For what it worth....
In similar setup (one NIC on public, the 2nd one on private network
along with domU's) I had better success with routed Xen networking
config (vif-route).
For some reason, neither bridged nor nat setups worked for me.
Here is what I use in xen config file (my internal network is on eth1,
so it requires explicit definition of netdev).
(network-script network-route)
(vif-script 'vif-route netdev=eth1')
Also, if you have internal network segment and you want the domU IPs
visible on it you will need:
echo 1 >/proc/sys/net/ipv4/conf/eth1/proxy_arp
Hope this helps.
Kevin Gill (Newaddress) wrote:
> Hi,
>
> I need help configuring a second network interface in a NAT
> configuration with Xen 3.0.1.
>
> ** Background
>
> I have set up a server using Xen 3.0.1. I am using Amd64 bit version of
> Ubuntu. I have a dom0 and 3 domU's, for apache (10.0.0.1), application
> server (10.0.0.2) and database server (10.0.0.3).
>
> I have a NAT setup. I am forwarding port 80 and 443 to the apache dom,
> and database and cvs pserver requests to the database server.
>
> All worked excellently out of the box.
>
> ** Problem
>
> My Server has:
> Primary Interface eth0, ip address 217.114.173.143
> Secondary Interface eth1, ip address 10.0.1.3
>
> The dom0 domain can use both interfaces, and traffic coming in on
> 10.0.1.3 is correctly forwarded to the appropriate server (IP TABLES /
> NAT).
>
> The domU's are configured to use the primary interface, eth0. From
> looking at the Xen Networking document,
> http://wiki.xensource.com/xenwiki/XenNetworking it appears that I have
> to configure two virtual network interfaces in the domU's. However, the
> documentation seems to be for bridging. I do not know how to set up a
> NAT configuration with two interfaces.
>
> My difficulty is in setting up the vif's on eth1. I presume that once
> they are setup, mapping them into the domU's is simply a matter
> modifying the xen configurations.
>
> If anyone has a working setup using dual NICs and NAT on Xen 3.0.1, can
> you please send me your network-nat, vif-nat and any other configuration
> changes I will need.
>
> Alternatively, I could have got this completely wrong and I may have to
> modify my IPTABLES configuration instead. If this is the case, again
> please let me know.
>
> Thanks in advance,
>
>
> Kevin Gill
> **************************************************************************************************
> The contents of this email and any attachments are confidential.
> They are intended for the named recipient(s) only.
> If you have received this email in error please notify the system manager or
> the
> sender immediately and do not disclose the contents to anyone or make copies.
>
> ** eSafe scanned this email for viruses, vandals and malicious content. **
> **************************************************************************************************
>
> _______________________________________________
> Xen-users mailing list
> Xen-users@xxxxxxxxxxxxxxxxxxx
> http://lists.xensource.com/xen-users
>
--
Yuri Pismerov, System Administrator
Armor Technologies (Canada) Inc.
P: 905 305 1946 (x.3519)
http://www.armorware.net
Privacy Protection Guaranteed!
_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users
|