Xen project Mailing List

Re: [Xen-devel] xen-unstable networking

From: Ian Pratt <Ian.Pratt@xxxxxxxxxxxx>

Date: Sat, 27 Mar 2004 17:10:11 +0000

Cc: xen-devel@xxxxxxxxxxxxxxxxxxxxx, Ian.Pratt@xxxxxxxxxxxx

Delivery-date: Sat, 27 Mar 2004 17:11:57 +0000

List-id: List for Xen developers <xen-devel.lists.sourceforge.net>

> I'm trying to make Xen's internal network among the domains available > to a vpn: the machine is allocated a network in the vpn, > 192.168.101.0/24, and domain 0 has an IP tunnel to the vpn server and a > single IP address in that network, 192.168.101.254. This network is > made visible from the vpn by routing daemons running in domain 0. This > much works and domain 0's vpn connectivity is fine. > > The other domains then have addresses in 192.168.101.0/24, e.g. > 192.168.101.1 for domain 1, with the address added to the VFR for that > domain's vif 0 and the address added as a secondary on the domain's > eth0. The domain then has a default route via 192.168.101.254. Domain 0 > has /proc/sys/net/ipv4/ip_forward set to 1. I can ping between domains, > and between domain 0 and other domains using 192.168.101.x addresses. With this configuration, the packets will go out on the wire directly as you've told it that the whole 192.168.101.0/24 subnet is directly accessible from eth0 Try setting the ip addresses for domains >0 to e.g. 192.168.101.1/32 and then set the default route to go via gateway 192.168.101.254 I haven't tried this, but it should force all packets to go via domain 0 rather than out via the LAN. (You could set a gateway just for 192.168.101.0/24 if you wanted other packets to go on the LAN directly) Ian > However, while packets from the vpn are correctly routed to domains > other than 0, packets from those domains appear directly on the > physical ethernet rather than being routed via domain 0 and down the > vpn tunnel. This does seem to to be working as designed in that the > domain has access to the physical ethernet for addresses which have > been added to its vif, but it would be useful for this situation if the > packets could go via domain 0. Is this something which can be done with > the current code? ------------------------------------------------------- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxxxx https://lists.sourceforge.net/lists/listinfo/xen-devel

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.