[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [Xen-users] network-route and vif-route setup help
Hi > It seems 1and1 drops my network whenever the switch sees a > MAC address other then my eth0's MAC address. So bridge > network is not possible. Wrong. First, it should work perfectly as long as only dom0 is up. (dom0 should get the MAC of your peth0.) Then you can use ebtables to rewrite packets on peth0, so that 1and1 only sees ONE MAC. I have done this for 3 IPs: Bridge chain: PREROUTING, entries: 6, policy: ACCEPT -p IPv4 -d $mac -i peth0 --ip-dst $2 -j dnat --to-dst 0:16:3e:0:16:1 -p ARP -d $mac -i peth0 --arp-ip-dst $2 -j dnat --to-dst 0:16:3e:0:16:1 -p IPv4 -d $mac -i peth0 --ip-dst $3 -j dnat --to-dst 0:16:3e:0:16:2 -p ARP -d $mac -i peth0 --arp-ip-dst $3 -j dnat --to-dst 0:16:3e:0:16:2 -p IPv4 -d $mac -i peth0 --ip-dst $4 -j dnat --to-dst 0:16:3e:0:16:3 -p ARP -d $mac -i peth0 --arp-ip-dst $4 -j dnat --to-dst 0:16:3e:0:16:3 Bridge chain: OUTPUT, entries: 0, policy: ACCEPT Bridge chain: POSTROUTING, entries: 6, policy: ACCEPT -p IPv4 -s 0:16:3e:0:16:1 -o peth0 --ip-src $2 -j snat --to-src $mac -p ARP -s 0:16:3e:0:16:1 -o peth0 --arp-ip-src $2 -j snat --to-src $mac -p IPv4 -s 0:16:3e:0:16:2 -o peth0 --ip-src $3 -j snat --to-src $mac -p ARP -s 0:16:3e:0:16:2 -o peth0 --arp-ip-src $3 -j snat --to-src $mac -p IPv4 -s 0:16:3e:0:16:3 -o peth0 --ip-src $4 -j snat --to-src $mac -p ARP -s 0:16:3e:0:16:3 -o peth0 --arp-ip-src $4 -j snat --to-src $mac And I boot my domUs with ip = $2, mac = 00:16:3e:00:16:01 ip = $3, mac = 00:16:3e:00:16:02 ip = $4, mac = 00:16:3e:00:16:03 works perfectly. > my network is a bit strange. My IP is 82.165.27.12 for dom0. > but the gateway is 10.255.255.1. the netmask is 255.255.255.255. > This works for dom0. this is really a bit strange, as the system should have no idea in that case how to reach the gateway. I have simmilar problems, as I also have IPs in different subnets. That means, that in my original setup, every traffic between my doms is going through the providers router. Hence nonsense. But I am going to solve this another way: I will give the dom0 and every domU a second IP in the same 10.x.x.x network. Packets to and from 10.x.x.x will be dropped at peth0. Then I will add routes manually to route the public ip of any dom over the private ip of that dom. The doms can then reach each other over their private AND public ips directly. (And I can attach an tap device using openvpn to connect my own computer to that bridge for administration.) Regards, Steffen Attachment:
smime.p7s _______________________________________________ Xen-users mailing list Xen-users@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-users
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |