WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-users

Re: [Xen-users] Network Configuration Needed - NAT plus 2 NICs

To: "Kevin Gill (Newaddress)" <Kevin.gill@xxxxxxxxxxxxx>
Subject: Re: [Xen-users] Network Configuration Needed - NAT plus 2 NICs
From: Yura Pismerov <y.pismerov@xxxxxxxxxxxxx>
Date: Wed, 12 Apr 2006 14:54:11 -0400
Cc: xen-users@xxxxxxxxxxxxxxxxxxxx
Delivery-date: Thu, 13 Apr 2006 04:56:36 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
In-reply-to: <3F1159DEBC51984182FD3D1157B258D5311D96@xxxxxxxxxxxxxxxxxxxxxx>
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
References: <3F1159DEBC51984182FD3D1157B258D5311D96@xxxxxxxxxxxxxxxxxxxxxx>
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: Thunderbird 1.5 (Windows/20051201)
For what it worth....
In similar setup (one NIC on public, the 2nd one on private network
along with domU's) I had better success with routed Xen networking
config (vif-route).
For some reason, neither bridged nor nat setups worked for me.
Here is what I use in xen config file (my internal network is on eth1,
so it requires explicit definition of netdev).

(network-script network-route)
(vif-script     'vif-route netdev=eth1')

Also, if you have internal network segment and you want the domU IPs
visible on it you will need:

echo 1 >/proc/sys/net/ipv4/conf/eth1/proxy_arp


Hope this helps.


Kevin Gill (Newaddress) wrote:
> Hi, 
>
> I need help configuring a second network interface in a NAT
> configuration with Xen 3.0.1.
>
> ** Background
>
> I have set up a server using Xen 3.0.1. I am using Amd64 bit version of
> Ubuntu. I have a dom0 and 3 domU's, for apache (10.0.0.1), application
> server (10.0.0.2) and database server (10.0.0.3).
>
> I have a NAT setup. I am forwarding port 80 and 443 to the apache dom,
> and database and cvs pserver requests to the database server.
>
> All worked excellently out of the box.
>
> ** Problem
>
> My Server has:
>       Primary Interface eth0, ip address 217.114.173.143
>       Secondary Interface eth1, ip address 10.0.1.3
>
> The dom0 domain can use both interfaces, and traffic coming in on
> 10.0.1.3 is correctly forwarded to the appropriate server (IP TABLES /
> NAT).
>
> The domU's are configured to use the primary interface, eth0. From
> looking at the Xen Networking document,
> http://wiki.xensource.com/xenwiki/XenNetworking it appears that I have
> to configure two virtual network interfaces in the domU's. However, the
> documentation seems to be for bridging. I do not know how to set up a
> NAT configuration with two interfaces.
>
> My difficulty is in setting up the vif's on eth1. I presume that once
> they are setup, mapping them into the domU's is simply a matter
> modifying the xen configurations.
>
> If anyone has a working setup using dual NICs and NAT on Xen 3.0.1, can
> you please send me your network-nat, vif-nat and any other configuration
> changes I will need.
>
> Alternatively, I could have got this completely wrong and I may have to
> modify my IPTABLES configuration instead. If this is the case, again
> please let me know.
>
> Thanks in advance,
>
>
> Kevin Gill
> **************************************************************************************************
> The contents of this email and any attachments are confidential.
> They are intended for the named recipient(s) only.
> If you have received this email in error please notify the system manager or  
> the 
> sender immediately and do not disclose the contents to anyone or make copies.
>
> ** eSafe scanned this email for viruses, vandals and malicious content. **
> **************************************************************************************************
>
> _______________________________________________
> Xen-users mailing list
> Xen-users@xxxxxxxxxxxxxxxxxxx
> http://lists.xensource.com/xen-users
>   


-- 
Yuri Pismerov, System Administrator
Armor Technologies (Canada) Inc.

P: 905 305 1946 (x.3519)
http://www.armorware.net

Privacy Protection Guaranteed!





_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users

<Prev in Thread] Current Thread [Next in Thread>