Thanks for your help everyone. I think I'm close now
(hopefully). Here's what I've got: In dom0, I
execute the following to set up the bridge xenbr1 with
address 192.168.1.1
#brctl addbr xenbr1
#brctl stp xenbr1 off
#brctl setfd xenbr1 0
#ifconfig xenbr1 192.168.1.1 netmask 255.255.255.0 up
Then, in my domU's config file, I add:
vif = [ 'bridge=xenbr1']
So that eth0 in domU will bridge to my xenbr1. I also
modify /etc/network/interfaces in my domU filesystem
(it's a debian guest) with:
auto eth0
iface eth0 inet static
address 192.168.1.5
netmask 255.255.255.0
To assign the address 192.168.1.5 to the domU guest.
Finally, I try to set up the nat by doing (in dom0):
#iptables --flush
#iptables --delete-chain
#iptables --table nat --delete-chain
#iptables --table nat --append POSTROUTING /
--out-interface eth0 -j MASQUERADE
#iptables --append FORWARD --in-interface xenbr1 -j /
ACCEPT
#echo 1 > /proc/sys/net/ipv4/ip_forward
#route add -net 192.168.1.0 netmask 255.255.255.0 /
dev xenbr1
When I boot up domU, I am able to ping 192.168.1.1
from domU, and likewise ping 192.168.1.5 from dom0.
However, I can't get to the outside world from domU,
suggesting that my nat'ing (or something else) isn't
quite right... Any suggestions? Thanks again for all
the help.
~Dave
--- Ernst Bachmann <e.bachmann@xxxxxxxx> wrote:
> On Monday 18 July 2005 03:25, David Richardson
> wrote:
> > Hey guys,
> > I'm still having problems getting this to work
> > correctly. Maybe I should be more clear in my
> setup.
> > I only have 1 nic, eth0. My dom0 gets its IP
> address
> > from a dhcp server on eth0. However, the dhcp
> server
> > always gives me the same IP address based on my
> MAC
> > address. As such, my domU guests are unable to
> use
> > this dhcp server to obtain IPs.
>
> Simply assign a different MAC address to your domU.
> You can run with standard bridging, don't need alias
> devices and whatnot.
> For the DHCP Server it looks like a second computer
> with different MAC is
> behind an ethernet bridge, so it'll assign a
> different IP to it.
>
> > Therefore, what I
> > want to do (I think...) is to create a vpn of domU
> > guests that bridge to a virtual interface eth0:1
> in
> > dom0.
>
> Bridging only accepts real interfaces AFAIK. After
> all, virtual eth0:1 style
> interfaces are just alias IP adresses, and the
> bridge works on ethernet level
> and doesn't care about IP at all.
>
> > Outside traffic can then be routed between the
> > real eth0 and the virtual eth0:1 to reach the domU
> > guests. Then, I can run a dhcp server in dom0 for
> > eth0:1 to assign made-up addresses to the domU
> guests
> > when they boot.
>
> with VPN you mean NAT?
>
> > I've never done anything like this before, so any
> help
> > would be great. My first attempts have started
> out by
> > doing the following:
> >
> > Create the virtual ethernet interface:
> > #ifconfig eth0:1 192.168.1.1 netmask 255.255.255.0
> >
> > Create a bridge in dom0, attach it to eth0:1:
> > #brctl addbr xen-br1
> > #brctl stp xen-br1 off
> > #brctl setfd xen-br1 0
> > #ip link set xen-br1 up
> > #brctl addif xen-br1 eth0:1
>
> More like:
> # no eth0:1 iface!
>
> brctl addbr xen-br1
> brctl stp xen-br1 off
> brctl setfd xen-br1 0
> # no brctl addif!
> ifconfig xen-br1 192.168.1.1 netmask 255.255.255.0
> up
> # connect domUs to xen-br1
> # set "192.168.1.1" as default route inside domU
>
> #setup NAT in dom0:
> iptables -t nat -I POSTROUTING -i xen-br1 -j SNAT
> --to <insert IP of eth0
> here>
> ...
> (the nat rules will need more work, maybe your
> distribution comes with premade
> scripts there)
>
> /Ernst
>
> _______________________________________________
> Xen-users mailing list
> Xen-users@xxxxxxxxxxxxxxxxxxx
> http://lists.xensource.com/xen-users
>
_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users
|
Home