|  |  | 
  
    |  |  | 
 
  |   |  | 
  
    |  |  | 
  
    |  |  | 
  
    |   xen-devel
Re: [Xen-devel] Re: nfsroot and brige 
| 
any chance to have generalized version of this in User's Manual? i think 
many ppl would find this usefull. 
On Fri, 14 Jan 2005, Grzegorz Milos wrote:
 
Instead use routing and iptables (masquerade) as follows:
dom0 eth0 stays with 10.128.107.187
dom0 eth1 stays with 192.168.0.65
dom0 acts as a NAT for unpriviledged domains
 
that's what I was kind of figuring I would need to do.
But a real bridge (I used to use them) would transparently bridge packets
from vif1.0 to eth1, right? This is what I never saw working, unless I did
things that made no sense (e.g. ifconfig xen-br0 192.168.0.65), and even
then I only got from domU to dom0. (it makes no real sense to me for a
*bridge* to have an IP address).
I would expect something working as a real bridge to allow me to do this:
ifconfig eth1 192.168.0.65
brctl  xen-br0 addif eth1
brctl  xen-br0 addif vif1.0
 
I am suprised that does not work. This is roughly what we are doing here. Let
me just go through the steps you need to do to set up the bridge - maybe that
will clarify something:
a) create the bridge:
brctl addbr xen-br0
ifconfig xen-br0 up
b) add the ip address of eth1 to the bridge (can also do it with ifconfig, but
ip is easier to use):
ip addr add 192.168.0.65 brd 10.212.4.255 scope global dev xen-br0
c) setup routing:
route del -net 192.168.0.0/24 eth1
route add -net 192.168.0.0/24 xen-br0
d) add eth1 to the bridge:
brctl addif xen-br0 eth1
The above sets up the bridge, then upon domain creation:
e) add virtual interface to the bridge:
brctl addif xen-br0 vif1.0
ifconfig vif1.0 up
That is all implemented in the two network scripts:
/etc/xen/scripts/network
/etc/xen/scripts/vif-bridge
So if you decide not to use them make sure to have them disabled.
All that should allow your unpriviledged domains to appear as if they were
connected to your local network (through a switch or whatever else).
In order to allow domU to access the internet you will have to:
a) set up routing on domU:
route add default gw 192.168.0.65
b) set dom0 to work as a NAT
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
Get back to me if that still does not work.
 
This is essentially wiring the two ifs up to xen-br0.
then I dhcp from domU and I would think packets ought to flow to
vif1.0->eth1, and eth1->vif1.0, broadcasts would flow across the bridge
transparently and, once the right MAC discovery happened, packets from
vif1.0 would make it to 192.168.0.1
I'm still not sure they didn't -- tcpdump seemed to think the DHCP
requests were going to eth1, but my home router didn't seem to think it
was seeing them. I will do a little more fooling around.
ron
 
Cheers
Gregor
 
-------------------------------------------------------
The SF.Net email is sponsored by: Beat the post-holiday blues
Get a FREE limited edition SourceForge.net t-shirt from ThinkGeek.
It's fun and FREE -- well, almost....http://www.thinkgeek.com/sfshirt
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/xen-devel
 | 
 
| <Prev in Thread] | Current Thread | [Next in Thread> |  | 
RE: [Xen-devel] nfsroot and brige, Adam Heath
RE: [Xen-devel] nfsroot and brige, Ian PrattRe: [Xen-devel] nfsroot and brige, (continued)
Re: [Xen-devel] nfsroot and brige, Keir Fraser
Re: [Xen-devel] nfsroot and brige, Ronald G. Minnich
Re: [Xen-devel] nfsroot and brige, Nivedita Singhvi
Re: [Xen-devel] nfsroot and brige, Leigh Brown
Re: [Xen-devel] nfsroot and brige, Keir Fraser
[Xen-devel] Re: nfsroot and brige, Nuutti Kotivuori
Re: [Xen-devel] Re: nfsroot and brige, Ronald G. Minnich
Re: [Xen-devel] Re: nfsroot and brige, Grzegorz Milos
Re: [Xen-devel] Re: nfsroot and brige, Ronald G. Minnich
Re: [Xen-devel] Re: nfsroot and brige, Grzegorz Milos
Re: [Xen-devel] Re: nfsroot and brige,
Adam Sulmicki <=
Re: [Xen-devel] Re: nfsroot and brige, Gregor Milos
Re: [Xen-devel] Re: nfsroot and brige, Mike Wray
Re: [Xen-devel] Re: nfsroot and brige, Grzegorz Milos
Re: [Xen-devel] Re: nfsroot and brige, Adam Sulmicki
Re: [Xen-devel] nfsroot and brige, Keir Fraser
Re: [Xen-devel] nfsroot and brige, Chris Andrews
Re: [Xen-devel] nfsroot and brige, Jan Kundrát
Re: [Xen-devel] nfsroot and brige, Ian Pratt
 |  |  | 
  
    |  |  |