Re: [Xen-users] Help creating virtual networks of domU guests

To:	xen-users@xxxxxxxxxxxxxxxxxxx
Subject:	Re: [Xen-users] Help creating virtual networks of domU guests
From:	David Richardson <daverich04@xxxxxxxxx>
Date:	Tue, 19 Jul 2005 13:24:08 -0700 (PDT)
Delivery-date:	Tue, 19 Jul 2005 20:22:48 +0000
Domainkey-signature:	a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=Message-ID:Received:Date:From:Subject:To:In-Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding; b=F5sYZ64j1e97octqJrMgIi+R50pI27xPkS/h/Z9a/NI+rG0ZuHJL4qy1axGPyWCo4URKV0C+JjyKL/OCuSRlQe0TrkocSh09ooh67b3Uvd50WykJ2nTFYQXt7UmLPIOnYLIMjl4/rvKHJa7DCCram9hacAi+V3PNpwTRBjSrVrQ= ;
Envelope-to:	www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to:	<20050718211207.6372.qmail@xxxxxxxxxxxxxxxxxxxxxxx>
List-help:	<mailto:xen-users-request@lists.xensource.com?subject=help>
List-id:	Xen user discussion <xen-users.lists.xensource.com>
List-post:	<mailto:xen-users@lists.xensource.com>
List-subscribe:	<http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe:	<http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
Sender:	xen-users-bounces@xxxxxxxxxxxxxxxxxxx

Figured it out.  For those interested, I had to change
the out interface from eth0 to xen-br0 to get IP
masquerading to work:

#iptables --table nat --append POSTROUTING /
--out-interface xen-br0 -j MASQUERADE

~Dave

--- David Richardson <daverich04@xxxxxxxxx> wrote:

> Thanks for your help everyone.  I think I'm close
> now
> (hopefully).  Here's what I've got:  In dom0, I
> execute the following to set up the bridge xenbr1
> with
> address 192.168.1.1  
> 
> #brctl addbr xenbr1
> #brctl stp xenbr1 off
> #brctl setfd xenbr1 0
> #ifconfig xenbr1 192.168.1.1 netmask 255.255.255.0
> up
> 
> Then, in my domU's config file, I add:
> vif = [ 'bridge=xenbr1']
> 
> So that eth0 in domU will bridge to my xenbr1.  I
> also
> modify /etc/network/interfaces in my domU filesystem
> (it's a debian guest) with:
> 
> auto eth0
> iface eth0 inet static
>         address 192.168.1.5
>         netmask 255.255.255.0
> 
> To assign the address 192.168.1.5 to the domU guest.
> 
> Finally, I try to set up the nat by doing (in dom0):
> 
> #iptables --flush
> #iptables --delete-chain
> #iptables --table nat --delete-chain
> #iptables --table nat --append POSTROUTING /
> --out-interface eth0 -j MASQUERADE
> #iptables --append FORWARD --in-interface xenbr1 -j
> /
> ACCEPT
> #echo 1 > /proc/sys/net/ipv4/ip_forward
> 
> #route add  -net 192.168.1.0 netmask 255.255.255.0 /
> dev xenbr1
> 
> When I boot up domU, I am able to ping 192.168.1.1
> from domU, and likewise ping 192.168.1.5 from dom0. 
> However, I can't get to the outside world from domU,
> suggesting that my nat'ing (or something else) isn't
> quite right...  Any suggestions?  Thanks again for
> all
> the help.
> 
> ~Dave
> 
> 
> 
> 
> --- Ernst Bachmann <e.bachmann@xxxxxxxx> wrote:
> 
> > On Monday 18 July 2005 03:25, David Richardson
> > wrote:
> > > Hey guys,
> > > I'm still having problems getting this to work
> > > correctly.  Maybe I should be more clear in my
> > setup.
> > > I only have 1 nic, eth0.  My dom0 gets its IP
> > address
> > > from a dhcp server on eth0.  However, the dhcp
> > server
> > > always gives me the same IP address based on my
> > MAC
> > > address.  As such, my domU guests are unable to
> > use
> > > this dhcp server to obtain IPs. 
> > 
> > Simply assign a different MAC address to your
> domU.
> > You can run with standard bridging, don't need
> alias
> > devices and whatnot.
> > For the DHCP Server it looks like a second
> computer
> > with different MAC is 
> > behind an ethernet bridge, so it'll assign a
> > different IP to it.
> > 
> > > Therefore, what I 
> > > want to do (I think...) is to create a vpn of
> domU
> > > guests that bridge to a virtual interface eth0:1
> > in
> > > dom0. 
> > 
> > Bridging only accepts real interfaces AFAIK. After
> > all, virtual eth0:1 style 
> > interfaces are just alias IP adresses, and the
> > bridge works on ethernet level 
> > and doesn't care about IP at all.
> > 
> > > Outside traffic can then be routed between the 
> > > real eth0 and the virtual eth0:1 to reach the
> domU
> > > guests.  Then, I can run a dhcp server in dom0
> for
> > > eth0:1 to assign made-up addresses to the domU
> > guests
> > > when they boot.
> > 
> > with VPN you mean NAT?
> > 
> > > I've never done anything like this before, so
> any
> > help
> > > would be great.  My first attempts have started
> > out by
> > > doing the following:
> > >
> > > Create the virtual ethernet interface:
> > > #ifconfig eth0:1 192.168.1.1 netmask
> 255.255.255.0
> > >
> > > Create a bridge in dom0, attach it to eth0:1:
> > > #brctl addbr xen-br1
> > > #brctl stp xen-br1 off
> > > #brctl setfd xen-br1 0
> > > #ip link set xen-br1 up
> > > #brctl addif xen-br1 eth0:1
> > 
> > More like:
> > # no eth0:1 iface!
> > 
> > brctl addbr xen-br1
> > brctl stp xen-br1 off
> > brctl setfd xen-br1 0
> > # no brctl addif!
> > ifconfig xen-br1 192.168.1.1 netmask 255.255.255.0
> > up
> > # connect  domUs to xen-br1
> > # set "192.168.1.1" as default route inside domU
> > 
> > #setup NAT in dom0:
> > iptables -t nat -I POSTROUTING -i xen-br1 -j SNAT
> > --to <insert IP of eth0 
> > here>
> > ...
> > (the nat rules will need more work, maybe your
> > distribution comes with premade 
> > scripts there)
> > 
> > /Ernst
> > 
> > _______________________________________________
> > Xen-users mailing list
> > Xen-users@xxxxxxxxxxxxxxxxxxx
> > http://lists.xensource.com/xen-users
> > 
> 
> 
> _______________________________________________
> Xen-users mailing list
> Xen-users@xxxxxxxxxxxxxxxxxxx
> http://lists.xensource.com/xen-users
> 


_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users

WARNING - OLD ARCHIVES

xen-users

Re: [Xen-users] Help creating virtual networks of domU guests