[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-users] Strange network problem (Etch)

To: xen-users@xxxxxxxxxxxxxxxxxxx
From: Geoff Kirk <geoff.k@xxxxxxxxxxxxxxxxxxx>
Date: Thu, 04 Oct 2007 16:22:00 +0100
Delivery-date: Thu, 04 Oct 2007 08:22:53 -0700
List-id: Xen user discussion <xen-users.lists.xensource.com>

Let me try to explain what i did recently to setup some domU's behind adomU acting as a gateway between 2 bridges to play with shorewall.


Using the scripts here

http://renial.net/weblog/2007/02/27/xen-vlan/

i put them in /etc/xen/scripts and edited/etc/xen/scripts/network-multi-vlan to look like


dir=$(dirname "$0")
"$dir/network-bridge" "$@" vifnum=0
"$dir/network-bridge-vlan" "$@" vlan=2

brctl show then gives
bridge name     bridge id               STP enabled     interfaces
vlanbr2         8000.feffffffffff       no              eth0.2
xenbr0          8000.feffffffffff       no              vif0.0
                                                       peth0

I then setup a domU to act as a gateway between xenbr0 and vlanbr2 indomU config like this

vif = [ 'mac=00:16:3E:00:00:26, bridge=xenbr0,vifname=gateway.0','mac=00:16:3E:00:02:10, bridge=vlanbr2,vifname=gateway.1' ]


and created a couple of other domU's on vlanbr2. To give this.

vlanbr2         8000.feffffffffff       no              eth0.2
                                                       gateway.1
                                                       dom1.0
                                                       dom2.0
xenbr0          8000.feffffffffff       no              vif0.0
                                                       peth0
                                                       gateway.0

At this point i found an issue that anyone on my physical lan could pinganything on vlanbr0 simply by creating a vlan on the same network. Whichi found by removing eth0.2 from vlanbr2 with "brctl delif vlanbr2eth0.2" made them unreachable from anything not on the bridge and nowall traffic going to the vlanbr2 bridge has to be port forwarded throughthe gateway domU. Enabling ip forwarding of course and NAT on the outgoing interface. Don't forget also domU's on the bridge will need toknow the gateway address to get outside eg.


route add default gw 10.0.0.1 dev eth0

regards
Geoff

Jens Seidel wrote:

On Thu, Oct 04, 2007 at 04:18:33PM +0200, Heikki Levanto wrote:

I have not solved this problem yet, but I found out that the vif-nat way
of doing things nicely sidestpes the problem, so suddenly it is not
nearly as pressing.


I had very similar network problems using Xen 3.1 (my dom0 network did
no longer worked). In Xen 3.0.3 my dom0 network worked well but I had
trouble getting an ethernet device in a domU.

Using vif-nat is also my solution ...

Jens

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users



_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users

References:
- [Xen-users] Strange network problem (Etch)
  - From: Heikki Levanto
- Re: [Xen-users] Strange network problem (Etch)
  - From: Heikki Levanto
- Re: [Xen-users] Strange network problem (Etch)
  - From: Jens Seidel

Prev by Date: Re: [Xen-users] Strange network problem (Etch)
Next by Date: Re: [Xen-users] Configuring a local bridge
Previous by thread: Re: [Xen-users] Strange network problem (Etch)
Next by thread: [Xen-users] Configuring a local bridge
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.