[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-users] NAT and networks of domUs

To: Toens Bueker <toens.bueker@xxxxxxxxxxxxx>
From: Nils Toedtmann <xen-users@xxxxxxxxxxxxxxxxxx>
Date: Thu, 14 Apr 2005 13:17:30 +0200
Cc: xen-users <xen-users@xxxxxxxxxxxxxxxxxxx>
Delivery-date: Thu, 14 Apr 2005 11:17:26 +0000
List-id: Xen user discussion <xen-users.lists.xensource.com>

Am Mittwoch, den 13.04.2005, 18:40 +0200 schrieb Toens Bueker: 
> Nils Toedtmann <xen-users@xxxxxxxxxxxxxxxxxx> wrote:
> 
> >> 2.) Has somebody on the list a working configuration with domUs on a 
> >> private
> >> network, which is/are NATted to the internet via a public IP in dom0? 
> 
> [...]
> 
> > Try this: 
> > 
> >   * Shutdown all domUs, stop xend
> > 
> >   * Set up an empty bridge-device with private ip using you distro 
> >     sysconfig or by hand:
> > 
> >       brctl addbr mybr0
> >       ip addr add 192.168.1.1/24 dev mybr0
> >       ip link set mybr0 up
> 
> Check.
> 
> 
> >   * Configure xend (/etc/xen/xend-config.sxp) for not setting up 
> >     xen-br0 on startup, but nevertheless adding virtual interfaces 
> >     to your bridge:
> > 
> >       (network-script     network-route)
> >       (vif-script         vif-bridge)
> >       (vif-bridge         mybr0)
> 
> Check.
> 
> >   * start xend, boot your VMs, tell them to use IPs in 192.168.1.0/24,
> >     default gw being 192.168.1.1. Now all doms should be able to ping 
> >     each other within 192.168.1.0/24.
> 
> I can ping 192.168.1.1 from each domU. None of the domUs
> can ping the other one.

Hmmm, the bridge does not bridge ... check this:

(1) "/usr/sbin/brctl show" should look like this:

      bridge name     bridge id               STP enabled     interfaces
      mybr0           8000.000c7616d891       no              vif1.0
                                                              vif2.0
                                                              vif3.0

    and so on, this means that the virtual interfaces vif* belong to
    the bridge "mybr0"

(2) "/sbin/iptables -nL ; /sbin/iptables -t nat -nL" should be empty
    (just for testing) with policies "ACCEPT"

(3) The domUs use different MACs

If all is true and the domUs still cannot ping each other, ping all
domUs from dom0 and send me the resulting arptable:

    for i in 2 3 4 ; do ping -c 1 192.168.1.$i ; done ; /sbin/arp -n

and the output of "/sbin/ip addr show up"

/nils.



_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users

Follow-Ups:
- Re: [Xen-users] NAT and networks of domUs
  - From: Toens Bueker

References:
- [Xen-users] NAT and networks of domUs
  - From: Toens Bueker
- Re: [Xen-users] NAT and networks of domUs
  - From: Nils Toedtmann
- Re: [Xen-users] NAT and networks of domUs
  - From: Toens Bueker

Prev by Date: RE: [Xen-users] Xen-Kernel 2.6.10 and nvidia driver
Next by Date: Re: [Xen-users] NAT and networks of domUs
Previous by thread: Re: [Xen-users] NAT and networks of domUs
Next by thread: Re: [Xen-users] NAT and networks of domUs
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.