|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-users] How to setup Xen for 3 bridges environment?
Dear Hong, I am sorry I cannot help. I even did not understand why you are using a so different setup. I believe that it is not the way Xen was designed to run, and I would not do that way, but it is your system and I do not know your reasons. Hope you have better luck with the List. On 1/27/06, Hong @ gmail <whtsang22@xxxxxxxxx> wrote: > Hi Fernando Maior, > > Thanks for your information. I have a quick look on the Wiki document, but > find that it is a bit different from my current setup. > In my setup, I create 3 bridges in dom0 and dom0 also act as the firewall. > Following is the summary of my configuration: > > 1) I by-pass the Xen bridge. > - comment out the '(network-script network-bridge)' and '(vif-script > vif-bridge)' in 'xend-config.sxp' > - comment out the 'handle_iptable' in vif-bridge. > > 2) Create my own 3 bridges as follows: > # > # xbrwan0 (Wan bridge) > # > ip link set eth0 down > ip addr flush eth0 > brctl addbr xbrwan0 > brctl stp xbrwan0 off > brctl setfd xbrwan0 0 > ip addr add 192.168.21.11/24 dev xbrwan0 brd + (the xbrwan0 bridge ip) > ip addr add 192.168.21.15/24 dev xbrwan0 brd + (NAT ip to 192.168.22.15) > ip addr add 192.168.21.16/24 dev xbrwan0 brd + (NAT ip to 192.168.22.16) > sleep 2 > brctl addif xbrwan0 eth0 > ifconfig eth0 0.0.0.0 up > ip link set xbrwan0 up > # > # xbrdmz0 (Dmz bridge) > # > brctl addbr xbrdmz0 > brctl stp xbrdmz0 off > brctl setfd xbrdmz0 0 > ifconfig xbrdmz0 192.168.22.11 netmask 255.255.255.0 up (the Dmz bridge > ip) > # > # xbrlan0 (Lan bridge) > # > brctl addbr xbrlan0 > brctl stp xbrlan0 off > brctl setfd xbrlan0 0 > ifconfig xbrlan0 192.168.23.11 netmask 255.255.255.0 up (the Lan bridge > ip) > > 3) Start two domU with ip 15 and 16 > xm create domU01 (ip 192.168.21.15) > xm create domU02 (ip 192.168.21.16) > > 4) Create the NAT tables. > # > iptables -X > iptables -F > iptables -X -t nat > iptables -F -t nat > iptables -t nat -A PREROUTING -i xbrwan0 -d 192.168.21.15 -j DNAT --to > 192.168.22.15 > iptables -t nat -A POSTROUTING -o xbrwan0 -s 192.168.22.15 -j SNAT --to > 192.168.21.15 > iptables -t nat -A PREROUTING -i xbrwan0 -d 192.168.21.16 -j DNAT --to > 192.168.22.16 > iptables -t nat -A POSTROUTING -o xbrwan0 -s 192.168.22.16 -j SNAT --to > 192.168.21.16 > sysctl -w net.ipv4.ip_forward=1 > > In above setup, I ssh from Pc in Wan to domU01 and domU02. > If I didn't create the Wan bridge, instead using the eth0, I can ssh from PC > in Wan to domU01 and domU02. > > ========================================================================= > Following is the ifconfig and brctl show result. > [root@jssrv01 conf]# ifconfig > eth0 Link encap:Ethernet HWaddr 00:0D:0B:A7:2F:88 > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > RX packets:4710 errors:0 dropped:0 overruns:0 frame:0 > TX packets:4760 errors:0 dropped:0 overruns:0 carrier:0 > collisions:0 txqueuelen:1000 > RX bytes:717399 (700.5 KiB) TX bytes:469146 (458.1 KiB) > Interrupt:5 Base address:0xe800 > > lo Link encap:Local Loopback > inet addr:127.0.0.1 Mask:255.0.0.0 > UP LOOPBACK RUNNING MTU:16436 Metric:1 > RX packets:0 errors:0 dropped:0 overruns:0 frame:0 > TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 > collisions:0 txqueuelen:0 > RX bytes:0 (0.0 b) TX bytes:0 (0.0 b) > > vif1.0 Link encap:Ethernet HWaddr FE:FF:FF:FF:FF:FF > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > RX packets:33 errors:0 dropped:0 overruns:0 frame:0 > TX packets:451 errors:0 dropped:22 overruns:0 carrier:0 > collisions:0 txqueuelen:0 > RX bytes:2418 (2.3 KiB) TX bytes:27310 (26.6 KiB) > > vif2.0 Link encap:Ethernet HWaddr FE:FF:FF:FF:FF:FF > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > RX packets:53 errors:0 dropped:0 overruns:0 frame:0 > TX packets:434 errors:0 dropped:27 overruns:0 carrier:0 > collisions:0 txqueuelen:0 > RX bytes:3740 (3.6 KiB) TX bytes:25916 (25.3 KiB) > > xbrdmz0 Link