WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-users

RE: [Xen-users] Xen 3.2 Setup advice pretty please

To: "'xen-users'" <xen-users@xxxxxxxxxxxxxxxxxxx>
Subject: RE: [Xen-users] Xen 3.2 Setup advice pretty please
From: "Dustin Henning" <Dustin.Henning@xxxxxxxxxxx>
Date: Tue, 21 Oct 2008 14:50:18 -0400
Delivery-date: Tue, 21 Oct 2008 11:51:03 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <10403024.21224614743062.JavaMail.root@xxxxxxxxxxxxxxxxxx>
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
Organization: PRD, Inc.
References: <29771791.01224614376674.JavaMail.root@xxxxxxxxxxxxxxxxxx> <10403024.21224614743062.JavaMail.root@xxxxxxxxxxxxxxxxxx>
Reply-to: Dustin.Henning@xxxxxxxxxxx
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx
Thread-index: AckzrTzZT0QqMJZBSfOG33m/8KeCQQAAD98w
-----Original Message-----
From: edoardo@xxxxxxxxxxxxx [mailto:edoardo@xxxxxxxxxxxxx] On Behalf Of 
lists@xxxxxxxxxxxxx
Sent: Tuesday, October 21, 2008 14:46
To: Dustin Henning
Subject: Re: [Xen-users] Xen 3.2 Setup advice pretty please

----- "Dustin Henning" <Dustin.Henning@xxxxxxxxxxx> wrote:

> If you are using bridging and the connection to eth0 already supports
> all of these addresses, you should simply assign one address to each
> domU directly.  There is an ip= switch for the vif line in PV domUs,
> but I believe it is not for bridging.  That said, I think you want to
> remove the aliases and the IPs f9om dom0 and manually configure the
> eth0 in each domU just as you would a normal machine (with an IP,
> netmask, gateway, etc).  If the IPs can be used from dom0 and bridging
> is working properly, this should allow them to be used exclusively
> from their respective domUs.
>       Dustin 
> 
> -----Original Message-----
> From: xen-users-bounces@xxxxxxxxxxxxxxxxxxx
> [mailto:xen-users-bounces@xxxxxxxxxxxxxxxxxxx] On Behalf Of Lists
> Sent: Tuesday, October 21, 2008 12:24
> To: xen-users
> Subject: [Xen-users] Xen 3.2 Setup advice pretty please
> 
> Hi all,
> 
> I have been trying various failing solutions so I turn to the gurus
> for guidance in times of trouble.
> 
> I have a Xen 3.2-1 server running on a Debian etch
> (2.6.18-6-xen-vserver-686) in a remote data centre.
> I also have 5 public IPs in different ranges and only one NIC.
> 
> What I want to do is simple.  Have the applications running on my
> DomUs available to the internet.
> 
> Dom0 - Web proxy for routing to the correct Dom(2/3).
> Dom1 - Mail
> Dom2 - Web
> Dom3 - Web
> 
> I'd like it as secure as possible.
> 
> I tried using IP aliasing on my NIC + bridge but that didn't work.
> I tried nat but I can't seem to get the firewall to work properly.
> 
> 
> In short:
> 
>                        |-> Dom0
> WAN <--->   eth0   <---|-> Dom1
>         91.111.100.50  |-> Dom2
>         100.10.121.30  |-> Dom3
>         98.66.100.125
>         96.130.120.14
>         95.85.140.121
> 
> 
> If anyone has any advice at all, I'd greatly appreciate it.  I'm at a
> loss.
> 
> Thanks
> --
> eco
> 
> _______________________________________________
> Xen-users mailing list
> Xen-users@xxxxxxxxxxxxxxxxxxx
> http://lists.xensource.com/xen-users
> 
> 
> 
> _______________________________________________
> Xen-users mailing list
> Xen-users@xxxxxxxxxxxxxxxxxxx
> http://lists.xensource.com/xen-users


Hi Dustin,

I gave it a go and locked myself out of the box.  For some reason it disabled 
my nic.

