Xen project Mailing List

[Xen-users] Bridging + NAT

From: Laurent Pointal <laurent.pointal@xxxxxxxx>

Date: Thu, 09 Feb 2006 15:24:32 +0100

Delivery-date: Thu, 09 Feb 2006 14:36:00 +0000

List-id: Xen user discussion <xen-users.lists.xensource.com>

[best viewed with fixed-width font] Hello, I'am installing my first Xen on a server. Using online docs, wiki, reading this list... I installed a debian sarge + Xen3, and finally have dom0 and one domU (minimal - a dbootstrap) running. My laboratory has a public 129.175.252.0/21 net (call it N1), and for domU I use a private 192.168.21.0 net (call it N2). Administrators of N1 have setup routing + gateway, and N1 <=> N2 pinging works in both directions. Now, for domU installation and management, I need an Internet access (dbootstrap is really minimal). As I use private network N2, I'm trying to setup a second interface eth1 on domU, with corresponding NAT on dom0, used for external Internet access. <== domU ==><================ dom0 =======================> (meodie) (psaume) eth0--------->vif1.0-----+ peth0 | | +----psbridge--------------eth0 | | vif0.0 | | | eth1--------->vif1.1--------------(NAT)---------------+ [ For my understanding, what are peth0 / vif0.0 usage, and what pseudo-interface is connected to dom0 eth0 ? ] Now, it seem I have routing problems or Xen understanding problems... Here are my configuration files/tables and final result: On dom0 (psaume) ================ psaume:~# cat /etc/xen/xend-config.sxp ------------------------ ... (network-script 'network-bridge bridge=psbridge netdev=eth0') (vif-script vif-bridge) ... psaume:~# cat /etc/xen/melodie.cfg -------------------- name="melodie" memory=256 kernel="/boot/xen-linux-2.6.12.6-xen-domu" vif = ['mac=AA:00:00:00:44:01, script=vif-bridge, bridge=psbridge', 'mac=AA:00:00:00:44:02, script=vif-nat'] hostname = 'melodie' disk=['phy:stockagevg/meloswap,sda1,w', 'phy:stockagevg/melosys,sda2,w', 'phy:stockagevg/melodata,sda3,w'] root="/dev/sda2 ro" psaume:~# cat /proc/sys/net/ipv4/ip_forward --------------------------------- 1 psaume:~# ifconfig -------- eth0 Lien encap:Ethernet HWaddr 00:13:D3:32:77:D4 inet adr:129.175.157.73 Bcast:129.175.159.255 Masque:255.255.248.0 adr inet6: fe80::213:d3ff:fe32:77d4/64 Scope:Lien UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:41984 errors:0 dropped:0 overruns:0 frame:0 TX packets:1507 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 lg file transmission:0 RX bytes:3874972 (3.6 MiB) TX bytes:172931 (168.8 KiB) lo [removed in post] peth0 Lien encap:Ethernet HWaddr FE:FF:FF:FF:FF:FF adr inet6: fe80::fcff:ffff:feff:ffff/64 Scope:Lien UP BROADCAST RUNNING NOARP MULTICAST MTU:1500 Metric:1 RX packets:42209 errors:0 dropped:0 overruns:0 frame:0 TX packets:1567 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 lg file transmission:1000 RX bytes:4418794 (4.2 MiB) TX bytes:188320 (183.9 KiB) Adresse de base:0x3000 Mémoire:d0120000-d0140000 psbridge Lien encap:Ethernet HWaddr FE:FF:FF:FF:FF:FF adr inet6: fe80::200:ff:fe00:0/64 Scope:Lien UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:39945 errors:0 dropped:0 overruns:0 frame:0 TX packets:5 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 lg file transmission:0 RX bytes:3133556 (2.9 MiB) TX bytes:378 (378.0 b) vif0.0 Lien encap:Ethernet HWaddr FE:FF:FF:FF:FF:FF adr inet6: fe80::fcff:ffff:feff:ffff/64 Scope:Lien UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:1507 errors:0 dropped:0 overruns:0 frame:0 TX packets:41985 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 lg file transmission:0 RX bytes:172931 (168.8 KiB) TX bytes:3875062 (3.6 MiB) vif1.0 Lien encap:Ethernet HWaddr FE:FF:FF:FF:FF:FF adr inet6: fe80::fcff:ffff:feff:ffff/64 