encap:Ethernet HWaddr FE:FF:FF:FF:FF:FF > inet addr:192.168.22.11 Bcast:192.168.22.255 Mask:255.255.255.0 > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > RX packets:86 errors:0 dropped:0 overruns:0 frame:0 > TX packets:32 errors:0 dropped:0 overruns:0 carrier:0 > collisions:0 txqueuelen:0 > RX bytes:4954 (4.8 KiB) TX bytes:2208 (2.1 KiB) > > xbrlan0 Link encap:Ethernet HWaddr 00:00:00:00:00:00 > inet addr:192.168.23.11 Bcast:192.168.23.255 Mask:255.255.255.0 > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > RX packets:0 errors:0 dropped:0 overruns:0 frame:0 > TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 > collisions:0 txqueuelen:0 > RX bytes:0 (0.0 b) TX bytes:0 (0.0 b) > > xbrwan0 Link encap:Ethernet HWaddr 00:0D:0B:A7:2F:88 > inet addr:192.168.21.11 Bcast:192.168.21.255 Mask:255.255.255.0 > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > RX packets:4709 errors:0 dropped:0 overruns:0 frame:0 > TX packets:4049 errors:0 dropped:0 overruns:0 carrier:0 > collisions:0 txqueuelen:0 > RX bytes:646686 (631.5 KiB) TX bytes:416226 (406.4 KiB) > > and brctl show result: > [root@jssrv01 conf]# brctl show > bridge name bridge id STP enabled interfaces > xbrdmz0 8000.feffffffffff no vif1.0 > > vif2.0 > xbrlan0 8000.feffffffffff no vif3.0 > xbrwan0 8000.000d0ba72f88 no eth0 > > Thanks > > > ----- Original Message ----- > From: "Fernando Maior" <fernando.souto.maior@xxxxxxxxx> > To: "Hong @ gmail" <whtsang22@xxxxxxxxx>; "Xen-users" > <xen-users@xxxxxxxxxxxxxxxxxxx> > Sent: Friday, January 27, 2006 7:28 PM > Subject: Re: [Xen-users] How to setup Xen for 3 bridges environment? > > > Hong, > > Did you have a look at Xen wiki documentation? You may > compare http://wiki.xensource.com/xenwiki/XenNetworkingSuse > to your experience and try something like that. > > On 1/26/06, Hong @ gmail <whtsang22@xxxxxxxxx> wrote: > > > > Hello, > > > > I am new to Xen and is trying a confugration that simulates a firewall > > environment. > > My target environment is to setup three bridges: one for Wan (xen-br0), > > one > > for DMZ (xbrdmz) and one for Lan (xbrlan) > > The three subnet are as follows: > > Wan: 192.168.21.0/24 > > Dmz: 192.168.22.0/24 > > Lan: 192.168.23.0/24 > > > > I use xen3.0 and FC4 for both dom0 and domU. > > My machine currently has one Nic, eth0, and I ensalve it into the Wan > > bridge > > xen-br0. > > > > Dom0 has the IP address 192.168.21.11. I have two domU in DMZ with IP > > 192.168.22.15, 192.168.22.16). > > I use NAT 192.168.21.15 -> 192.168.22.15 and 192.168.21.16 -> > > 192.168.22.16 > > so that the PC from Wan can access the PC. > > Most of the things work fine. I can ping dom0 and the two domU and vice > > versa. I can ssh from dom0 and domU and vice versa and I can ssh from PC > > on > > Wan to dom0. > > The only problem is that I cannot ssh from PC on Wan to domU. > > > > I have tried another setup. If I don't use the Wan bridge ( xen-br0 ) and > > just use the eth0 and the Dmz bridge (xbrdmz), everything works perfectly. > > (I can ssh from PC on Wan to domU also). > > > > However, I still want to have the Wan bridge cause I can add some domU in > > Wan subnet (so that I can say, add some IDS domU to Wan bridge). > > I have searched the mailing list and find a similar case is: > > http://lists.xensource.com/archives/html/xen-users/2005-06/msg00669.html > > > > I have tried the NOTRACK option but still can help in my case. > > > > Just wonder anyone has setup similar environment? > > Thanks alot. > > > > > > _______________________________________________ > > Xen-users mailing list > > Xen-users@xxxxxxxxxxxxxxxxxxx > > http://lists.xensource.com/xen-users > > > > > > > -- > Bye, > Fernando Maior > LPIC/1(31908) > LinuxCounter(391325) > > -- Bye, Fernando Maior LPIC/1(31908) LinuxCounter(391325) _______________________________________________ Xen-users mailing list Xen-users@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-users
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |