Re: [Xen-users] Network Interface Problems for DomU Firewall

[Peter MÃller <peter.mueller@xxxxxxxxxxx>]

Hi Thomas,

i had similar problems with a hidden NIC in my Asterisk DomU. When i inserted MAC, IP or a Bridge in the vif line, i sometimes got 2 interfaces in the DomU and from time to time the DomU crashed without any usable error in my logfiles.
I solved (it's not really a solution, more a workaround) the problem, with an empty vif line (vif = [ '']), and renamed the interface which had the name eth1 too with

Âip link set eth1 name eth0

This worked in my case, you should try this, maybe works for you too.

Greetings Peter

Thomas Jensen schrieb:

I am attempting to setup a firewall in a DomU. The firewall program I eventually want to run is Shorewall.

Â

Both my Dom0 and DomU are Debian Lenny 64 bit systems. The Dom0 has four physical network interfaces installed. Currently, one of the NICs is hidden using the pciback.hide command in the /boot/grub/menu.lst file. Similarly, the hidden NIC is passed to the DomU using the pci = ['device:address.0'] line in the DomU configuration file.

Â

When I modify the DomU configuration file only to include the pci directive without an additional vif line, the networking works as expected in the DomU. All of the networking settings are done in the /etc/network/interfaces file within the DomU.

Â

I want to run a three interface firewall using Shorewall. The physical NIC (eth0) will be used on the external side. I want to add two virtual interfaces to the DomU for use as a DMZ interface (eth2)Âand private LAN interface (eth1).

Â

Therefore, I returned to the DomU configuration file and added a vif line containing only the MAC address and Dom0 bridge. No IP address is listed within the vif line in the DomU configuration file.

Â

When starting the DomU, networking no longer works as expected. Examining the results of ifconfig, I see that the DomU has assigned the NICs differently than I would expect. Examining the MAC addresses, the passthrough NIC is now assigned as eth1 rather than eth0.

Â

In a typical installation, I would edit /etc/udev/rules.d/70-persistent-net.rules to manually assign the netdev names based on MAC address. However, this file doesn't exit in my newly created Debian Lenny DomU.

Â

Can I simply create the file? Does this file not exist due to some underlying Xen issue? How should I rectify this problem?

Â

Additional sanitized Info:

server# xm info
hostÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ : server.example.com
releaseÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ : 2.6.26-1-xen-amd64
versionÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ : #1 SMP Fri Mar 13 21:39:38 UTC 2009
machineÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ : x86_64
nr_cpusÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ : 4
nr_nodesÂÂÂÂÂÂÂÂÂÂÂÂÂÂ : 1
cores_per_socketÂÂÂÂÂÂ : 1
threads_per_coreÂÂÂÂÂÂ : 2
cpu_mhzÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ : 2992
hw_capsÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ : bfebfbff:20100800:00000000:00000180:0000641d
total_memoryÂÂÂÂÂÂÂÂÂÂ : 4030
free_memoryÂÂÂÂÂÂÂÂÂÂÂ : 0
node_to_cpuÂÂÂÂÂÂÂÂÂÂÂ : node0:0-3
xen_majorÂÂÂÂÂÂÂÂÂÂÂÂÂ : 3
xen_minorÂÂÂÂÂÂÂÂÂÂÂÂÂ : 2
xen_extraÂÂÂÂÂÂÂÂÂÂÂÂÂ : -1
xen_capsÂÂÂÂÂÂÂÂÂÂÂÂÂÂ : xen-3.0-x86_64 xen-3.0-x86_32p
xen_schedulerÂÂÂÂÂÂÂÂÂ : credit
xen_pagesizeÂÂÂÂÂÂÂÂÂÂ : 4096
platform_paramsÂÂÂÂÂÂÂ : virt_start=0xffff800000000000
xen_changesetÂÂÂÂÂÂÂÂÂ : unavailable
cc_compilerÂÂÂÂÂÂÂÂÂÂÂ : gcc version 4.3.1 (Debian 4.3.1-2)
cc_compile_byÂÂÂÂÂÂÂÂÂ : waldi
cc_compile_domainÂÂÂÂÂ : debian.org
cc_compile_dateÂÂÂÂÂÂÂ : Sat Jun 28 09:32:18 UTC 2008
xend_config_formatÂÂÂÂ : 4

Â

Â

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users

Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users