Allow local traffic to access NAT with arno-iptables-firewall

Posted agosto 14th, 2012 in Blog, Operations, Virtualization by guzman

Arno iptables firewall script which comes with Debian Squeeze it’s wonderful, very customizable and already has support for many different scenarios, even some complex one which usually only way is writting yourself the extra rules.

But… there’s always a but. If you use NAT, your machines in the internal network won’t be able to access your public NAT services, will get connection refused.

Problem is, to be able to use it, arno would need to masquerade your traffic with a public IP and send your traffic back to internal machine.

Below is a patch to latest squeeze arno version (1.9.2.k-4) which will do exactly that

Continue Reading »

OVH Servers affected by known Citrix bug CTX127395

Posted abril 9th, 2012 in Blog, Virtualization by Alfredo

If you have some XenServer 5.6 host that randomly (and suddenly) becomes completely unresponsive with no apparent reason, then it might be affected by an odd bug that has been documented by Citrix.

Is my server affected?

Potentially, any server based on the Nehalem (Xeon 75xx, 55xx, 35xx, 34xx) and Westmere (Xeon 56xx, 36xx) architectures can be affected.

How to know if my XenServer 5.6 is affected?

  1. Open a console to your XenServer host (SSH client, the console tab in XenCenter, or the local console).
  2. Make sure that your server is running on any of the affected architectures. To find out, run:
  3. If it is,  with administrative privileges run:

If the value of total C-States is bigger than 2, then this server is affected by the bug and if necessary, they must be disabled from the BIOS.

How to fix?
Continue Reading »