This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
Home Products Support Community News


Re: [Xen-devel] network access disappears in master on /etc/init.d/xend

To: Luke Kenneth Casson Leighton <lkcl@xxxxxxxx>
Subject: Re: [Xen-devel] network access disappears in master on /etc/init.d/xend start
From: Ian Pratt <Ian.Pratt@xxxxxxxxxxxx>
Date: Sun, 21 Nov 2004 16:05:55 +0000
Cc: Christian Limpach <Christian.Limpach@xxxxxxxxxxxx>, xen-devel@xxxxxxxxxxxx, Ian.Pratt@xxxxxxxxxxxx
Delivery-date: Sun, 21 Nov 2004 16:14:21 +0000
Envelope-to: xen+James.Bulpin@xxxxxxxxxxxx
In-reply-to: Your message of "Sun, 21 Nov 2004 15:19:04 GMT." <20041121151904.GI29126@xxxxxxxx>
List-archive: <http://sourceforge.net/mailarchive/forum.php?forum=xen-devel>
List-help: <mailto:xen-devel-request@lists.sourceforge.net?subject=help>
List-id: List for Xen developers <xen-devel.lists.sourceforge.net>
List-post: <mailto:xen-devel@lists.sourceforge.net>
List-subscribe: <https://lists.sourceforge.net/lists/listinfo/xen-devel>, <mailto:xen-devel-request@lists.sourceforge.net?subject=subscribe>
List-unsubscribe: <https://lists.sourceforge.net/lists/listinfo/xen-devel>, <mailto:xen-devel-request@lists.sourceforge.net?subject=unsubscribe>
Sender: xen-devel-admin@xxxxxxxxxxxxxxxxxxxxx
> On Sun, Nov 21, 2004 at 01:39:09PM +0000, Christian Limpach wrote:
> > On Sun, Nov 21, 2004 at 11:59:47AM +0000, Luke Kenneth Casson Leighton 
> > wrote:
> > > ifconfig shows that eth0 has a network address, that xen-br0 does not,
> > > that lo does.
> > 
> > Have you installed the iproute package, which provides the ip command
> > which we use to transfer the network addresses from eth0 to xen-br0?
>  okay, now yes i have - and the same issue is present:
>  bring up /etc/init.d/xend and networking disappears from the
>  xen "master" - xenU.

Have you ipv6 addresses on your eth0 interface before running
'xend start' ? The default /etc/xen/scripts/network script stuffs
this case up.

You can always edit the above script to suit your needs.

Editing a 'bash -x' in the first line shoul dgive you some useful
debug output. 
>  the scenario that i really want is for the xen network segment
>  to be almost completely isolated - traffic out but no traffic in.
>  i.e. for the guests to be on their own local network and with NAT or
>  some other form of routing allowing them to make outgoing connections.
>  does anyone have any suggestions as to how this could be achieved,
>  without disrupting the xen master's ability to send and receive network
>  traffic?

iptables and ebtables in dom0 will both work fine and can be used
to install arbitrary NAT or firewall rules to control when
traffic guests can send/receive. You may decide its easier to
route rather than bridge traffic. 

Having an iptables package which supports --physdev makes the
filter rules simpler.


This SF.Net email is sponsored by: InterSystems CACHE
FREE OODBMS DOWNLOAD - A multidimensional database that combines
robust object and relational technologies, making it a perfect match
for Java, C++,COM, XML, ODBC and JDBC. www.intersystems.com/match8
Xen-devel mailing list