WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-users

Re: [Xen-users] Alternative to network-nat on Debian Squeeze with XEN4?

To: xen-users@xxxxxxxxxxxxxxxxxxx
Subject: Re: [Xen-users] Alternative to network-nat on Debian Squeeze with XEN4?
From: Andrew Sorensen <andrewx192@xxxxxxxxx>
Date: Sun, 19 Jun 2011 22:12:45 -0700
Delivery-date: Sun, 19 Jun 2011 22:13:33 -0700
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:subject:from:reply-to:to:in-reply-to:references :content-type:date:message-id:mime-version:x-mailer :content-transfer-encoding; bh=K1xuwDB+bK2IzmPomt6+0RxdSwgr9A4ZFqZeKMzYxuk=; b=MHk3LTiPoNr9VQPgF/niAoGcIrrFqZe82A940aWjRj8AmDZU910H/5v0L2/6cvE2w4 CLbrH53lHR8tcUBvs6IJs8RrboVevy8NYQJn8Lo9WYU4FKeQT2IJC2LLrjAOPEFxqUuO FVCdiAzBxU0qDRMjikBNtKLHfROJDaqRW4ZEQ=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=subject:from:reply-to:to:in-reply-to:references:content-type:date :message-id:mime-version:x-mailer:content-transfer-encoding; b=L3IoCPqgzzM8PjBw22Cbu8KlmncSN0bXXrIfHinbOabfkc8l7TjfXQmOKPaHVMfWM2 SQ0orXFBxA7ypwuLvflP5dkbgI58u31XCu8qcVle6socnrpU6F5Rk+en5nkG/Krfe8l7 HMq38Owm5dCkIYwTER1RGFXkrpumEgnxah9NQ=
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <BANLkTik8a9FjJT4d-_YYvAj-NBmCMupejg@xxxxxxxxxxxxxx>
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
References: <1308469130.2865.3.camel@WLN-MSI-201101> <996448.44055.qm@xxxxxxxxxxxxxxxxxxxxxxxxxxx> <1308507614.1820.11.camel@Nokia-N900-51-1> <BANLkTinVsARHLxku1NLe+yLyqkosAhGV+g@xxxxxxxxxxxxxx> <BANLkTik692SdLqQxYyfQexuCdrpgO=HQwA@xxxxxxxxxxxxxx> <1308543095.1849.17.camel@Nokia-N900-51-1> <BANLkTi=Sz1n9RjZ__WOgeUnnBft-nZYN+g@xxxxxxxxxxxxxx> <1308545278.2865.5.camel@WLN-MSI-201101> <BANLkTik8a9FjJT4d-_YYvAj-NBmCMupejg@xxxxxxxxxxxxxx>
Reply-to: andrewx192@xxxxxxxxx
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx
On Mon, 2011-06-20 at 11:52 +0700, Fajar A. Nugraha wrote:
> On Mon, Jun 20, 2011 at 11:47 AM, Andrew Sorensen <andrewx192@xxxxxxxxx> 
> wrote:
> > On Mon, 2011-06-20 at 11:24 +0700, Fajar A. Nugraha wrote:
> >> On Mon, Jun 20, 2011 at 11:11 AM, Andrew Sorensen <andrewx192@xxxxxxxxx> 
> >> wrote:
> >> >>
> >> >> Todd: Is this the same one used by libvirt with virbr0? Using
> >> >> something common would be nice, as it means NAT-networking can be
> >> >> treated the same way as bridge networking from Xen's perspective.
> >> >>
> >> >> Andrew: try installing virt-manager (or perhaps libvirt-bin is
> >> >> enough). It should create a bridge called virbr0, which you can use on
> >> >> domU config file (add "bridge" section to vif line).
> >> >>
> >> >> --
> >> >> Fajar
> >>
> >> > I already have bridged networking working, but would like to add NAT to 
> >> > my
> >> > setup.. I'd rather stay away from libvirt as it has caused problems in 
> >> > the
> >> > past. I don't see the need to have libvirt to accomplish my requirements.
> >>
> >> libvirt simply makes it easier to setup virbr0. If you don't use
> >> virt-manager/virt-install, then basically it's all libvirt does:
> >> create virtbr0.
> >>
> >> If you're familiar enough with manual bridge and NAT setup, you could
> >> just create it manually, which would involve:
> >> - create a bridge with is not connected to any physical host
> >> - create NAT MASQUARADE rule for any traffic coming from that bridge
> >> - (optional) run dnsmasq to provide DHCP and DNS
> >>
> >> With that kind of setup (either manual or created by libvirt) you can
> >> simply use bridge networking in Xen as usual, and it doesn't matter
> >> whether your uplink is already bridged or not. And the same bridge+NAT
> >> setup can be used for other virtualization setup as well (For example,
> >> I'm using libvirt to create a bridge on my Virtualbox setup, which
> >> Virtulbox uses later as bridged networking)
> >>
> > That was what I was trying to do. If you visit
> > http://wiki.qemu.org/Documentation/Networking/NAT and take a look at
> > that script at the bottom, it creates a bridged interface and takes in a
> > a parameter to add to the NAT bridge. I'm not sure what I would need to
> > modify in that script to create the NAT MASQUARADE rule.
> 
> ... and what I've been trying to say is that you don't have to use
> that script. Not if it gives you more trouble.
> 
> Instead, I suggest you split it into two separate process:
> (1) Creation of the bridge with NAT support
> (2) Adding domU's vif to that bridge
> 
> For (1) Can be done with either libvirt or setup manually.
> For (2), you can simply use Xen's existing bridge script. No need to
> create additional network script.
> 

For (1), How would I go about setting it up manually?
For (2), When you refer to "bridge script" are you referring to -
'vif-script' or 'network-script'?
Currently I am using a statement like
'bridge=br1,mac=xxxxxxxx,ip=xx.xx.xx.xx', which is working out fine for
my "true" bridged network.


_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users