Hi Sebastian,
On January 3, 2006 05:15 am, Sebastian Pölsterl wrote:
> But I have problems getting the hole network stuff running. The machine
> has two NICs, one for PPPoE and one for LAN.
I ran into similar issues, and with help from searching various posts on the
list as well as direct communication with a couple of people, I was able to
some up with a solution....
> Though, I searched the archive and found out that it has something to do
> with bridging and routing, I have no clue how to do that.
I'm more than happy to help you :-) Here is the solution I implemented,
though I am sure there are other ones out there too :-) I am not running
IPCop, but am running a Linux firewall as a domU (using a Dom0 kernel,
actually...) I tried to get IPCop running once, but never really went too
deep into it, and just decided to run a regular Linux box with Shorewall. I
did see a post by someone (not sure who, offhand) who was able to hack IPCop
to run under Xen.
Anyway, here's the solution I implemented:
Frist, in looking at your /etc/xen/ipcop file, I notice the following:
pci=["00,00,0a", "00,00,0b"]
Presumably, these are PCI IDs (from 'lspci'??) of your two NICs you wish to
use? I would just hide one of them (the one the Internet will plug into) and
bridge the other one, you you can have physical machines be on the same LAN
segment as well (via a physical hub/switch). To hide the NIC from Dom0, you
need to add a parameter to your 'kernel' line in the /boot/grub/menu.lst
file. Let's use, for example, the NIC with PCI ID of '00:00.0a' (though that
seems incorrect to me as a PCI ID):
kernel /boot/vmlinuz-2.6.11-xen0 root=/dev/hda1 ro console=tty0 max_loop=16
physdev_dom0_hide=(00:00.0a)
(Note: The above is of course all on one line, but likely wraps in your mail
viewer)
You will need to reboot for the above to take effect.
You will also need to change your /etc/xen/ipcop file, but we will take care
of that in a bit.
That takes care of the most complicated part - hiding the NIC to be used for
the Internet connectivity from Dom0.
The next part is to create the necessary bridge for your LAN.
Open /etc/network/interfaces, and put the following:
--- CUT HERE ---
auto br-lan0
iface br-lan0 inet manual
bridge_ports eth0
--- CUT HERE ---
Now, in your /etc/xen/ipcop file, you need to make some changes; it should
look something like this:
--- CUT HERE ---
kernel="/boot/vmlinuz-2.4.30-ipcop"
memory=32
name="ipcop"
disk=['file:/mnt/vserver/images/ipcop.img,sda1,w','file:/mnt/vserver/images/ipcoplog.img,sda2,w']
nics=1
vif=['mac=aa:00:00:00:00:11, bridge=br-lan0']
root="/dev/sda1 ro"
extra="3"
pci=["00,00,0a"]
--- CUT HERE ---
Start your IPCop domain and it should work :-)
HTH.
-Alan
_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users
|
Home