Hi
> It seems 1and1 drops my network whenever the switch sees a
> MAC address other then my eth0's MAC address. So bridge
> network is not possible.
Wrong.
First, it should work perfectly as long as only dom0 is up.
(dom0 should get the MAC of your peth0.)
Then you can use ebtables to rewrite packets on peth0,
so that 1and1 only sees ONE MAC.
I have done this for 3 IPs:
Bridge chain: PREROUTING, entries: 6, policy: ACCEPT
-p IPv4 -d $mac -i peth0 --ip-dst $2 -j dnat --to-dst 0:16:3e:0:16:1
-p ARP -d $mac -i peth0 --arp-ip-dst $2 -j dnat --to-dst 0:16:3e:0:16:1
-p IPv4 -d $mac -i peth0 --ip-dst $3 -j dnat --to-dst 0:16:3e:0:16:2
-p ARP -d $mac -i peth0 --arp-ip-dst $3 -j dnat --to-dst 0:16:3e:0:16:2
-p IPv4 -d $mac -i peth0 --ip-dst $4 -j dnat --to-dst 0:16:3e:0:16:3
-p ARP -d $mac -i peth0 --arp-ip-dst $4 -j dnat --to-dst 0:16:3e:0:16:3
Bridge chain: OUTPUT, entries: 0, policy: ACCEPT
Bridge chain: POSTROUTING, entries: 6, policy: ACCEPT
-p IPv4 -s 0:16:3e:0:16:1 -o peth0 --ip-src $2 -j snat --to-src $mac
-p ARP -s 0:16:3e:0:16:1 -o peth0 --arp-ip-src $2 -j snat --to-src $mac
-p IPv4 -s 0:16:3e:0:16:2 -o peth0 --ip-src $3 -j snat --to-src $mac
-p ARP -s 0:16:3e:0:16:2 -o peth0 --arp-ip-src $3 -j snat --to-src $mac
-p IPv4 -s 0:16:3e:0:16:3 -o peth0 --ip-src $4 -j snat --to-src $mac
-p ARP -s 0:16:3e:0:16:3 -o peth0 --arp-ip-src $4 -j snat --to-src $mac
And I boot my domUs with
ip = $2, mac = 00:16:3e:00:16:01
ip = $3, mac = 00:16:3e:00:16:02
ip = $4, mac = 00:16:3e:00:16:03
works perfectly.
> my network is a bit strange. My IP is 82.165.27.12 for dom0.
> but the gateway is 10.255.255.1. the netmask is 255.255.255.255.
> This works for dom0.
this is really a bit strange, as the system should have no idea in that case
how to reach the gateway.
I have simmilar problems, as I also have IPs in different subnets.
That means, that in my original setup, every traffic between my doms is
going through the providers router. Hence nonsense.
But I am going to solve this another way:
I will give the dom0 and every domU a second IP in the same 10.x.x.x
network. Packets to and from 10.x.x.x will be dropped at peth0.
Then I will add routes manually to route the public ip of any dom over the
private ip of that dom.
The doms can then reach each other over their private AND public ips
directly.
(And I can attach an tap device using openvpn to connect my own computer to
that bridge for administration.)
Regards,
Steffen
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users
|
Home