[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-users] advanced bridging...



Hi Yevgeniy,

What do you think about the following scheme? I think is quite simple, I would prefer another scheme a little bit more complex to isolate more. Anyway you can put FW rules at dom0.

If it this scheme is quite good for you I can post some config files.

Regards,

Marc

Yevgeniy Goldberg wrote:
Hi Marc,

1    Yes, my DomU's will be in my private network (10.XX.XX.XX)
2 I'm not worried about the FW at this time, just need to be able to connect to all my DomU's over 10. network
3    Her is what I need:

Dom0 has 2 physical NIC;s - eth0 and eth1
my default xenbr0 is bound to eth0, which is on the public network (Internet)
The eth1 of the Dom0 is connected to my 10. private network
DomU should be on the 10. provate network as well as any other unprivileged domains.

Dom0 :      xenbr0->eth0->public Internet
Dom0: eth1->10.0.1.4 private network (this way I could connect to Dom0 from my other computers on the 10.0 network)
DomU (1)           eth0(or what-ever is being assigned)->10.0.1.5
DomU(2)        eth0(or what-ever is being assigned)->10.0.1.6

Please, let me know if more information can be provided.
Thank you for helping me!

-Eugene
On May 3, 2007, at 11:37 AM, Marc Patino Gómez wrote:

Hi Yevgeniy,

I 'm sure to understand this scenario, some questions:

1- your domU's will be in your private network (10.XX.XX.XX) ?
2- You want your xen box to be a FW of your private net?
3- Can you post some kind of scheme of your future network ;)

Regards,

Yevgeniy Goldberg wrote:
Hi Marc,

I saw your recommendation and would like to ask your help in binding my DomU network interface to the physical eth1 I have 2 physical interfaces on my host: eth0 (connected to Internet) and eth1 (connected to my home 10. network) I need to be able to have all my DomU to be connected to the eth1 (of whatever its virtual representation may be)
Any ideas?

Best regards,

-Eugene
On May 3, 2007, at 10:22 AM, Marc Patino Gómez wrote:

Hi Ronan,

do you want to do something like this (see the image) ?

After reading a lot of stuff I made a wrapper of network-bridge, that I call network-bridge-wrapper, here is it:

#!/bin/sh
/etc/xen/scripts/network-bridge start bridge=xenbr0 vifnum=0
/usr/sbin/brctl addbr xenbr1
/sbin/ifconfig xenbr1 up

I changed the line in xend-config.sxp that calls, network-bridge to call network-bridge-wrapper ...

If you want I can post more info about this config (my domu config files, iptables, ebtables....). I'm using Debian, so... I hope scripts in CentOS are so close to Debian.

Regards,

Marc


Ronan wrote:
My situation:
Running centos5 on a machine directly connected to internet.
I have a paravirtualised centos5 core machine in domu1 with only 1 eth configured eth0 dy dhcp.

What I want:
to configure the dom0 bridge to simply route all traffic at ethernet level to dom1(firewall/router) and have dom1 then nat if out to my other domu's and machines on my private 192.168 network using dhcpd configured on eth1 on the machine.

My difficulties:
setting up the dom0 bridging to do what i want ie xenbr0 to eth0 on domu1 and then xenbr1 to eth1 on domu1

I then intend to remove / lock dom0 down and only use the domu's as dhcp configured servers.

There are a couple of URLs i've looked at
http://lists.xensource.com/archives/html/xen-users/2006-02/msg00602.html

etc but there aren't any specific configuration information.
Can i get some pointers as to where to look, or even example configs?

thanks

Ronan

(ps if this is the 3rd like message of mine today i apologise, I can tell if the other two messages i send actually did...)


_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users

<xen.png>
_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users


_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users



_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users

PNG image

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.