Scope:Lien UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:54 errors:0 dropped:0 overruns:0 frame:0 TX packets:26330 errors:0 dropped:1701 overruns:0 carrier:0 collisions:0 lg file transmission:0 RX bytes:3646 (3.5 KiB) TX bytes:2397969 (2.2 MiB) vif1.1 Lien encap:Ethernet HWaddr FE:FF:FF:FF:FF:FF inet adr:10.0.1.129 Bcast:0.0.0.0 Masque:255.255.255.255 adr inet6: fe80::fcff:ffff:feff:ffff/64 Scope:Lien UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:14 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:5 overruns:0 carrier:0 collisions:0 lg file transmission:0 RX bytes:666 (666.0 b) TX bytes:0 (0.0 b) [note Xen NAT script has given 10.0.1.129 address to vif1.1] psaume:~# iptables -L ----------- Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt source destination ACCEPT all -- anywhere anywhere PHYSDEV match --physdev-in vif1.0 ACCEPT all -- 10.0.0.0/16 anywhere PHYSDEV match --physdev-in vif1.1 ACCEPT udp -- anywhere anywhere PHYSDEV match --physdev-in vif1.1 udp spt:bootpc dpt:bootps Chain OUTPUT (policy ACCEPT) target prot opt source destination [there seem to be rules for vif1.1, is this NAT] On domU (melodie) ================= melodie:~# cat /etc/network/interfaces --------------------------- auto lo iface lo inet loopback auto eth0 iface eth0 inet static address 192.168.21.10 netmask 255.255.255.0 network 192.168.21.0 gateway 192.168.21.254 dns-search limsi.fr dns-nameservers 129.175.152.136 129.175.152.129 auto eth1 iface eth1 inet static address 192.168.21.11 netmask 255.255.255.0 network 192.168.21.0 up route add -host 192.168.21.254 eth0 up route add -net 129.175.152.0 netmask 255.255.248.0 eth0 [ the two up routes make N1 accessible from domU ] melodie:~# ifconfig -------- eth0 Link encap:Ethernet HWaddr AA:00:00:00:44:01 inet addr:192.168.21.10 Bcast:192.168.21.255 Mask:255.255.255.0 inet6 addr: fe80::a800:ff:fe00:4401/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:29896 errors:0 dropped:0 overruns:0 frame:0 TX packets:58 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:2758293 (2.6 MiB) TX bytes:3774 (3.6 KiB) eth1 Link encap:Ethernet HWaddr AA:00:00:00:44:02 inet addr:192.168.21.11 Bcast:192.168.21.255 Mask:255.255.255.0 inet6 addr: fe80::a800:ff:fe00:4402/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:18 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:0 (0.0 b) TX bytes:794 (794.0 b) lo [removed for post] melodie:~# route -n -------- Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 192.168.21.254 0.0.0.0 255.255.255.255 UH 0 0 0 eth0 192.168.21.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 192.168.21.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1 129.175.152.0 0.0.0.0 255.255.248.0 U 0 0 0 eth0 0.0.0.0 192.168.21.254 0.0.0.0 UG 0 0 0 eth0 [ Now, I setup a route to the default laboratory gateway. ] melodie:~# route add 129.175.152.252 eth1 [ And make this gateway the default route for unkown ones. ] melodie:~# route add default gw 129.175.152.252 [ Nice, but still fail (this works under dom0, with same target). ] melodie:~# apt-get update Err ftp://debian.ens-cachan.fr stable/main Packages Could not connect to debian.ens-cachan.fr:21 (138.231.176.11). - connect (113 No route to host) What am-I missing (note pinging N1<==>N2 still work) ? Thanks a lot. Laurent. -- Laurent POINTAL CNRS-LIMSI dépt. CHM, groupes AMI et PS Courriel: laurent.pointal@xxxxxxxx (prof) laurent.pointal@xxxxxxxxxxx (perso) Ouebe: http://www.limsi.fr/Individu/pointal/ Tél. 01 69 85 81 06 (prof) Fax. 01 69 85 80 88 _______________________________________________ Xen-users mailing list Xen-users@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-users

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.