[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-users] firewall xenU woes (help would be appreciated)

Hi Marcus,

I have the dummy module loaded on dom0 and several dummy interfaces
which show up with ifconfig.  They are configured as follows:

auto dummy0
iface dummy0 inet static
        address 192.168.254.1
        netmask 255.255.255.248
        network 192.168.254.0
        broadcast 192.168.254.7
        gateway 192.168.254.6
        post-up brctl addbr xen-br0 || true
        post-up brctl addif xen-br0 dummy0 || true
        post-up brctl delif xen-br0 dummy0 || true

Additional bridges configured in same manner.

Without intervention dom0 boots with 4 dummy interfaces
(dummy0,dummy1,etc.) and xen-br0.  This is apparent from ifconfig.
The additional bridges, however, do not load w/o intervention.  I have
to use the brctl command as per the above /etc/network/interfaces.

In /etc/xen/scripts/network I have the bridges mapped to the dummy
devices as so:

bridge=${bridge:-xen-br0}
netdev=${netdev:-dummy0}
bridge=${bridge:-xen-br1}
netdev=${netdev:-dummy1}
...

It is worth noting that the routing table shows something like the
following (having only brought up xen-br0 and xen-br1):

192.168.254.16 0.0.0.0       255.255.255.248 dummy2
192.168.254.24 0.0.0.0       255.255.255.248 dummy3
192.168.254.0  0.0.0.0       255.255.255.248 xen-br0
192.168.254.8  0.0.0.0       255.255.255.248 xen-br1
0.0.0.0        192.168.254.6 0.0.0.0         xen-br0

Does this look sound?

Also note that /proc/net/dev only shows network activity for dummy0 and
xen-br0 -- none for xen-br1 even though I have pinged the associated
address and attempt to have domU1 use xen-br1 (vif = 'backend=fw,
brige=xen-br1' ].

What else do you need from me to help troubleshoot?  

Adam    

On Mon, 2005-08-29 at 02:24 -0400, Marcus Brown wrote:
> Hi Adam,
> 
> Perhaps you could try loading the dummy modules in dom0 instead?
> Then attach your dom0 bridges to the dummy interfaces by replacing
> the netdev argument for "eth0" in /etc/xen/scripts/network with "dummy",
> and create auto scripts for the dummy interfaces that create bridges.
> 
> Sorry to be so brief ... just caught me before going to bed.
>     (Trying to work on a quote :) )
> If you get stuck perhaps you could provide more detail?
> 
> Regards,
> 
> Marcus.
> 
> 
> Adam Tworkowski wrote:
> 
> >Hi,
> >
> >Could someone please help me out with networking my firewall on xenU
> >configuration.  I have combed the list archives for posts on similar
> >configurations and getting bridging working properly but I am stuck and
> >generally confused.  I am trying to achieve the scenario below (ascii
> >borrowed from previous thread).
> >
> >               +------------------------+
> >               | physical machine, dom0 |
> >               |   +---------------+    |
> >-- Internet -------+ Firewall domU +--------- Intranet
> >               |   +------+--------+    |
> >               |          |             |
> >               |          |   DMZ       |
> >               |    +-----+------+      |
> >               |    |            |      |
> >               | +--+--+      +--+--+   |
> >               | |domU1|      |domU2|   |
> >               | +-----+      +-----+   |
> >               +------------------------+
> >
> >So far:
> >
> >- physical ethernet device (will be two later) hidden from dom0 (no issue) 
> >- domU (fw) using ethernet device -- has access to internet on eth0 (no 
> >issue)
> >
> >- domU1 and domU2 can only see domU when using bridge=xen-br0 although it 
> >appears that only on of the two can be active as if both are pinging domU 
> >there is much
> >packet.  Using vif = ['mac=xx.xx..., bridge=xen-br0'"].
> >
> >Should domU1 and domU2 should be using xen-br0 at all or should this only be 
> >for domU and the former be using xen-br1 and xen-br2 respectively.
> >
> >- I have attempted to have domU1 use vif = ['backend=fw'] without success
> >
> >- I have also attempted to created xen-br1,xen-br2 and have the non-fw domUs 
> >use these: vif = ['bridge=xen-br1']
> >
> >- Having searched the list, I have attempted to create dummy0, dummy1,etc. 
> >on the domU as suggested.  
> >
> >
> >I am hoping that someone can lay out what they have done to get this 
> >working.  My suspicion is that my bridging is not working correctly on dom0.
> >
> >Question:  what devices should be showing from 'ifconfig' on respective 
> >nodes (dom0, domU, domU1...)?  
> >
> >xen0 shows multiple vifs, xen-br0-4.
> >xenU shows eth0 - should it show vifs?
> >xenU1,2 shows eth0.  Should it show more? vifs?  
> > 
> >Maybe someone can share the output of their ifconfigs to compare.
> >
> >All my instance are running on Debian Sarge.
> >
> >Thanks in advance!
> >
> >
> >
> >
> >
> >
> >
> >
> >_______________________________________________
> >Xen-users mailing list
> >Xen-users@xxxxxxxxxxxxxxxxxxx
> >http://lists.xensource.com/xen-users
> >  
> >
> 
> 
> 



_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.