[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-users] Problems with network setup



Hi Sebastian,

On January 3, 2006 05:15 am, Sebastian Pölsterl wrote:
> But I have problems getting the hole network stuff running. The machine
> has two NICs, one for PPPoE and one for LAN.

I ran into similar issues, and with help from searching various posts on the 
list as well as direct communication with a couple of people, I was able to 
some up with a solution....

> Though, I searched the archive and found out that it has something to do
> with bridging and routing, I have no clue how to do that.

I'm more than happy to help you :-)  Here is the solution I implemented, 
though I am sure there are other ones out there too :-)  I am not running 
IPCop, but am running a Linux firewall as a domU (using a Dom0 kernel, 
actually...)  I tried to get IPCop running once, but never really went too 
deep into it, and just decided to run a regular Linux box with Shorewall.  I 
did see a post by someone (not sure who, offhand) who was able to hack IPCop 
to run under Xen.

Anyway, here's the solution I implemented:

Frist, in looking at your /etc/xen/ipcop file, I notice the following:

  pci=["00,00,0a", "00,00,0b"]

Presumably, these are PCI IDs (from 'lspci'??) of your two NICs you wish to 
use?  I would just hide one of them (the one the Internet will plug into) and 
bridge the other one, you you can have physical machines be on the same LAN 
segment as well (via a physical hub/switch).  To hide the NIC from Dom0, you 
need to add a parameter to your  'kernel' line in the /boot/grub/menu.lst 
file.  Let's use, for example, the NIC with PCI ID of '00:00.0a' (though that 
seems incorrect to me as a PCI ID):

  kernel /boot/vmlinuz-2.6.11-xen0 root=/dev/hda1 ro console=tty0 max_loop=16 
physdev_dom0_hide=(00:00.0a)

(Note: The above is of course all on one line, but likely wraps in your mail 
viewer)

You will need to reboot for the above to take effect.

You will also need to change your /etc/xen/ipcop file, but we will take care 
of that in a bit. 

That takes care of the most complicated part - hiding the NIC to be used for 
the Internet connectivity from Dom0.

The next part is to create the necessary bridge for your LAN.  
Open /etc/network/interfaces, and put the following:

--- CUT HERE ---
auto br-lan0
iface br-lan0 inet manual
    bridge_ports eth0
--- CUT HERE ---

Now, in your /etc/xen/ipcop file, you need to make some changes; it should 
look something like this:

--- CUT HERE ---
kernel="/boot/vmlinuz-2.4.30-ipcop"
memory=32
name="ipcop"
disk=['file:/mnt/vserver/images/ipcop.img,sda1,w','file:/mnt/vserver/images/ipcoplog.img,sda2,w']
nics=1
vif=['mac=aa:00:00:00:00:11, bridge=br-lan0']
root="/dev/sda1 ro"
extra="3"
pci=["00,00,0a"]
--- CUT HERE ---

Start your IPCop domain and it should work :-)

HTH.

-Alan





_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.