Short
description of my problem:
I'm running Xen 3.0 on Debian testing. I created two additional bridge
interfaces and a XenU domain as router which I connected to all
bridges. On two of the bridges I want to run a private network. For the
router to do its work I copied and modified a setup from a router I am
already running on a real computer. Even though I can ping and
traceroute from one virtual network to another (even into the
internet), it is not possible to get any other traffic from one network
to another. So if I use ssh or http, the connection always fails. But
this is not due to firewall rules. Does anyone have a clue why it does
not work?
Longer description:
My Xen0 has two ethernet interfaces. One (eth0) is connected to my
physical LAN, the other one (eth1) is connected to a DSL-modem. The
peth0 interface of Xen0 is attached to xen-br0. I attached eth1 to a
bridge called br-ppp. I created another bridge called br-dmz. And I
connected eth1 to br-ppp.
For the bridge setup I wrote the following lines into
/etc/network/interfaces
auto br-dmz
iface br-dmz inet static
pre-up brctl addbr br-dmz
post-down brctl delbr br-dmz
address 0.0.0.0
netmask 255.255.255.255
bridge_fd 0
bridge_hello 0
bridge_stp off
auto br-ppp
iface br-ppp inet static
pre-up brctl addbr br-ppp
post-down brctl delbr br-ppp
address 0.0.0.0
netmask 255.255.255.255
bridge_fd 0
bridge_hello 0
bridge_stp off
The XenU router config looks like this:
kernel = "/boot/xen-linux-2.6.12.6-router-xenu"
memory = 128
name = "xenu-router"
vif = [ 'bridge=br-ppp', 'mac=00:16:3E:00:13:01, bridge=xen-br0',
'mac=00:16:3E:00:12:01, bridge=br-dmz' ]
disk = [ '
file:/home/xen/domains/xenu-router/disk.img,sda1,w','
file:/home/xen/domains/xenu-router/swap.img,sda2,w']
root = "/dev/sda1 ro"
So the XenU-router's eth0 is connected to br-ppp, eth1 is connected to
xen-br0 and eth2 is connected to br-dmz.
I started the router and at first everything seemed to work fine. The
pppoe connection could be established and I was able to access the
internet from the router. As well could I access the internet from my
notebook which is connected to my LAN. Everything seemed to be as
normal.
I brought up another XenU domain which I connected to br-dmz. It was
assigned an IP-address by the router's dhcp server. The strange thing
was that I could establish a connection to the router, but not to the
internet, not to the LAN and not to Xen0. As well was it not possible
to establish a connection in the other direction (LAN -> dmz,
internet-> dmz). But it was possible in both directions to ping
machines and to use traceroute which told the correct routes.
I made another try and connected the XenU to xen-br0. This time it was
possible to reach the XenU from the LAN via ssh. But it was still
impossible to connect to the internet from the XenU.
Finally I found out that Xen0 could not connect to the internet as
well. After a reboot I saw that vif1.0 was connected to br-dmz even
though there was no XenU running. vif0.0 was connected to xen-br0 as
usual. I have no clue why Xen connects that interface vif1.0 to br-dmz.
The interface should be reserved for the first XenU that is started.
But the first XenU to be started is assigned vif2.0.
To make sure that this was not the cause of the problem, I created
another bridge and let the router and the other XenU connect to this
bridge instead of br-dmz. But the problems remained the same.
Does anyone know why such a situation can occurr in this context where
it is possible to ping and traceroute everywhere but any "real"
connection cannot be established?
Home