLICY="ACCEPT" # # IPT backend
and then run
ufw disable; ufw enable.
I believe dom0 is now protected, and it'll be up the the domU to protect itself. I can't say I'm entirely comfortable with Linux IPTables, sure wish PF was available as an alternative.