   [
Oct 21 19:01:51 Dom0 kernel: ADDRCONF(NETDEV_UP): peth0: link is not ready
Oct 21 19:01:54 Dom0 kernel: e1000: peth0: e1000_watchdog: NIC Link is Up 1000 
Mbps Full Duplex
Oct 21 19:01:54 Dom0 kernel: ADDRCONF(NETDEV_CHANGE): peth0: link becomes ready
Oct 21 19:01:54 Dom0 kernel: device peth0 entered promiscuous mode
Oct 21 19:01:54 Dom0 kernel: audit(1224608514.938:2): dev=peth0 prom=256 
old_prom=0 auid=4294967295
Oct 21 19:01:54 Dom0 kernel: eth0: port 1(peth0) entering learning state
Oct 21 19:01:54 Dom0 kernel: eth0: topology change detected, propagating
Oct 21 19:01:54 Dom0 kernel: eth0: port 1(peth0) entering forwarding state
Oct 21 19:02:49 Dom0 kernel: device vif4.0 entered promiscuous mode
Oct 21 19:02:49 Dom0 kernel: audit(1224608569.399:3): dev=vif4.0 prom=256 
old_prom=0 auid=4294967295
Oct 21 19:02:49 Dom0 kernel: ADDRCONF(NETDEV_UP): vif4.0: link is not ready
Oct 21 19:02:50 Dom0 kernel: ADDRCONF(NETDEV_CHANGE): vif4.0: link becomes ready
Oct 21 19:02:50 Dom0 kernel: eth0: port 2(vif4.0) entering learning state
Oct 21 19:02:50 Dom0 kernel: eth0: topology change detected, propagating
Oct 21 19:02:50 Dom0 kernel: eth0: port 2(vif4.0) entering forwarding state
Oct 21 19:02:53 Dom0 kernel: e1000: peth0: e1000_watchdog: NIC Link is Down
Oct 21 19:02:53 Dom0 kernel: eth0: port 1(peth0) entering disabled state
Oct 21 19:12:43 Dom0 kernel: input: AT Translated Set 2 keyboard as 
/class/input/input1
Oct 21 19:15:09 Dom0 kernel: e1000: peth0: e1000_watchdog: NIC Link is Up 1000 
Mbps Full Duplex
Oct 21 19:15:09 Dom0 kernel: eth0: port 1(peth0) entering learning state
Oct 21 19:15:09 Dom0 kernel: eth0: topology change detected, propagating
Oct 21 19:15:09 Dom0 kernel: eth0: port 1(peth0) entering forwarding state
Oct 21 19:29:36 Dom0 kernel: e1000: peth0: e1000_watchdog: NIC Link is Down
Oct 21 19:29:36 Dom0 kernel: eth0: port 1(peth0) entering disabled state
Oct 21 19:56:09 Dom0 -- MARK --
Oct 21 20:09:11 Dom0 syslogd 1.4.1#18: restart.
Oct 21 20:09:12 Dom0 kernel: klogd 1.4.1#18, log source = /proc/kmsg started.
Oct 21 20:09:12 Dom0 kernel: Linux version 2.6.18-6-xen-vserver-686 (Debian 
2.6.18.dfsg.1-22etch2) (dannf@xxxxxxxxxx) (gcc version 4.1.2 20061115 
(prerelease) (Debian 4.1.1-21)) #1 SMP Mon Aug 18 13:34:50 UTC 2008
   ]

Here are my config files

# grep -v ^# xend-config.sxp|grep ..
(network-script network-nat)
(vif-script     vif-nat)
(dom0-min-mem 196)
(dom0-cpus 0)
(vncpasswd '')


/etc/network/interfaces
auto lo
iface lo inet loopback

auto eth0
iface eth0 inet static
        address 95.128.150.5
        netmask 255.255.255.0
        network 95.128.150.0
        broadcast 95.128.150.255
        gateway 95.128.150.254


test01.precognet.com.cfg
kernel      = '/boot/vmlinuz-2.6.18-6-xen-vserver-686'
ramdisk     = '/boot/initrd.img-2.6.18-6-xen-vserver-686'
memory      = '64'

root        = '/dev/sda2 ro'
disk        = [
                  'phy:/dev/vm/test01.precognet.com-swap,sda1,w',
                  'phy:/dev/vm/test01.precognet.com-disk,sda2,w',
              ]

name        = 'test01'
vif         = [ 'mac=00:16:3E:36:A5:FE' ]

on_poweroff = 'destroy'
on_reboot   = 'restart'
on_crash    = 'restart'

------------

Any thoughts on what I might have done wrong.  I've been at it for so long I'm 
just muddled up and unable to see the obvious.  Time for a good nights rest.

Thanks
--
Eco


I'm not sure, but my first thought would be that this:

# grep -v ^# xend-config.sxp|grep ..
(network-script network-nat)
(vif-script     vif-nat)

Should be changed.  Presumably to this:
# grep -v ^# xend-config.sxp|grep ..
(network-script network-bridge)
(vif-script     vif-bridge)

I'm not sure on that, though, as I can't look at any live Xen machines right 
now and I don't even use the network script, I configure bridging permanently 
(manually) instead of having the scripts run with Xen startup.

Dustin



_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users

<Prev in Thread] Current Thread [Next in Thread>