[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [Xen-users] Xen 3.2 Setup advice pretty please

  • To: "'xen-users'" <xen-users@xxxxxxxxxxxxxxxxxxx>
  • From: "Dustin Henning" <Dustin.Henning@xxxxxxxxxxx>
  • Date: Tue, 21 Oct 2008 14:50:18 -0400
  • Delivery-date: Tue, 21 Oct 2008 11:51:03 -0700
  • List-id: Xen user discussion <xen-users.lists.xensource.com>
  • Thread-index: AckzrTzZT0QqMJZBSfOG33m/8KeCQQAAD98w
-----Original Message-----
From: edoardo@xxxxxxxxxxxxx [mailto:edoardo@xxxxxxxxxxxxx] On Behalf Of 
lists@xxxxxxxxxxxxx
Sent: Tuesday, October 21, 2008 14:46
To: Dustin Henning
Subject: Re: [Xen-users] Xen 3.2 Setup advice pretty please

----- "Dustin Henning" <Dustin.Henning@xxxxxxxxxxx> wrote:

> If you are using bridging and the connection to eth0 already supports
> all of these addresses, you should simply assign one address to each
> domU directly.  There is an ip= switch for the vif line in PV domUs,
> but I believe it is not for bridging.  That said, I think you want to
> remove the aliases and the IPs f9om dom0 and manually configure the
> eth0 in each domU just as you would a normal machine (with an IP,
> netmask, gateway, etc).  If the IPs can be used from dom0 and bridging
> is working properly, this should allow them to be used exclusively
> from their respective domUs.
>       Dustin 
> 
> -----Original Message-----
> From: xen-users-bounces@xxxxxxxxxxxxxxxxxxx
> [mailto:xen-users-bounces@xxxxxxxxxxxxxxxxxxx] On Behalf Of Lists
> Sent: Tuesday, October 21, 2008 12:24
> To: xen-users
> Subject: [Xen-users] Xen 3.2 Setup advice pretty please
> 
> Hi all,
> 
> I have been trying various failing solutions so I turn to the gurus
> for guidance in times of trouble.
> 
> I have a Xen 3.2-1 server running on a Debian etch
> (2.6.18-6-xen-vserver-686) in a remote data centre.
> I also have 5 public IPs in different ranges and only one NIC.
> 
> What I want to do is simple.  Have the applications running on my
> DomUs available to the internet.
> 
> Dom0 - Web proxy for routing to the correct Dom(2/3).
> Dom1 - Mail
> Dom2 - Web
> Dom3 - Web
> 
> I'd like it as secure as possible.
> 
> I tried using IP aliasing on my NIC + bridge but that didn't work.
> I tried nat but I can't seem to get the firewall to work properly.
> 
> 
> In short:
> 
>                        |-> Dom0
> WAN <--->   eth0   <---|-> Dom1
>         91.111.100.50  |-> Dom2
>         100.10.121.30  |-> Dom3
>         98.66.100.125
>         96.130.120.14
>         95.85.140.121
> 
> 
> If anyone has any advice at all, I'd greatly appreciate it.  I'm at a
> loss.
> 
> Thanks
> --
> eco
> 
> _______________________________________________
> Xen-users mailing list
> Xen-users@xxxxxxxxxxxxxxxxxxx
> http://lists.xensource.com/xen-users
> 
> 
> 
> _______________________________________________
> Xen-users mailing list
> Xen-users@xxxxxxxxxxxxxxxxxxx
> http://lists.xensource.com/xen-users


Hi Dustin,

I gave it a go and locked myself out of the box.  For some reason it disabled 
my nic.

