[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-users] Re: masquerading and apt-get problem
Sorry I wasn't paying attention to this thread, but am about to try it myself and think I might know what is the problem if you haven't fixed it yet... try replacing eth0 with 'xenintbr', shouldn't need forwarding enabled though? Is this a situation where you have eth0 configured non-bridged, and forwarding to a dummy bridge which in turn is feeding the guest? If so .. is there a special need or reason for that particular setup? Maybe he doesn't want to assign "real" IPs on the LAN? Unfortunately, in some places, there could be political or practical restrictions that would make it inconvenient to get additional real IPs. Anyway, I am about to try a similar set up myself for testing. I think you might be running into a problem with NAT, proxy settings, and/or HTTP pipelining in apt, I have had similar problems with the behavior triggering IPS on SonicWALL and getting blocked. Try this:On Sun, 2006-10-22 at 16:15 +0200, Andreas Heinecke wrote: >/ Hi,/ >/ / >/ I've a problem with the network access in a domU. I installed xen 3.0.2/ >/ on a dedicated root-server and configured a unprivileged domain. To make/ >/ the network work on this domU I created a bridge "xenintbr" with the IP:/ >/ 192.168.1.1./ >/ Enabled ip_forwarding and told iptables to masquerade with the command:/ >/ iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE/ >/ / >/ Now I#m able to ping around the world in my domU (google.de etc.). This/ >/ tells me, that it works. But if I when enter the command:/ >/ apt-get update/ >/ it tells me that it's waiting for headers and nothing more./ >/ It seems that I can ping but I'm not able to do other things./ >/ / >/ Any suggestions?/ >/ I ran put of ideas, please help me./ >/ / >/ kind regards,/ >/ / >/ Andreas/ Comment out proxy line if it exists in /etc/apt/apt.conf // Acquire::http::Proxy "false"; Create a file /etc/apt/apt.conf.d/80http containing: // /etc/apt/apt.conf.d/80http Acquire::http::Pipeline-Depth "0";Alternatively, set up an http proxy on the LAN that can get to the apt repositories and configure the domU's to use the proxy--if you have multiple domU's using the same OS version, this will have the side benefit of cutting down on WAN traffic to download updates. apt-proxy looks nice since it stores cached files in a format where you can also access the real files on the filesystem. However, I couldn't get apt-proxy working, so I ended up using squid, but there is no easy direct way to access files that are cached by squid. http://apt-proxy.sourceforge.net/ Jonathan _______________________________________________ Xen-users mailing list Xen-users@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-users
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |