Re: [Xen-users] Help creating virtual networks of domU guests

[David Richardson <daverich04@xxxxxxxxx>]

Thanks for your help everyone.  I think I'm close now
(hopefully).  Here's what I've got:  In dom0, I
execute the following to set up the bridge xenbr1 with
address 192.168.1.1  

#brctl addbr xenbr1
#brctl stp xenbr1 off
#brctl setfd xenbr1 0
#ifconfig xenbr1 192.168.1.1 netmask 255.255.255.0 up

Then, in my domU's config file, I add:
vif = [ 'bridge=xenbr1']

So that eth0 in domU will bridge to my xenbr1.  I also
modify /etc/network/interfaces in my domU filesystem
(it's a debian guest) with:

auto eth0
iface eth0 inet static
        address 192.168.1.5
        netmask 255.255.255.0

To assign the address 192.168.1.5 to the domU guest. 
Finally, I try to set up the nat by doing (in dom0):

#iptables --flush
#iptables --delete-chain
#iptables --table nat --delete-chain
#iptables --table nat --append POSTROUTING /
--out-interface eth0 -j MASQUERADE
#iptables --append FORWARD --in-interface xenbr1 -j /
ACCEPT
#echo 1 > /proc/sys/net/ipv4/ip_forward

#route add  -net 192.168.1.0 netmask 255.255.255.0 /
dev xenbr1

When I boot up domU, I am able to ping 192.168.1.1
from domU, and likewise ping 192.168.1.5 from dom0. 
However, I can't get to the outside world from domU,
suggesting that my nat'ing (or something else) isn't
quite right...  Any suggestions?  Thanks again for all
the help.

~Dave




--- Ernst Bachmann <e.bachmann@xxxxxxxx> wrote:

> On Monday 18 July 2005 03:25, David Richardson
> wrote:
> > Hey guys,
> > I'm still having problems getting this to work
> > correctly.  Maybe I should be more clear in my
> setup.
> > I only have 1 nic, eth0.  My dom0 gets its IP
> address
> > from a dhcp server on eth0.  However, the dhcp
> server
> > always gives me the same IP address based on my
> MAC
> > address.  As such, my domU guests are unable to
> use
> > this dhcp server to obtain IPs. 
> 
> Simply assign a different MAC address to your domU.
> You can run with standard bridging, don't need alias
> devices and whatnot.
> For the DHCP Server it looks like a second computer
> with different MAC is 
> behind an ethernet bridge, so it'll assign a
> different IP to it.
> 
> > Therefore, what I 
> > want to do (I think...) is to create a vpn of domU
> > guests that bridge to a virtual interface eth0:1
> in
> > dom0. 
> 
> Bridging only accepts real interfaces AFAIK. After
> all, virtual eth0:1 style 
> interfaces are just alias IP adresses, and the
> bridge works on ethernet level 
> and doesn't care about IP at all.
> 
> > Outside traffic can then be routed between the 
> > real eth0 and the virtual eth0:1 to reach the domU
> > guests.  Then, I can run a dhcp server in dom0 for
> > eth0:1 to assign made-up addresses to the domU
> guests
> > when they boot.
> 
> with VPN you mean NAT?
> 
> > I've never done anything like this before, so any
> help
> > would be great.  My first attempts have started
> out by
> > doing the following:
> >
> > Create the virtual ethernet interface:
> > #ifconfig eth0:1 192.168.1.1 netmask 255.255.255.0
> >
> > Create a bridge in dom0, attach it to eth0:1:
> > #brctl addbr xen-br1
> > #brctl stp xen-br1 off
> > #brctl setfd xen-br1 0
> > #ip link set xen-br1 up
> > #brctl addif xen-br1 eth0:1
> 
> More like:
> # no eth0:1 iface!
> 
> brctl addbr xen-br1
> brctl stp xen-br1 off
> brctl setfd xen-br1 0
> # no brctl addif!
> ifconfig xen-br1 192.168.1.1 netmask 255.255.255.0
> up
> # connect  domUs to xen-br1
> # set "192.168.1.1" as default route inside domU
> 
> #setup NAT in dom0:
> iptables -t nat -I POSTROUTING -i xen-br1 -j SNAT
> --to <insert IP of eth0 
> here>
> ...
> (the nat rules will need more work, maybe your
> distribution comes with premade 
> scripts there)
> 
> /Ernst
> 
> _______________________________________________
> Xen-users mailing list
> Xen-users@xxxxxxxxxxxxxxxxxxx
> http://lists.xensource.com/xen-users
> 


_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users