   [
Oct 21 19:01:51 Dom0 kernel: ADDRCONF(NETDEV_UP): peth0: link is not ready
Oct 21 19:01:54 Dom0 kernel: e1000: peth0: e1000_watchdog: NIC Link is Up 1000 
Mbps Full Duplex
Oct 21 19:01:54 Dom0 kernel: ADDRCONF(NETDEV_CHANGE): peth0: link becomes ready
Oct 21 19:01:54 Dom0 kernel: device peth0 entered promiscuous mode
Oct 21 19:01:54 Dom0 kernel: audit(1224608514.938:2): dev=peth0 prom=256 
old_prom=0 auid=4294967295
Oct 21 19:01:54 Dom0 kernel: eth0: port 1(peth0) entering learning state
Oct 21 19:01:54 Dom0 kernel: eth0: topology change detected, propagating
Oct 21 19:01:54 Dom0 kernel: eth0: port 1(peth0) entering forwarding state
Oct 21 19:02:49 Dom0 kernel: device vif4.0 entered promiscuous mode
Oct 21 19:02:49 Dom0 kernel: audit(1224608569.399:3): dev=vif4.0 prom=256 
old_prom=0 auid=4294967295
Oct 21 19:02:49 Dom0 kernel: ADDRCONF(NETDEV_UP): vif4.0: link is not ready
Oct 21 19:02:50 Dom0 kernel: ADDRCONF(NETDEV_CHANGE): vif4.0: link becomes ready
Oct 21 19:02:50 Dom0 kernel: eth0: port 2(vif4.0) entering learning state
Oct 21 19:02:50 Dom0 kernel: eth0: topology change detected, propagating
Oct 21 19:02:50 Dom0 kernel: eth0: port 2(vif4.0) entering forwarding state
Oct 21 19:02:53 Dom0 kernel: e1000: peth0: e1000_watchdog: NIC Link is Down
Oct 21 19:02:53 Dom0 kernel: eth0: port 1(peth0) entering disabled state
Oct 21 19:12:43 Dom0 kernel: input: AT Translated Set 2 keyboard as 
/class/input/input1
Oct 21 19:15:09 Dom0 kernel: e1000: peth0: e1000_watchdog: NIC Link is Up 1000 
Mbps Full Duplex
Oct 21 19:15:09 Dom0 kernel: eth0: port 1(peth0) entering learning state
Oct 21 19:15:09 Dom0 kernel: eth0: topology change detected, propagating
Oct 21 19:15:09 Dom0 kernel: eth0: port 1(peth0) entering forwarding state
Oct 21 19:29:36 Dom0 kernel: e1000: peth0: e1000_watchdog: NIC Link is Down
Oct 21 19:29:36 Dom0 kernel: eth0: port 1(peth0) entering disabled state
Oct 21 19:56:09 Dom0 -- MARK --
Oct 21 20:09:11 Dom0 syslogd 1.4.1#18: restart.
Oct 21 20:09:12 Dom0 kernel: klogd 1.4.1#18, log source = /proc/kmsg started.
Oct 21 20:09:12 Dom0 kernel: Linux version 2.6.18-6-xen-vserver-686 (Debian 
2.6.18.dfsg.1-22etch2) (dannf@xxxxxxxxxx) (gcc version 4.1.2 20061115 
(prerelease) (Debian 4.1.1-21)) #1 SMP Mon Aug 18 13:34:50 UTC 2008
   ]

Here are my config files

# grep -v ^# xend-config.sxp|grep ..
(network-script network-nat)
(vif-script     vif-nat)
(dom0-min-mem 196)
(dom0-cpus 0)
(vncpasswd '')


/etc/network/interfaces
auto lo
iface lo inet loopback

auto eth0
iface eth0 inet static
        address 95.128.150.5
        netmask 255.255.255.0
        network 95.128.150.0
        broadcast 95.128.150.255
        gateway 95.128.150.254


test01.precognet.com.cfg
kernel      = '/boot/vmlinuz-2.6.18-6-xen-vserver-686'
ramdisk     = '/boot/initrd.img-2.6.18-6-xen-vserver-686'
memory      = '64'

root        = '/dev/sda2 ro'
disk        = [
                  'phy:/dev/vm/test01.precognet.com-swap,sda1,w',
                  'phy:/dev/vm/test01.precognet.com-disk,sda2,w',
              ]

name        = 'test01'
vif         = [ 'mac=00:16:3E:36:A5:FE' ]

on_poweroff = 'destroy'
on_reboot   = 'restart'
on_crash    = 'restart'

------------

Any thoughts on what I might have done wrong.  I've been at it for so long I'm 
just muddled up and unable to see the obvious.  Time for a good nights rest.

Thanks
--
Eco


I'm not sure, but my first thought would be that this:

# grep -v ^# xend-config.sxp|grep ..
(network-script network-nat)
(vif-script     vif-nat)

Should be changed.  Presumably to this:
# grep -v ^# xend-config.sxp|grep ..
(network-script network-bridge)
(vif-script     vif-bridge)

I'm not sure on that, though, as I can't look at any live Xen machines right 
now and I don't even use the network script, I configure bridging permanently 
(manually) instead of having the scripts run with Xen startup.

Dustin



_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.