[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Xen-users] Xen host guest bridging transparency issue
I am using multiple
public IP addresses through the bridge. I am using ebtables as my
firewall. xenbr1 is my internal LAN 192.168.1.1. People from
the outside should not be passing anything through my internal
private network. It is used strictly for server to server
communication. I
found my problem in the ARP settings. If I turn off the arp off for
p6p1 and pass a few arp commands via sysctl it does the trick. I am not sure what
combination of commands are optimum but for now it works. Thanks for your input
on this. It is hard to describe a problem let alone diagnose it with
limited information. I wish there was more documentation on how to
work around issues like this. Once I have a better handle on it, I will blog it.
;) Thanks, Mike PS. I am re-sending
this message because I have a bad habit of not doing the reply all
button. > Adam Goryachev
<mailinglists@xxxxxxxxxxxxxxxxxxxxxx> wrote:
>
>> What interface is p6p1 ? Seems to be a strange name for a
network
>> interface, these are normally eth0 or similar by default...
>
> Welcome to the world according to Poettering (yes, he of SystemD
'fame').
> Apparently it's far far too complicated to change Udev rules if an
> interface is changed, instead we have to suffer interface names based
on
> physical location - so some of them can be quite long, and just
moving an
> interface (eg to a different slot or USB socket) will change it's
> identity.
>
> I suspect some people have never worked on servers - where interface
names
> appear in many places (manual network config, firewall, scripts such
as
> link state and/or traffic monitoring, ...
>
>> My guess, the dom0 is doing NAT on the incoming traffic, and
sending it
>> over xenbr1 or something like that...
>
> That would be my guess as well.
>
> One other thing for the OP - use of the network script to configure
the
> bridges is deprecated. Current advice is (and has been for quite
some
> time) to set network-script to "dummy" and configured the
bridges in the
> host OS. Debian, and it's derivatives, has had native support for
bridge
> configuration in /etc/network/interfaces for some time now. You just
need
> a stanza like :
>
> auto ethext
> iface ethext inet static
> bridge_ports pethext
> address a.b.c.d
> netmask 255.255.255.0
> gateway a.b.c.z
> bridge_stp off
> bridge_waitport 0
> bridge_fd 0
>
> (note - I use Udev rules to rename the physical interfaces to
things
> meaningful like "pethext" for the outside interface and so
on)
>
> This stanza will bring up a bridge named ethext, bind the
interface
> pethext to it, and configure the specified address to the bridge. The
last
> three lines disable STP and set the forwarding time to 0 - so there's
no
> delay between adding an interface or bringing up a link and
traffic
> flowing through it.
>
>
> _______________________________________________
> Xen-users mailing list
> Xen-users@xxxxxxxxxxxxx
> http://lists.xen.org/xen-users _______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxx
http://lists.xen.org/xen-users
|
