[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-users] strange network behaviour



Short description of my problem:

I'm running Xen 3.0 on Debian testing. I created two additional bridge interfaces and a XenU domain as router which I connected to all bridges. On two of the bridges I want to run a private network. For the router to do its work I copied and modified a setup from a router I am already running on a real computer. Even though I can ping and traceroute from one virtual network to another (even into the internet), it is not possible to get any other traffic from one network to another. So if I use ssh or http, the connection always fails. But this is not due to firewall rules. Does anyone have a clue why it does not work?

Longer description:

My Xen0 has two ethernet interfaces. One (eth0) is connected to my physical LAN, the other one (eth1) is connected to a DSL-modem. The peth0 interface of Xen0 is attached to xen-br0. I attached eth1 to a bridge called br-ppp. I created another bridge called br-dmz. And I connected eth1 to br-ppp.
For the bridge setup I wrote the following lines into /etc/network/interfaces

auto br-dmz
iface br-dmz inet static
pre-up brctl addbr br-dmz
post-down brctl delbr br-dmz
address 0.0.0.0
netmask 255.255.255.255
bridge_fd 0
bridge_hello 0
bridge_stp off

auto br-ppp
iface br-ppp inet static
pre-up brctl addbr br-ppp
post-down brctl delbr br-ppp
address 0.0.0.0
netmask 255.255.255.255
bridge_fd 0
bridge_hello 0
bridge_stp off


The XenU router config looks like this:

kernel = "/boot/xen-linux-2.6.12.6-router-xenu"
memory = 128
name = "xenu-router"
vif = [ 'bridge=br-ppp', 'mac=00:16:3E:00:13:01, bridge=xen-br0', 'mac=00:16:3E:00:12:01, bridge=br-dmz' ]
disk = [ 'file:/home/xen/domains/xenu-router/disk.img,sda1,w','file:/home/xen/domains/xenu-router/swap.img,sda2,w']
root = "/dev/sda1 ro"


So the XenU-router's eth0 is connected to br-ppp, eth1 is connected to xen-br0 and eth2 is connected to br-dmz.

I started the router and at first everything seemed to work fine. The pppoe connection could be established and I was able to access the internet from the router. As well could I access the internet from my notebook which is connected to my LAN. Everything seemed to be as normal.

I brought up another XenU domain which I connected to br-dmz. It was assigned an IP-address by the router's dhcp server. The strange thing was that I could establish a connection to the router, but not to the internet, not to the LAN and not to Xen0. As well was it not possible to establish a connection in the other direction (LAN -> dmz, internet-> dmz). But it was possible in both directions to ping machines and to use traceroute which told the correct routes.

I made another try and connected the XenU to xen-br0. This time it was possible to reach the XenU from the LAN via ssh. But it was still impossible to connect to the internet from the XenU.

Finally I found out that Xen0 could not connect to the internet as well. After a reboot I saw that vif1.0 was connected to br-dmz even though there was no XenU running. vif0.0 was connected to xen-br0 as usual. I have no clue why Xen connects that interface vif1.0 to br-dmz. The interface should be reserved for the first XenU that is started. But the first XenU to be started is assigned vif2.0.

To make sure that this was not the cause of the problem, I created another bridge and let the router and the other XenU connect to this bridge instead of br-dmz. But the problems remained the same.

Does anyone know why such a situation can occurr in this context where it is possible to ping and traceroute everywhere but any "real" connection cannot be established?

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.