[best viewed with fixed-width font]
Hello,
I'am installing my first Xen on a server.
Using online docs, wiki, reading this list... I installed a debian sarge
+ Xen3, and finally have dom0 and one domU (minimal - a dbootstrap) running.
My laboratory has a public 129.175.252.0/21 net (call it N1), and for
domU I use a private 192.168.21.0 net (call it N2). Administrators of N1
have setup routing + gateway, and N1 <=> N2 pinging works in both
directions.
Now, for domU installation and management, I need an Internet access
(dbootstrap is really minimal). As I use private network N2, I'm trying
to setup a second interface eth1 on domU, with corresponding NAT on
dom0, used for external Internet access.
<== domU ==><================ dom0 =======================>
(meodie) (psaume)
eth0--------->vif1.0-----+ peth0
| |
+----psbridge--------------eth0
| |
vif0.0 |
|
|
eth1--------->vif1.1--------------(NAT)---------------+
[ For my understanding, what are peth0 / vif0.0 usage, and what
pseudo-interface is connected to dom0 eth0 ? ]
Now, it seem I have routing problems or Xen understanding problems...
Here are my configuration files/tables and final result:
On dom0 (psaume)
================
psaume:~# cat /etc/xen/xend-config.sxp
------------------------
...
(network-script 'network-bridge bridge=psbridge netdev=eth0')
(vif-script vif-bridge)
...
psaume:~# cat /etc/xen/melodie.cfg
--------------------
name="melodie"
memory=256
kernel="/boot/xen-linux-2.6.12.6-xen-domu"
vif = ['mac=AA:00:00:00:44:01, script=vif-bridge, bridge=psbridge',
'mac=AA:00:00:00:44:02, script=vif-nat']
hostname = 'melodie'
disk=['phy:stockagevg/meloswap,sda1,w',
'phy:stockagevg/melosys,sda2,w',
'phy:stockagevg/melodata,sda3,w']
root="/dev/sda2 ro"
psaume:~# cat /proc/sys/net/ipv4/ip_forward
---------------------------------
1
psaume:~# ifconfig
--------
eth0 Lien encap:Ethernet HWaddr 00:13:D3:32:77:D4
inet adr:129.175.157.73 Bcast:129.175.159.255
Masque:255.255.248.0
adr inet6: fe80::213:d3ff:fe32:77d4/64 Scope:Lien
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:41984 errors:0 dropped:0 overruns:0 frame:0
TX packets:1507 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 lg file transmission:0
RX bytes:3874972 (3.6 MiB) TX bytes:172931 (168.8 KiB)
lo [removed in post]
peth0 Lien encap:Ethernet HWaddr FE:FF:FF:FF:FF:FF
adr inet6: fe80::fcff:ffff:feff:ffff/64 Scope:Lien
UP BROADCAST RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:42209 errors:0 dropped:0 overruns:0 frame:0
TX packets:1567 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 lg file transmission:1000
RX bytes:4418794 (4.2 MiB) TX bytes:188320 (183.9 KiB)
Adresse de base:0x3000 Mémoire:d0120000-d0140000
psbridge Lien encap:Ethernet HWaddr FE:FF:FF:FF:FF:FF
adr inet6: fe80::200:ff:fe00:0/64 Scope:Lien
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:39945 errors:0 dropped:0 overruns:0 frame:0
TX packets:5 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 lg file transmission:0
RX bytes:3133556 (2.9 MiB) TX bytes:378 (378.0 b)
vif0.0 Lien encap:Ethernet HWaddr FE:FF:FF:FF:FF:FF
adr inet6: fe80::fcff:ffff:feff:ffff/64 Scope:Lien
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:1507 errors:0 dropped:0 overruns:0 frame:0
TX packets:41985 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 lg file transmission:0
RX bytes:172931 (168.8 KiB) TX bytes:3875062 (3.6 MiB)
vif1.0 Lien encap:Ethernet HWaddr FE:FF:FF:FF:FF:FF
adr inet6: fe80::fcff:ffff:feff:ffff/64 Scope:Lien
