[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [Xen-users] network-route and vif-route setup help

Hi

> It seems 1and1 drops my network whenever the switch sees a 
> MAC address other then my eth0's MAC address. So bridge 
> network is not possible.

Wrong.

First, it should work perfectly as long as only dom0 is up.
(dom0 should get the MAC of your peth0.)

Then you can use ebtables to rewrite packets on peth0,
so that 1and1 only sees ONE MAC.
I have done this for 3 IPs:

Bridge chain: PREROUTING, entries: 6, policy: ACCEPT
-p IPv4 -d $mac -i peth0 --ip-dst $2 -j dnat --to-dst 0:16:3e:0:16:1
-p ARP -d $mac -i peth0 --arp-ip-dst $2 -j dnat --to-dst 0:16:3e:0:16:1
-p IPv4 -d $mac -i peth0 --ip-dst $3 -j dnat --to-dst 0:16:3e:0:16:2
-p ARP -d $mac -i peth0 --arp-ip-dst $3 -j dnat --to-dst 0:16:3e:0:16:2
-p IPv4 -d $mac -i peth0 --ip-dst $4 -j dnat --to-dst 0:16:3e:0:16:3
-p ARP -d $mac -i peth0 --arp-ip-dst $4 -j dnat --to-dst 0:16:3e:0:16:3

Bridge chain: OUTPUT, entries: 0, policy: ACCEPT

Bridge chain: POSTROUTING, entries: 6, policy: ACCEPT
-p IPv4 -s 0:16:3e:0:16:1 -o peth0 --ip-src $2 -j snat --to-src $mac
-p ARP -s 0:16:3e:0:16:1 -o peth0 --arp-ip-src $2 -j snat --to-src $mac
-p IPv4 -s 0:16:3e:0:16:2 -o peth0 --ip-src $3 -j snat --to-src $mac
-p ARP -s 0:16:3e:0:16:2 -o peth0 --arp-ip-src $3 -j snat --to-src $mac
-p IPv4 -s 0:16:3e:0:16:3 -o peth0 --ip-src $4 -j snat --to-src $mac
-p ARP -s 0:16:3e:0:16:3 -o peth0 --arp-ip-src $4 -j snat --to-src $mac

And I boot my domUs with

ip = $2, mac = 00:16:3e:00:16:01
ip = $3, mac = 00:16:3e:00:16:02
ip = $4, mac = 00:16:3e:00:16:03

works perfectly.

> my network is a bit strange. My IP is 82.165.27.12 for dom0. 
> but the gateway is 10.255.255.1. the netmask is 255.255.255.255.
> This works for dom0.

this is really a bit strange, as the system should have no idea in that case
how to reach the gateway.

I have simmilar problems, as I also have IPs in different subnets.
That means, that in my original setup, every traffic between my doms is
going through the providers router. Hence nonsense.
But I am going to solve this another way:

I will give the dom0 and every domU a second IP in the same 10.x.x.x
network. Packets to and from 10.x.x.x will be dropped at peth0.
Then I will add routes manually to route the public ip of any dom over the
private ip of that dom.
The doms can then reach each other over their private AND public ips
directly.
(And I can attach an tap device using openvpn to connect my own computer to
that bridge for administration.)

Regards,
  Steffen

Attachment: smime.p7s
Description: S/MIME cryptographic signature

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.