[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] Re: nfsroot and brige



I will try to put a document together over the weekend.

Cheers 
Gregor

> any chance to have generalized version of this in User's Manual? i think
> many ppl would find this usefull.
>
> On Fri, 14 Jan 2005, Grzegorz Milos wrote:
> >>> Instead use routing and iptables (masquerade) as follows:
> >>> dom0 eth0 stays with 10.128.107.187
> >>> dom0 eth1 stays with 192.168.0.65
> >>> dom0 acts as a NAT for unpriviledged domains
> >>
> >> that's what I was kind of figuring I would need to do.
> >>
> >> But a real bridge (I used to use them) would transparently bridge
> >> packets from vif1.0 to eth1, right? This is what I never saw working,
> >> unless I did things that made no sense (e.g. ifconfig xen-br0
> >> 192.168.0.65), and even then I only got from domU to dom0. (it makes no
> >> real sense to me for a *bridge* to have an IP address).
> >> I would expect something working as a real bridge to allow me to do
> >> this:
> >>
> >> ifconfig eth1 192.168.0.65
> >> brctl  xen-br0 addif eth1
> >> brctl  xen-br0 addif vif1.0
> >
> > I am suprised that does not work. This is roughly what we are doing here.
> > Let me just go through the steps you need to do to set up the bridge -
> > maybe that will clarify something:
> >
> > a) create the bridge:
> > brctl addbr xen-br0
> > ifconfig xen-br0 up
> >
> > b) add the ip address of eth1 to the bridge (can also do it with
> > ifconfig, but ip is easier to use):
> > ip addr add 192.168.0.65 brd 10.212.4.255 scope global dev xen-br0
> >
> > c) setup routing:
> > route del -net 192.168.0.0/24 eth1
> > route add -net 192.168.0.0/24 xen-br0
> >
> > d) add eth1 to the bridge:
> > brctl addif xen-br0 eth1
> >
> > The above sets up the bridge, then upon domain creation:
> > e) add virtual interface to the bridge:
> > brctl addif xen-br0 vif1.0
> > ifconfig vif1.0 up
> >
> > That is all implemented in the two network scripts:
> > /etc/xen/scripts/network
> > /etc/xen/scripts/vif-bridge
> >
> > So if you decide not to use them make sure to have them disabled.
> >
> > All that should allow your unpriviledged domains to appear as if they
> > were connected to your local network (through a switch or whatever else).
> >
> > In order to allow domU to access the internet you will have to:
> > a) set up routing on domU:
> > route add default gw 192.168.0.65
> >
> > b) set dom0 to work as a NAT
> > iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
> >
> >
> > Get back to me if that still does not work.
> >
> >> This is essentially wiring the two ifs up to xen-br0.
> >>
> >> then I dhcp from domU and I would think packets ought to flow to
> >> vif1.0->eth1, and eth1->vif1.0, broadcasts would flow across the bridge
> >> transparently and, once the right MAC discovery happened, packets from
> >> vif1.0 would make it to 192.168.0.1
> >>
> >> I'm still not sure they didn't -- tcpdump seemed to think the DHCP
> >> requests were going to eth1, but my home router didn't seem to think it
> >> was seeing them. I will do a little more fooling around.
> >>
> >> ron
> >
> > Cheers
> > Gregor


-------------------------------------------------------
The SF.Net email is sponsored by: Beat the post-holiday blues
Get a FREE limited edition SourceForge.net t-shirt from ThinkGeek.
It's fun and FREE -- well, almost....http://www.thinkgeek.com/sfshirt
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/xen-devel


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.