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:54 errors:0 dropped:0 overruns:0 frame:0
TX packets:26330 errors:0 dropped:1701 overruns:0 carrier:0
collisions:0 lg file transmission:0
RX bytes:3646 (3.5 KiB) TX bytes:2397969 (2.2 MiB)
vif1.1 Lien encap:Ethernet HWaddr FE:FF:FF:FF:FF:FF
inet adr:10.0.1.129 Bcast:0.0.0.0 Masque:255.255.255.255
adr inet6: fe80::fcff:ffff:feff:ffff/64 Scope:Lien
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:14 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:5 overruns:0 carrier:0
collisions:0 lg file transmission:0
RX bytes:666 (666.0 b) TX bytes:0 (0.0 b)
[note Xen NAT script has given 10.0.1.129 address to vif1.1]
psaume:~# iptables -L
-----------
Chain INPUT (policy ACCEPT) target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere PHYSDEV match --physdev-in
vif1.0
ACCEPT all -- 10.0.0.0/16 anywhere PHYSDEV match --physdev-in
vif1.1
ACCEPT udp -- anywhere anywhere PHYSDEV match --physdev-in
vif1.1 udp spt:bootpc dpt:bootps
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
[there seem to be rules for vif1.1, is this NAT]
On domU (melodie)
=================
melodie:~# cat /etc/network/interfaces
---------------------------
auto lo
iface lo inet loopback
auto eth0
iface eth0 inet static
address 192.168.21.10
netmask 255.255.255.0
network 192.168.21.0
gateway 192.168.21.254
dns-search limsi.fr
dns-nameservers 129.175.152.136 129.175.152.129
auto eth1
iface eth1 inet static
address 192.168.21.11
netmask 255.255.255.0
network 192.168.21.0
up route add -host 192.168.21.254 eth0
up route add -net 129.175.152.0 netmask 255.255.248.0 eth0
[ the two up routes make N1 accessible from domU ]
melodie:~# ifconfig
--------
eth0 Link encap:Ethernet HWaddr AA:00:00:00:44:01
inet addr:192.168.21.10 Bcast:192.168.21.255
Mask:255.255.255.0
inet6 addr: fe80::a800:ff:fe00:4401/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:29896 errors:0 dropped:0 overruns:0 frame:0
TX packets:58 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:2758293 (2.6 MiB) TX bytes:3774 (3.6 KiB)
eth1 Link encap:Ethernet HWaddr AA:00:00:00:44:02
inet addr:192.168.21.11 Bcast:192.168.21.255
Mask:255.255.255.0
inet6 addr: fe80::a800:ff:fe00:4402/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:18 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 b) TX bytes:794 (794.0 b)
lo [removed for post]
melodie:~# route -n
--------
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.21.254 0.0.0.0 255.255.255.255 UH 0 0 0 eth0
192.168.21.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
192.168.21.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
129.175.152.0 0.0.0.0 255.255.248.0 U 0 0 0 eth0
0.0.0.0 192.168.21.254 0.0.0.0 UG 0 0 0 eth0
[ Now, I setup a route to the default laboratory gateway. ]
melodie:~# route add 129.175.152.252 eth1
[ And make this gateway the default route for unkown ones. ]
melodie:~# route add default gw 129.175.152.252
[ Nice, but still fail (this works under dom0, with same target). ]
melodie:~# apt-get update
Err ftp://debian.ens-cachan.fr stable/main Packages
Could not connect to debian.ens-cachan.fr:21 (138.231.176.11). -
connect (113 No route to host)
What am-I missing (note pinging N1<==>N2 still work) ?
Thanks a lot.
Laurent.
--
Laurent POINTAL
CNRS-LIMSI dépt. CHM, groupes AMI et PS
Courriel: laurent.pointal@xxxxxxxx (prof)
laurent.pointal@xxxxxxxxxxx (perso)
Ouebe: http://www.limsi.fr/Individu/pointal/
Tél. 01 69 85 81 06 (prof)
Fax. 01 69 85 80 88
_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users
|
Home