[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] Re: nfsroot and brige
I will try to put a document together over the weekend. Cheers Gregor > any chance to have generalized version of this in User's Manual? i think > many ppl would find this usefull. > > On Fri, 14 Jan 2005, Grzegorz Milos wrote: > >>> Instead use routing and iptables (masquerade) as follows: > >>> dom0 eth0 stays with 10.128.107.187 > >>> dom0 eth1 stays with 192.168.0.65 > >>> dom0 acts as a NAT for unpriviledged domains > >> > >> that's what I was kind of figuring I would need to do. > >> > >> But a real bridge (I used to use them) would transparently bridge > >> packets from vif1.0 to eth1, right? This is what I never saw working, > >> unless I did things that made no sense (e.g. ifconfig xen-br0 > >> 192.168.0.65), and even then I only got from domU to dom0. (it makes no > >> real sense to me for a *bridge* to have an IP address). > >> I would expect something working as a real bridge to allow me to do > >> this: > >> > >> ifconfig eth1 192.168.0.65 > >> brctl xen-br0 addif eth1 > >> brctl xen-br0 addif vif1.0 > > > > I am suprised that does not work. This is roughly what we are doing here. > > Let me just go through the steps you need to do to set up the bridge - > > maybe that will clarify something: > > > > a) create the bridge: > > brctl addbr xen-br0 > > ifconfig xen-br0 up > > > > b) add the ip address of eth1 to the bridge (can also do it with > > ifconfig, but ip is easier to use): > > ip addr add 192.168.0.65 brd 10.212.4.255 scope global dev xen-br0 > > > > c) setup routing: > > route del -net 192.168.0.0/24 eth1 > > route add -net 192.168.0.0/24 xen-br0 > > > > d) add eth1 to the bridge: > > brctl addif xen-br0 eth1 > > > > The above sets up the bridge, then upon domain creation: > > e) add virtual interface to the bridge: > > brctl addif xen-br0 vif1.0 > > ifconfig vif1.0 up > > > > That is all implemented in the two network scripts: > > /etc/xen/scripts/network > > /etc/xen/scripts/vif-bridge > > > > So if you decide not to use them make sure to have them disabled. > > > > All that should allow your unpriviledged domains to appear as if they > > were connected to your local network (through a switch or whatever else). > > > > In order to allow domU to access the internet you will have to: > > a) set up routing on domU: > > route add default gw 192.168.0.65 > > > > b) set dom0 to work as a NAT > > iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE > > > > > > Get back to me if that still does not work. > > > >> This is essentially wiring the two ifs up to xen-br0. > >> > >> then I dhcp from domU and I would think packets ought to flow to > >> vif1.0->eth1, and eth1->vif1.0, broadcasts would flow across the bridge > >> transparently and, once the right MAC discovery happened, packets from > >> vif1.0 would make it to 192.168.0.1 > >> > >> I'm still not sure they didn't -- tcpdump seemed to think the DHCP > >> requests were going to eth1, but my home router didn't seem to think it > >> was seeing them. I will do a little more fooling around. > >> > >> ron > > > > Cheers > > Gregor ------------------------------------------------------- The SF.Net email is sponsored by: Beat the post-holiday blues Get a FREE limited edition SourceForge.net t-shirt from ThinkGeek. It's fun and FREE -- well, almost....http://www.thinkgeek.com/sfshirt _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxxxx https://lists.sourceforge.net/lists/listinfo/xen-devel
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |