[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-users] Routing with Xen-Bridge
On 10/15/06 12:11, G.Wendebourg wrote: > Is there any example-configuration, how to set up networking with a > bridge, when my xen-system is located behind a router to the inet? > > I'm now having the router with 192.168.0.1. > > On my Xen 3.0 i have the bridge installed and thus eth0 and xenintbr > running with the added vif's. > > Which configuration might assigned to the netdevices on the xen-system > with the goal to enable the guests to make connections to the internet > and also have a forwarding from outside to specific guests (relying on > the port, thats questioned from outside) ? > > It seems to be a very standard solution, but I didn't find out, how to > realize it, after trying several configurations on my guest-systems and > the Dom-0. > What has been working was the connect between Dom-0 and guest and after > configuring masquerading also connect from guest to the internet. > Also I found, that after altering the network of some guest it was > stopping its work, even if setting to the initial config and rebooting. > Yes, I posted a patch called network-private to the xen-users list a week ago or so http://lists.xensource.com/archives/html/xen-users/2006-09/msg00925.html Note there is one line in the attachment that got wrapped... near the top "mac=${mac:-$(awk 'BEGIN { printf "00:16:3e:%02x:%02x:%02x", int(rand()*127), int(rand()*255), int(rand()*255); }')}" needs to be one line. I am convinced that most of the more complicated xen networking issues can be resolved using network-private. It creates a private network, and vif0 in dom0 is connected to it. In your example, you use xen-private to create a private network between the dom0 and domUs. Then you can set dom0 up as a router same as any other router forgetting about xen completly... use shorewall or do something like iptables -t nat -A PREROUTING -i eth0 -d ipaddr -p tcp --dport whatever -j DNAT --to localaddr iptables -t nat -A POSTROUTING -o eth0 -s localnetwork/24 -j MASQUERADE echo 1 > /proc/sys/net/ipv4/ip_forward and other rules in the FORWARD chain based on how you want to configure security... Also, since you set these rules independent of XEN, and the configuration of the network is the SAME if xen is running or not running, these rules in iptables are not affected so will just timeout (or return "No route to host") if xen is not running. Starting and stopping doesn't change the network architecture. John _______________________________________________ Xen-users mailing list Xen-users@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-users
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |