Xen project Mailing List

I have it working with this setup:

eth0 connected to WAN

eth1 connected to LAN

domU running as router and devices connected to the server on eth1

I am able to NAT, route packets etc on domU for devices connected to eth1 and internet/IP works.

Now I am trying to connect dom0 to domU also as client. I would like dom0 traffic also forwarded domU. Running `brctl show` on dom0 shows this:

bridge name bridge id STP enabled interfaces

xenbr0 8000.xxxxxxxxxxxxx no vif0

eth0

xenbr1 8000.xxxxxxxxxxxxx no vif1

eth1

Since I would like dom0 also another client on domU, I thought creating vlan on dom0 attached to eth1 and gateway as the router on domU would help. Like so:

auto eth1.100

iface eth1.100 inet static

vlan-raw-device eth1

address 10.20.0.15

netmask 255.255.255.0

gateway 10.20.0.1

I also bridge eth1.100 to xenbr1 just like eth1:

auto xenbr1

iface xenbr1 inet manual

bridge_ports eth1 eth1.100

Now when I run `brctl show`, I get eth1.100 just as a another interface bridged to xenbr1:

bridge name bridge id STP enabled interfaces

xenbr0 8000.xxxxxxxxxxxxx no vif0

eth0

xenbr1 8000.xxxxxxxxxxxxx no vif1

eth1

eth1.100

Also running ip route shows eth1.100 as the default interafce for dom0, but when I try to ping 10.20.0.1(router on domU) or try to ping the outside world by pining 8.8.8.8, I just get timeouts and host unreachable.

How do I setup dom0 as a client to domU just as another interface on xenbr1, the bridge, so I can route traffic from domU?

On Sun, Apr 24, 2016 at 5:31 PM, Adam Goryachev <mailinglists@xxxxxxxxxxxxxxxxxxxxxx> wrote:

Hi John,

I think your issue is that you are only allocated a single IP address from your "provider" and this address is being consumed by dom0, therefore, your "router" domU doesn't have any internet access.

So, stop giving the IP address to dom0 by changing your interfaces file for xenbr0 to:
iface xenbr0 inet manual # this won't assign *any* ip address
bridge_ports eth0

Then, in your router domU you can use dhcp to get the internet IP address.
After this, you can configure as normal for a linux router/gateway.
Test in this order:
1) Can the router get to the Internet?
2) Can the "clients" get to the router?
3) Can the "clients" get to the Internet IP?

4) Can the "clients" get to the Internet?

Hope this helps, if not, please provide some more details...

Regards,
Adam

On 25/04/2016 05:31, John Pearson wrote:
Is this correct?

/etc/network/interfaces :

auto lo

iface lo inet loopback

allow-hotplug eth0

iface eth0 inet manual

allow-hotplug eth1

iface eth1 inet manual

auto xenbr0

iface xenbr0 inet dhcp

bridge_ports eth0

auto xenbr1

iface xenbr1 inet manual

bridge_ports eth1

router DomU xen config: ( condensed version )

name = 'router'

kernel = ''/var/lib/xen/images/vmlinuz-xen''

vif = ['vifname = click1,mac=08:00:27:aa:bb:cc, bridge=xenbr0, name="vif0" 'vifname=click2,mac=08:00:27:bb:cc:dd,bridge=xenbr1', name="vif1"]

_on_poweroff_ = 'destroy'

on_reboot = 'restart'

on_crash = 'preserve'

I have the NAT + Routing IPTables running on DomU.

Do I need to up ppp0?

You mention the default route address should be that of eth1 ( xenbr1 ). What is the address of this? I plan on just giving it a static address when setting up the bridge. Is that correct?

I am setting up computers connected to eth1 now but I do plan on running dnsmasq for dhcp.
On Sun, Apr 24, 2016 at 11:27 AM, Gabor Hudiczius <ghudiczius@xxxxxxxxx> wrote:
Hi!

You do not need to set up anything beside your existing bridges on Dom0.

On the router DomU you need to set up masquerading with iptables. I use the following line:
iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -o ppp0 -j MASQUERADE
ppp0 is connected to the internet via the xen1 interface (eth0 in your case) and the rest of the network is connected to xen0 (eth1 in your case) with the ip range of 192.168.0.0/24.

On the rest of your network you need to set the default route to the address of the eth1 interface of your router DomU and add a DNS server to your resolv.conf.
Alternatively you might want to install a DNS and DHCP server on your router (dnsmasq can handle both).

Regards,
Gabor Hudiczius

On 2016-04-24 19:12, John Pearson wrote:
I have a physical Server with two NICs eth0 and eth1.

I am running Xen 4.4.1 with Debian Jesse.

eth0 is bridged to xenbr0 which receives it's IP address, dns etc through an upstream DHCP server on a Gateway.

eth1 is bridged to xenbr1

I am creating a Xen VM (DomU) with two virtual interfaces that are bridged to xenbr0 & xenbr1 respectively.

I want to run a router + NAT configuration on that DomU.

I have several computers connected to eth1 through a physical managed switch.

I want computers connected to eth1 access the internet.

I want other DomU VMs to also use DomU as a router and access the internet.

Gateway <-> eth0 <-> xenbr0 <-> vif0

eth1 <-> xenbr1 <-> vif1 <-> Switch <-> Computers

So far I've created the DomU and IPTables on it so that computers connected to the switch on eth1 are able to ping each other.

I am unable to traverse from the computers connected to the switch on eth1 to the internet.

How do I bridge the traffic from eth1 to eth0?

Do I need to setup forwarding or IPTables on Dom0?

How do I setup DomU as the router and Gateway for other DomU VMs?

Thanks!
_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxx
http://lists.xen.org/xen-users
_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxx
http://lists.xen.org/xen-users
_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxx
http://lists.xen.org/xen-users
_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxx
http://lists.xen.org/xen-users

Re: [Xen-users] Server with 2 NICs. DomU as Router