[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [Xen-users] network-route and vif-route setup help


> It seems 1and1 drops my network whenever the switch sees a 
> MAC address other then my eth0's MAC address. So bridge 
> network is not possible.


First, it should work perfectly as long as only dom0 is up.
(dom0 should get the MAC of your peth0.)

Then you can use ebtables to rewrite packets on peth0,
so that 1and1 only sees ONE MAC.
I have done this for 3 IPs:

Bridge chain: PREROUTING, entries: 6, policy: ACCEPT
-p IPv4 -d $mac -i peth0 --ip-dst $2 -j dnat --to-dst 0:16:3e:0:16:1
-p ARP -d $mac -i peth0 --arp-ip-dst $2 -j dnat --to-dst 0:16:3e:0:16:1
-p IPv4 -d $mac -i peth0 --ip-dst $3 -j dnat --to-dst 0:16:3e:0:16:2
-p ARP -d $mac -i peth0 --arp-ip-dst $3 -j dnat --to-dst 0:16:3e:0:16:2
-p IPv4 -d $mac -i peth0 --ip-dst $4 -j dnat --to-dst 0:16:3e:0:16:3
-p ARP -d $mac -i peth0 --arp-ip-dst $4 -j dnat --to-dst 0:16:3e:0:16:3

Bridge chain: OUTPUT, entries: 0, policy: ACCEPT

Bridge chain: POSTROUTING, entries: 6, policy: ACCEPT
-p IPv4 -s 0:16:3e:0:16:1 -o peth0 --ip-src $2 -j snat --to-src $mac
-p ARP -s 0:16:3e:0:16:1 -o peth0 --arp-ip-src $2 -j snat --to-src $mac
-p IPv4 -s 0:16:3e:0:16:2 -o peth0 --ip-src $3 -j snat --to-src $mac
-p ARP -s 0:16:3e:0:16:2 -o peth0 --arp-ip-src $3 -j snat --to-src $mac
-p IPv4 -s 0:16:3e:0:16:3 -o peth0 --ip-src $4 -j snat --to-src $mac
-p ARP -s 0:16:3e:0:16:3 -o peth0 --arp-ip-src $4 -j snat --to-src $mac

And I boot my domUs with

ip = $2, mac = 00:16:3e:00:16:01
ip = $3, mac = 00:16:3e:00:16:02
ip = $4, mac = 00:16:3e:00:16:03

works perfectly.

> my network is a bit strange. My IP is for dom0. 
> but the gateway is the netmask is
> This works for dom0.

this is really a bit strange, as the system should have no idea in that case
how to reach the gateway.

I have simmilar problems, as I also have IPs in different subnets.
That means, that in my original setup, every traffic between my doms is
going through the providers router. Hence nonsense.
But I am going to solve this another way:

I will give the dom0 and every domU a second IP in the same 10.x.x.x
network. Packets to and from 10.x.x.x will be dropped at peth0.
Then I will add routes manually to route the public ip of any dom over the
private ip of that dom.
The doms can then reach each other over their private AND public ips
(And I can attach an tap device using openvpn to connect my own computer to
that bridge for administration.)


Attachment: smime.p7s
Description: S/MIME cryptographic signature

Xen-users mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.